=====================================================
Setting up a Home Network
=====================================================

-----------------------------------------------------
Static or Dynamic IP Addressing Scheme
-----------------------------------------------------

The first decision that a user has to make is whether or not they wish to use a static or automatic IP address. Generally in the home or small business network, a static IP

address is ideal. A DHCP server is required for dynamic addressing, which is not a logical when there are only three or four computers on the network. However, some routers play a secondary role of DHCP.


To set an IP address:
1. Open the "Network Connections" from within the 'Control Panel'
2. Right-click the 'Local Area Connection'
3. Select 'Properties'
4. Select 'Internet Protocol (TCP/IP)'
5. Click 'Properties'
6. If you wish to use dynamic addressing, select 'Obtain IP address automatically'
7. For a static address, select 'Use the following IP address'
8. It is recommended to use a class C private network address
9. Insert an IP address e.g. 192.168.1.2
10. Insert a subnet mask of 255.255.255.0
11. For the default gateway, insert your routers address. If the router address does not match the address of your network, you will have to change the router address.
12. Apply the changes

-----------------------------------------------------
Joining a Workgroup
-----------------------------------------------------

To join a peer to peer network, you will first have to join a workgroup. A workgroup is a group of computers that directly connect and communicate with one another. A workgroup

is often used in small businesses of less then ten computers or in the home environment.
To join a workgroup:
1. Right-click on the "My Computer" icon on the desktop.
2. Select "Properties".
3. Select the "Computer Name" tab.
4. Click the "Change" button.
5. Within this new window, select workgroup.
6. Type in the workgroup name.
7. Click OK
8. In the system properties window, click OK
9. You will have to restart the computer, so do so now.

-----------------------------------------------------
Adding a Local User
-----------------------------------------------------

The computer management console is needed to add a local user. A local user is a user based on the local machine. The user documents and settings for this user is available only

from the local machine.

To add a new local user:
1. Right click "My Computer" on the desktop.
2. Click "Manage"
3. Within the Computer Management console, expand "System Tools"
4. Expand "Local Users and Groups".
5. Right-click "Users".
6. Click "New User".
7. Type in the preferred "User Name".
8. It is optional to type in the users full name and a description.
9. Tick "User must change password at next logon". This is essential to keep user passwords private.
10. Click "Create".
11. Click "Close".

-----------------------------------------------------
Creating a Local Group
-----------------------------------------------------

The "Computer Management Console" is needed to add a new group. Groups are added to help control user rights and access. This is a must for security reasons within a network.
To create a local group:
1. Right click "My Computer".
2. Click "Manage".
3. Expand "Local Users and Groups".
4. Right-click "Groups"
5. Select "New Group".
6. Type in a group name.
7. Click "Create".

-----------------------------------------------------
Adding Users to Groups
-----------------------------------------------------

To be able to use groups in share and security permissions, it is essential to add users to their appropriate group. This makes it possible to administer user access through a

group level.
To add a user to a group:
1. Right click "My Computer".
2. Click "Manage".
3. Expand "Local Users and Groups".
4. Select "Users".
5. Double click on the user you wish to put into a new group.
6. Select the "Member Of" tab.
7. Select "Add".
8. Type in the group name (it must already exist).
9. Click "Check Names" to be sure that you input the correct group.
10. Select "OK".

-----------------------------------------------------
Sharing a Folder
-----------------------------------------------------

Within a Peer to Peer network, you can select to share folders and resources. This is often used to share documents such as payroll information.
To share a folder:
1. Right-click on the folder you wish to share.
2. Select "Sharing and Security".
3. From within the "Sharing" tab select "Share this folder".
4. Input a "Share Name". This can be different from the local folder name.
5. Select the amount of people you wish to allow access to the share at the one time. Maximum allowed is ten.

-----------------------------------------------------
Setting Share Permissions
-----------------------------------------------------

Share permissions can be set to allow a user or group to access a resource over the network. Note that share permissions only apply over the network. By default, Windows XP,

after service pack 2, sets "Everyone" to "Read". To set share permissions:
1. Select the user or group you wish to set permissions for.
  a. If the user or group is not listed, select "Add" and type in the user or group name.
  b. Click the "Check Names" button to make sure you selected the correct user or group.
  c. Click "OK".
2. Select which permissions you wish the user or group to have.
  a. "Full Control" allows a user to set the permissions for the folder, delete the folder and add, read and change the folder contents.
  b. "Change" allows the user to add new documents, change existing documents and delete files and folders within the shared folder.
  c. "Read" only allows the user to read and execute the folder contents.

-----------------------------------------------------
Setting NTFS Permissions
-----------------------------------------------------

NTFS permissions apply on the local machine and over the network. NTFS permissions are used to secure folders and files and are much more secure than Share permissions. To set

NTFS permissions:
1. Right-click the file or folder you wish to set NTFS permissions for.
2. Select "Properties".
3. Select the "Security" tab.

