Advice on tuning-up a charity's network

Status
Not open for further replies.

swishsticks

Posts: 6   +0
Although I’m not an expert, I’ve agreed to help check and tune-up the computers for a charity which provides a helpline and counsellors for adults and children with emotional problems.

All the people staffing it are volunteers, including my girlfriend, who has told me that no-one maintains the computers there and hasn’t done for a couple of years or so. Which means they're in a less than optimal state. So they’re happy for me to come in and do it on an ‘as-is’ basis. None of the people in the office have more than very basic computer literacy when it comes to the system side.

I’m going in on Monday and would like someone more experienced to check over what I plan to do and make any suggestions necessary to do a good job.

The reason I’m posting here is that it's a collection of tasks encompassing security and optimisation in a network. Although I’ve done all the tasks listed below on our two stand-alone computers at home, I’m not familiar with what changes might be needed when doing these tasks on a network, nor about what I should be doing to optimize the network.

From what I’ve been told, there is a small network of three computers. Only one has e-mail access. Don’t know why that is, but it means everyone has to go to that computer to see if there’s any mail. That needs to be fixed. Perhaps their Internet Service Provider only recognises one computer as being eligible to access its mail server.

Another network problem is that when one user creates a document and saves to to the network drive, other users can't always open it, sometimes getting a message that it's being used.

The computers are about three years old, and she told me they have XP and Office, with Internet Explorer. I assume XP Pro, but maybe not. I asked who has administrator rights, but she’s not sure. She says they do not have log-on passwords, but just turn on the computers and use them…

Basic network questions

A) Do I need to disconnect the computer I’m checking from the network while I do any of the tasks below, and if so, what’s the simplest and safest way to do so?

B) I’m used to cleaning and defragging the local hard drive. Can I do the same thing in the same way for the network drive?

C) Over and above the tasks below, what’s a good way to check the current network situation and optimise it? Perhaps it would also be good to set up a password login system to improve security, but I don’t know really how to set that up and define users and user rights.

Task list (in the order I plan to do it)

1) Basic system info. collection – disk space, ram, OS version etc. Will run Belarc Advisor on each computer.

2) Backup – I haven’t used this feature before, but if they have XP Pro I’ll give it a try. How much space will I need for the backups? I thought I would try to put the files onto a CD, but I'm not sure which files to select for backup.

3) Create a system restore point.

4) Virus scan – they apparently have Norton AV, but complain they get a lot of viruses in their e-mail. They get updates from Norton every so often (maybe every two weeks?) but since they have to pay for this service they would consider an alternative.

I will use the Norton first, and maybe an online scanner like Panda if the virus definitions are not very fresh. If necessary, will turn off system restore to remove any viruses from backups. Would it be worth uninstalling Norton and installing AVG Free Edition? I don’t know if it would work on a network.

Log on to their ISP, since I know it has a service to check e-mail for viruses and spam at the server level. Once I activate this it should remove most of their incoming junk, which the volunteers have not been able to get under control.

5) Install Spybot and scan for malware. Install Spyblaster and protect IE settings. Look at IE configuration and set security to medium-high. Check Advanced list to ensure secure options are selected. Delete temp files from IE.

6) Use Windows Update to download and install most recent OS files. Is there anything I need to know about upgrading OS files to a computer that’s on a network? If they have not installed SP1 yet, do I need to do that first, or can I go straight to SP2? Create/check for a system restore point.

7) Check to see if they have most recent Service Pack for their version of Office. Install as necessary. Create/check for a system restore point. Check Outlook security settings.

8) Run Windows Disk Cleanup. Run a freeware utility called Find Junk Files.

9) Use a program called Ace Utilities to do a registry clean, clean up the drive some more, check start-up list and fix broken shortcuts. Will also check start-up list in msconfig.

10) Install Zone Alarms Free Firewall on each computer which has internet access (all of them, I think). How does this program work on a network, and do I need to change any of the usual settings I have at home?

11) Check the list of installed programs and uninstall those not needed.

12) Defragment the drive, using a trial version of Perfect Disk. What’s the best to defrag a computer that’s on a network? Should I disconnect it first?

13) Create final system restore point, check programs to make sure everything is functional, and then delete earlier restore points.

