Embed Size (px)
Citation preview
Configuring Windows 10 to work with Ideal
General configuration Settings for both servers and workstations
Desktop icons
To add icons to your desktop right click on the desktop and click on personalize. Then click on Themes
and on the right side of the window you should see the option for desktop icons. Check the icons you
want to see on your desktop and click on ok.
Control panel
With the control panel Icon now on the desktop you can double click on control panel. On the right
hand side of the screen you will need to change the view by to Small icons.
User account Control
Once you have changed the view settings you will need to turn off user account control settings, so click
on user accounts and that will bring up the user account screen. Click on Change user account control
settings.
Once in the user account control setting slide the bar down to never notify and click on ok to close the
window.
File Explorer Options
Now go back to the control panel by either clicking on the back arrow at the top of the window or click
on the all control panel icons. We need to change the file explorer settings so click on file explorer
options. This will open up the file explorer options window. Uncheck hide extensions for known file
types and Use sharing wizard and then click on ok to close this window out.
Programs and Features
Next we need to install dot net framework 3.5. To do this click on programs and features. Then in the
left hand corner click on turn windows features on or off. Check dot net framework 3.5 and click ok.
Next it will prompt you to download the files from windows update. Once that is done you can close out
of the window.
Windows settings
By either typing settings into search, or by clicking on the notification box next to the clock in the lower
right hand corner go into settings. There are many options in here that can be changed, but only a few
that Ideal recommends:
The First setting will be in Devices, so click on devices and that will bring you to another screen. The first
tab is the printers & scanners tab. By default windows manages your printer by setting the default
printer to the last one used, so if you have more than one printer could cause problems. We
recommend you change it to off.
Windows Firewall
Ideal does not recommend using the windows firewall, if you want to use it you will have to add
exclusions to the server firewall. In addition to adding the ideal program you will have to allow
individual ports as well. The ports you need for just the ideal program on the server will be:
Internal ports 3050 from the workstations to the server
External ports 20,21 7777, 7778 incoming from the server and workstations
User Accounts and Network settings.
If Ideal has setup your computers or if you bought computers from us, most likely Ideal has set you up
in a workgroup environment and setup the usernames and passwords for the computers. If we have,
call us and we will setup up your computer accordingly. If your computers were setup by yourself or
someone else then you will need to get the computer to talk to the server / workstations before
calling to get ideal installed.
A Simple Network Definition
If you have more than one computer, or if your one computer connects to the internet, then you have
a Network. Your network probably contains Client computers, and Server computers. Your network
contains one or more groups of computers (even with one computer, you have a group of one)
‐ Domains, and / or one or more Workgroups.
If your computer accesses data on another computer ‐ either another computer that's yours, or
that's on the Internet, then you have a Client.
If your computer provides, or offers to provide, data to another computer, you have a Server.
Most Windows computers perform as both clients, and servers, at the same time.
Membership in a domain or workgroup gives the ability to easily identify the computers that you
need access to the most. That is other computers in your domain or workgroup.
If your network includes a special Server that validates access for another Server, you have a
Domain.
If validation of access on your Network simply consists of setting up an account on each
individual Server (and maybe a matching account on the Client), then you have a Workgroup
Domains / Workgroups
Computers are grouped in domains or workgroups, with membership in either grouping providing
benefits.
We can browse My Network Places (known sometimes as "Network Neighborhood"), and see all nearby
computers. The workgroup that we are in is the part of My Network Places that is nearest to us ‐ those
are the computers that we need access to the most. A workgroup provides a way of identifying the
computers that relate closely to our computer.
A domain, on the other hand, is a collection of computers that trust each other. When your computer is
joined to a domain, it sets up a two way trust, where the computer and the domain are trained to trust
each other.
1. You authenticate (login as a local administrator) to your computer.
2. You allow a domain administrator to authenticate to the domain from your computer.
3. Your computer learns to trust the domain. A "certificate" from the domain is added to your
computer.
4. The domain learns to trust your computer. A "certificate" from your computer is added to the
domain.
The domain membership also gives workgroup visibility. You see the other members of "your" domain.
as you would see the other members of "your" workgroup. But the two way trust in the domain is
special.
You gain access to your computer thru domain authentication ‐ you trust the domain, based
upon the certificate from the domain that's now on your computer, and upon the credentials
(domain account / password) that you supply.