Note: If you cannot see the security tab, you will need to turn off simple file sharing. To do so, within a folder, select tools > folder options > view and then uncheck the

'Use simple file sharing' tab.

4. In the 'Security' tab, select the user or group you wish to set permissions for.
a. If the user or group is not listed, select 'Add' and type in the user or group name.
b. Click the 'Check Names' button to make sure you selected the correct user or group.
5. Select the permissions you wish to set for the user or group.
  a. 'Full Control' allows the user or group to set new permissions on the file or folder, take ownership and perform all other NTFS permissions
  b. 'Modify' allows the user to delete the file or folder, read, write and execute the folder contents.
  c. 'Read and execute' allows the user view all files and subfolders, execute and read contents.
  d. 'List folder contents' allows the user to view but not open the contents within a folder.
  e. 'Read' allows the user to view the files within the folder.
  f. 'Write' allows the user to create new files and folders within the folder. It does not allow a user to delete files within the folder.

NTFS permissions are cumulative. If a user is assigned to multiple groups, the permissions are added up, for example; if a user is part of a group that has read and write

permissions, and the user is also a part of a group that has full control, the user will have full control.
Deny overrides all other permissions. It is recommended that you don't assign deny to any group or user.
When NTFS and Share permissions are combined over the network, the most restrictive permission applies.

-----------------------------------------------------
Setting Up a Local Security and a Local Group Policy
-----------------------------------------------------

A Local Security Policies and Local Group Policies are permissions that can be assigned to the local user, the local group and the local machine. These may allow / disallow a

user to access resources and other privileges. These permissions are set through a snap-in in the Microsoft Management Console (MMC).

-----------------------------------------------------
Creating an MMC Snap-in for Local Security and Group Policies
-----------------------------------------------------

1. From the 'Start Menu', select 'Run'.
2. Type in 'MMC' and click 'OK'.
3. Within the 'Console Root', click 'File'.
4. Select 'Add / Remove Snap-in'.
5. Within the Snap-in Menu, select 'Add'.
6. From within the 'Add-Standalone Snap-ins' window, select 'Group Policy Object Editor.
7. Select 'Add'.
8. Select 'Close'.
9. Select 'Finish'.

-----------------------------------------------------
Setting up Account Password Policies
-----------------------------------------------------

1. Within the new MMC console you just created, expand the 'Local Computer Policy' tab.
2. Expand the 'Computer Configuration' tab.
3. Expand the 'Windows Settings' tab.
4. Expand the 'Security Settings' tab.
5. Expand the 'Account Policies' tab.
6. Select 'Password Policies'.
7. Within the 'Password Policies' tab, different options can be set:
  a. 'Enforce Password History' forces the user to change their passwords to something different depending on how many passwords the computer remembers.
  b. 'Maximum Password Age' forces the user to change their password after the selected time limit has expired.
  c. 'Minimum Password Age' disallows the user to change their password until the time period is up.
  d. 'Minimum Password Length' forces the user to set a password that reaches specified amount of characters.
  e. Leave the next two disabled.
8. Select the 'Account Lockout' tab.
a. 'Account Lockout Duration' sets the time a user will be locked out of their account. Select '0' if you wish for the Administrator to unlock the account.
b. 'Account Lockout Threshold' sets the number of times a user can type an invalid password.
c. 'Reset Lockout Counter After' sets the time before the 'Lockout Threshold' is reset.

-----------------------------------------------------
Removing the Run Command from Start Menu
-----------------------------------------------------

1. Within the MMC console you created, expand 'User Configuration'.
2. Expand 'Administrative Templates'.
3. Select 'Start Menu and Taskbar'.
4. In the corresponding window, double-click 'Remove Run menu from Start Menu'.
5. Select 'Enabled'.

-----------------------------------------------------
Show only specified Control Panel Applets
-----------------------------------------------------

It is essential to show only specified control panel applets for a security measure. This stops unauthorised changes to the system configuration. To do so:
1. Within the MMC console you created, expand 'User Configuration'.
2. Expand 'Administrative Templates'.
3. Select 'Control Panel'
4. Double-click 'Show only specified Control Panel applets'.
5. Select 'Enabled'
6. Select 'Show'.
7. In the 'Show Contents' window, select 'Add'.
8. Type in the name of the applet you wish to enable.
9. Click 'OK'.
10. Click 'OK'.

-----------------------------------------------------
Saving an MMC console
-----------------------------------------------------

It is often a good idea to save a console you just made. This makes it easier to set new permissions or remove old permissions later on. To save the MMC console:
1. Select 'File'.
2. Select 'Save As'.
3. Name the console.
4. Click 'Save'.

------------------