Any suggestions on the above or ideas for extra interventions will be very much appreciated. If I encounter any unexpected problems on Monday , I’ll post them here too.

Thanks very much for your time.

Swish
 
Oh boy! You need to be very careful when doing this kind of job. You have for too many requirements to go through it all via keyboard. But you really should take note of the following points. As you are dealing with 'real people' and their information think of the data protection act, who pays if you get it wrong, you really do need to know how to set up users and security if you paln to network them properly otherwise there's no point to it all, what about backups? This list is not exhaustive but I suggest you are REALLY careful. Let me give you a clue, it cost me over £800.00 per year for professional indemity insurance but if I ever claimed I wouldn't be able to get cover anymore! My personal opinion is get a professional to do it and save yourself a whole world of hurt. Good luck, I think you'll need it.
 
Thanks for your reply, and I take your point. I'm realistic about my lack of knowledge regarding networks, which is why I told them I would be doing just basic maintenance and upkeep - virus and malware checking, updating OS files, cleaning up and defragging hard drives, improving security settings, that kind of stuff. Even that will be a big improvement on where they are now.

As for the networking side, I just thought I'd ask for a few comments on the differences from maintaining a stand-alone computer and on how to do a few basic diagnostics of the network, but I'm not planning anything ambitious. I might rather be the person to say 'You need to get someone in to sort out your network, because it goes beyond basic maintenance'.

If they have to get a professional to come in and do the networking, they will not need to pay him for the time-consuming and largely routine stuff which I plan to do. So it's still a benefit to them.

Swish
 
Start by cleaning out temporary internet files and other debris.
Burn personal data for each PC on a CD.
Restart each PC in safe mode, do a chkdisk on all drives/partitions, then run a full defrag (overnight probably, depending on HD-size).

Buy a router with built-in switch for 5-8 PCs and a built-in firewall.
See if you can get one with built-in printserver as well, possibly for both USB and parallel printer-connections.

Check that there is a 10/100MB ethernet (RJ45) card or built-in connection in each PC for networking. Don't bother with USB-network components.

Then setup the network.
A few basic setups when networking:

Router-setup WAN:
Protocol: Fixed IP
IP-address, Subnetmask and default Gateway: as per ISP-information
DNS-servers: as per ISP-information
Enable NAT

Router-setup LAN:
IP-address: set to e.g. 192.168.1.254 (or use router-default)
Subnetmask: 255.255.255.0
DHCP-server: disable

Router: Some System-settings (depending on your router)
Optional SNTP (time): e.g. 194.35.252.7 for UK/Ireland (GMT)
uPnP: disable
Dynamic routing: disable
Remote config: disable
Dynamic DNS: disable
Firewall: Block hacker attack: enable
Firewall: Block WAN request: enable
VPN: disable all settings unless you need it

PC-Settings
Internet Protocol (TCP/IP)
Use the following IP address: 192.168.1.101 (102, 103 etc.)
Subnetmask: 255.255.255.0
Default Gateway: 192.168.1.254 (IP-address from your Router)
Use DNS Server address: 192.168.1.254 (IP-address from your Router)
Second DNS: leave blank or put in first DNS-server from WAN-part in Router

Enable File/Printer sharing if you wish (works only within local network)
Check individual printer(s) that they are shared as well (in printer-settings)

And make sure all your PCs are in the same WORKGROUP.

If software firewall installed, enable the other PCs IP-address(es)


That should get you started.
 
Make them stop using Outlook Express / IE at all if possible. People in charities often like the idea of other people sharing things for free : advise them to use Firefox / Thunderbird. Install it and show them that it's better and more secure. Those programs will import the OE / IE settings by themselves.
 
Thanks for your replies.

I use Firefox/Thunderbird myself, but I think I'll hold off on introducing it to them for the moment, until the first official builds come out. IE is still needed for Autoupdates anyway (thank you Microsoft for not recognising any browser other than your own).

Digit Alex, you may know the charity I'm talking about, because it's in Brussels. It staffs a helpline for expatriates. Small world , eh?

