WindowsNetworking.com Newsletter of April 2008

WindowsNetworking.com Monthly Newsletter of May 2011 Sponsored by: ManageEngine

Welcome to the WindowsNetworking.com newsletter by Debra Littlejohn Shinder, MVP. Each month we will bring you interesting and helpful information on the world of Windows Networking. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to: dshinder@windowsnetworking.com

Are you using multiple tools for your network management needs?

Put a stop to the daily searches, downloads and confusing reports that come along with disparate management tools! OpManager is a network and IT infrastructure monitoring solution that offers advanced fault and performance management functionalities across WAN links, VoIP services, network devices, servers (virtual and physical), services, applications, databases and other IT infrastructure devices.

Try a free copy of OpManager today; the one-stop shop for complete IT infrastructure management.

1. Having Fun with Home Remote Access

I had the chance to work with some friends last weekend and they had a few Windows Server 2008 R2 licenses to play around with. They asked me for some advice on using Windows Server 2008 R2 to create some kind of remote access solution to their homes. I said "you bet! - There are a lot of things you can do with Windows Server 2008 R2 to enable remote access to your home networks."

Now I need to tell you that these guys don't have "your little sister's home network," where there is a NAT device on the edge that also acts as a WAP. These folks actually work at home so it's both a home network and a work network. They have CAT6E cabled networks with drops to each room that terminate at a patch panel in their server rooms. These guys do lots of experimentation and so there are years' worth of accumulated old hardware in their server rooms, and they have multiple network segments mapped out because they've tested things with a variety of DMZ configurations and internal segmentation schemes.

All of which is to say that these guys are pretty smart and they wanted do to something useful and it didn't have to be simple. So I thought about the options and figured we could do one or more of the following:

  • Set up a Remote Desktop Services server together with a Remote Desktop Gateway. The Remote Desktop Gateway would allow them to tunnel RDP connections over an SSL tunnel, so even if they were located behind a firewall that blocked outbound RDP, they could still sneak through the "universal firewall port" of TCP port 443
  • Install a VPN server behind the NAT device they're already using. We thought about putting the Windows Server 2008 R2 RRAS on the edge, but they are using DHCP for their public address, and sometimes the NAT devices provided by the telco are tweaked to receive the public addresses and problems can occur if you introduce your own gear on the edge. No problem - we'll just put a VPN server behind the NAT device.
  • Regarding the VPN server, we had to think about which VPN protocols to use. Of course, they were already using Windows 7 clients and loving the OS, and the same was true for their family members. Given that Windows 7 was the client of choice, we decided SSTP should be the VPN protocol of choice. SSTP will allow them to VPN to their home network without having to worry about firewalls, because SSTP tunnels the VPN connection inside an SSL tunnel, which again allows it through firewalls that enable the "universal firewall port" of TCP port 443.

Anything else other than RDP/RDG and VPN? There are some web services that we could publish, but since they only had a single public IP address, that would get tricky without a web proxy server.

What do you think? What else could these guys do with a basic Windows Server 2008 R2 to make for a high performance, high fidelity end-user experience so that they can get what they need at home? What have you done on your home/home office network to give it all the functionality of an enterprise setup? If you use Windows Server 2008 R2 at home, let me know!

Let me know! Send me a note at dshinder@windowsnetworking.com and I'll share your comments.

See you next month! - Deb.

By Debra Littlejohn Shinder, MVP
dshinder@windowsnetworking.com

=======================
Quote of the Month - "A man begins cutting his wisdom teeth the first time he bites off more than he can chew." - Herb Caen
=======================


2. ISA Server 2006 Migration Guide - Order Today!

Dr. Tom Shinder's best selling books on ISA Server 2000 and 2004 were the "ISA Firewall Bibles" for thousands of ISA Firewall administrators. Dr. Tom and his illustrious team of ISA Firewall experts now present to you , ISA Server 2006 Migration Guide. This book leverages the over two years of experience Tom and his team of ISA Firewall experts have had with ISA 2006, from beta to RTM and all the versions and builds in between. They've logged literally 1000's of flight hours with ISA 2006 and they have shared the Good, the Great, the Bad and the Ugly of ISA 2006 with their no holds barred coverage of Microsoft's state of the art stateful packet and application layer inspection firewall..