Swish
 
Oh okay hehe. You can PM me with your msn address if you want as I have some ideas for you, I'm also helping an association for general administration tasks. Don't know what charuty exactly you are talking about though.
The world is not small, it's microscopic ;)
 
http://www.dhcp-handbook.com/dhcp_faq.html
The DHCP RFC specifically says that DHCP is not intended for use in configuring routers. The reason is that in maintaining and troubleshooting routers, it is important to know its exact configuration rather than leaving that to be automatically done, and also that you do not want your router's operation to depend upon the working of yet another server.

It may be possible to configure some types of more general-purpose computers or servers to get their addresses from DHCP and to act as routers. Also, there are remote access servers, often which are usually not true routers, which use DHCP to acquire addresses to hand out to their clients.

In other words, DHCP hands out IP numbers on a come-as-you-go basis.
With Fixed IPs, this is no longer needed, so you can switch it off, less overhead.
 
Just an update on my visit to this charity's office.

I did basic disk operations (e.g. dskchk /r) and cleaned up their three computers for malware. They were all infested with adware and a parasite program called Hotbar. One computer had the Netsky.P worm. I removed all that and installed anti-spyware programs. They have been getting 80-100 infected e-mails per day, so I activated their ISP's spam and virus checkers to remove these e-mails at the ISP level.

The computers have Norton System Works, which I guess is not a bad all-in-one tool, even though it hogs resources and is a bit bloated. It's just that no-one has ever used it! They will continue to use Norton AV, as they recently reactivated a subscription which had expired.

The OS is XP Home Edition, not yet updated to SP2, but otherwise up to date. Disks were around 50% fragmented. That's a task for my next visit, as I want to do it before I download SP2 using Automatic Updates.

They all log on with different user profiles, which means there are about six on each computer, including people who are not there anymore. I think they all have Administrator rights. Everyone 's work is saved under 'My Documents', which is not a good system for shared work and makes information retrieval difficult for other users. No passwords are used to logon.

The way that the volunteers work is that they have rotas of coming in for a couple of days each per week, so they drop in and out of the office a lot and often someone needs to pick up on the work of someone who isn't in that day. They also sometimes switch terminals.

What I would like to do is to set things up to enable the following;

A More secure computing by the users.

B As much sharing of documents as possible, ideally with everyone being able to see all the other volunteers' work.

This is how I think their computer use could be improved and made more secure. I'd be grateful if anyone could have a look at this and see if I'm on the right track.

1)Delete all user profiles except for two on each computer. The first would be an Administrator account, with password logon. The other would be a Limited User account (no password), which would be one profile per computer for all the volunteers to use.

To be honest, given their unawareness of secure computing they can't be trusted with Administrator rights. This should improve system security and help with information retrieval by reducing the number of profiles and encouraging them to see their work in terms of shared tasks and projects.

The way I would do it: pick one of the existing profiles (call it A) and transfer into Profile B all personal files from 'My Documents' of user profiles C, D and E . Then I would turn Profile B into a Limited User account and delete the other profiles. Profile A would be renamed the Administrator profile.

They would thus see two profiles on the Welcome screen.

If I do this for each computer (3), I will end up with three Administrator profiles and three Limited User profiles. (Maybe call them Volunteer 1,2,3).

Would it be better to set it up so that there is one Administrator and one Limited User profile which works across all three machines? Or one Administrator and three user profiles? I'm not sure how to set that up. Something to do with local users versus domain users?

2)Uninstall Norton Firewall (it seems to have expired anyway) and install Zone Alarms firewall.

3)Make one person responsible for basic computer maintenance as an ongoing task, and give them the Administrator responsibility. This profile only to be used as necessary, not as a default option.

4) Is 'Shared Documents ' a good folder for everyone to put in their work, rather than My Documents' ? That way, any user could see what work has been done. What's the best way to share documents on a network?

If anyone has experience in setting something like this up, I'd be glad of a few tips and how-tos. I'm a bit out of my depth, although I feel I'm kind of on the right lines.

Thanks very much !

Swishsticks
 
Adrian, using fixed IP has e.g. the advantage, that you can stop a specific IP from accessing the web. My daughter has her own PC in her room, and can access other PCs in our home-network (if she would know how), but she can not go on the Internet by herself (I blocked her IP in my router).
She can only do so on my wife's PC, under supervision of an adult.
 
Status
Not open for further replies.
Back