Order your copy of ISA Server 2006 Migration Guide. You'll be glad you did.


   Click here to Order
   your copy today

Are you using multiple tools for your network management needs?

Put a stop to the daily searches, downloads and confusing reports that come along with disparate management tools! OpManager is a network and IT infrastructure monitoring solution that offers advanced fault and performance management functionalities across WAN links, VoIP services, network devices, servers (virtual and physical), services, applications, databases and other IT infrastructure devices.

Try a free copy of OpManager today; the one-stop shop for complete IT infrastructure management.

3. WindowsNetworking.com Articles of Interest

4. Administrator KB Tip of the Month

Identify a Failing Laptop Battery using Powercfg

Here's a tip on how you can use the Powercfg command in Windows 7 to identify a laptop battery that might be failing. Simply run the following command in a command prompt window:

powercfg -energy

Doing this will generate a report that can help you identify any issues with regard to your computer's power management settings. Typical output will include a Battery section that might look something like this:

Battery: Battery Information
Battery ID 00860 2009/02/13Hewlett-PackardPrimary
Manufacturer Hewlett-Packard
Serial Number 00860 2009/02/13
Chemistry LIon
Long Term 1
Design Capacity 73440
Last Full Charge 53480

Look at the last two lines of this section of the command output. If the Last Full Charge value is significantly less than the Design Capacity value, then that's an indication that your battery isn't holding enough of a charge anymore and may be starting to fail.

For more administrator tips, go to WindowsNetworking.com/WindowsTips

5. Windows Networking Tip of the Month

A Dynamic Host Configuration Protocol (DHCP) split-scope configuration using multiple DHCP servers allows for increased fault tolerance and redundancy over using only one DHCP server. The new Split-scope Wizard in Windows Server 2008 R2 replaces the more error prone manual split-scope configuration method used in earlier versions of Windows Server. Check out this great step by step guide on how to test the new split scope wizard here.

Are you using multiple tools for your network management needs?

Put a stop to the daily searches, downloads and confusing reports that come along with disparate management tools! OpManager is a network and IT infrastructure monitoring solution that offers advanced fault and performance management functionalities across WAN links, VoIP services, network devices, servers (virtual and physical), services, applications, databases and other IT infrastructure devices.

Try a free copy of OpManager today; the one-stop shop for complete IT infrastructure management.

6. Windows Networking Links of the Month

7. Ask Sgt. Deb

QUESTION:

Hey Deb,

If I had the theoretical "ten dollars" to spend on security, how should I spend it? Should I spend most of it on network centric security devices or should I spend it on security operating systems or should I spend it on creating processes and procedures and systems of measurement and accountability?

Thanks! - Randy.

ANSWER:

Hi Randy,

Your question is really topical because a lot of firms are looking at the same problem. Historically, admins were faced with either buying a nice new shiny piece of network hardware or maybe upgrading their operating systems in order to feel as if they've made a significant impact on network and computer security. It certainly made the sales guys happy! However, as our industry has matured, it's clear that it's often not what type of network gear you have or what operating system you're running that matters most; it's the processes and procedures that you have in place and how seriously you take the task of enforcing them. Focusing on processes and procedures makes it clear that the security issue is never "solved," rather it's a journey. I'd say you should spend $1 on new network hardware, $4 on upgrading your operating systems, and $5 on ITIL or MOF training. Put most of it into procedures and processes and you'll be a lot more secure.

Are you using multiple tools for your network management needs?

Put a stop to the daily searches, downloads and confusing reports that come along with disparate management tools! OpManager is a network and IT infrastructure monitoring solution that offers advanced fault and performance management functionalities across WAN links, VoIP services, network devices, servers (virtual and physical), services, applications, databases and other IT infrastructure devices.

Try a free copy of OpManager today; the one-stop shop for complete IT infrastructure management.

TechGenix Sites

ISAserver.org
The No.1 Forefront TMG / UAG and ISA Server resource site.
MSExchange.org
The leading Microsoft Exchange Server 2010 / 2007 / 2003 resource site.
WindowSecurity.com
Network Security & Information Security resource for IT administrators.
VirtualizationAdmin.com
The essential Virtualization resource site for administrators.