You gain access to domain resources in a similar way, from the certificate from your computer
that's now in the domain, and from the credentials that you supply.
Other people in your work area, and presumably in your domain, can potentially access your
computer, as you access theirs.
Most small LANs will use workgroups, although small domains are worthwhile. Domain
membership provides two components ‐ Authentication / authorization, and Browsing.
Workgroup membership provides one component ‐ Browsing. Workgroup membership provides
no authentication / authorization; that must be provided by redundant accounts setup on both
the client and the server.
Outside of becoming invisible in Network Neighborhood, by changing your domain / workgroup
membership, you are not adding to your security at all. Becoming invisible is simply a form
of Security By Obscurity. If you're on a network with untrustable computers or people, making
yourself invisible won't protect you; you need Layered Protection, including a perimeter and / or
personal firewall.
Name To Address Resolution
You might call the computer in your kitchen "Kitchen Computer", but it's a safe bet that your equipment
will call it something more definitive, like "192.168.0.101" (an IP address), or "06‐04‐7A‐D7‐EF‐BA" (a
MAC address). The IP address, and the MAC address, are used by the various operating systems and
network devices, to send messages from computer to computer.
The process of translating a name like "Kitchen Computer" to an IP address like "192.168.0.101" is called
name resolution. Name resolution is provided independently of domain / workgroup membership. A
domain may contain a DNS or WINS server, but that's not a given. Less likely, but still possibly, a
workgroup may contain either. Without a name resolution server, all computers use peer‐peer name
resolution. Please don't confuse peer‐peer resolution with Node Type "Peer‐Peer", which is just the
opposite.
If your network (domain or workgroup) is setup properly, but does not contain a DNS or WINS server, all
computers will use peer‐peer broadcasts to resolve names. Using IP addresses to refer to computers
should not be necessary, except in extreme situations. And, if you're using an alternate protocol, an IP
address won't work at all.
Browsing
Each domain / workgroup uses a browser server to tell it what resources are out there. For every
domain / workgroup on a network, there should be at least one browser server in that domain /
workgroup.
You can have computers in a workgroup, sharing a network with a domain. If a workgroup has its own
browser server, the computers in the workgroup can see each other, and can see the computers in the
adjoining domain.
If a workgroup has no browser server, its members will still be able to see each other, and the
computers in the domain, if you make the workgroup name identical to the domain name. If you have a
computer that's not a domain member, AND you give that computer a workgroup name identical to the
domain name, the browser servers in the domain will provide visibility between that computer and the
computers in the domain.
Server Access Authorization
Authorization for network access, to shared data on any Windows server, requires you to make appropriate permission entries in two distinctly separate Access Control Lists. Both lists are accessed, as indicated, from Folder Properties.
Share Permissions ("Sharing - Permissions").
NTFS Permissions ("Security").
Note that the term Windows server can refer to a computer running any actual server Operating System, such as:
Windows 2003 Server Windows Server 2008 Windows server 2012
or it can refer to a computer running any desktop operating system, and working as a server. Any Windows desktop operating system will run as a server, unless otherwise configured.
Windows 7 home or Professional Windows 8 home or professional Windows 10 home or Professional
Also note that, while Home versions use Access Control Lists, you cannot generally view or edit them without special procedures. Share Permissions are explicitly for network access, and NTFS permissions are for local access. Network access requires the sum of the two. You need everyone, a relevant Local Group, or the specific account, setup with sufficient rights in BOTH lists. A simple procedure is to grant Full rights to Everyone, on the share permissions, then grant restrictive rights to the individual accounts or groups, on the NTFS permissions. A more complex procedure is to set both share permissions, and NTFS permissions, precisely as required (and no higher than required) for each specific account or group. The resulting network rights are the more restrictive of the two lists, if different.
If Everyone has Full Control for Share Permissions, and an individual account has Read for NTFS Permissions, network access, for the individual account, will be Read. The owner of that account will have read-only access, whether accessing network shares, or when using the server from its desktop.
If Everyone has Read Access for Share Permissions, and an individual account has Full Control for NTFS Permissions, network access, for the individual account, will still be Read. The owner of the account will have write access when using the server from its desktop, but like everybody else, will have read access when accessing network shares.
In cases where some files or folders are accessible, but not others, the NTFS permissions may be corrupt. You have various possible remedies here.
Correct the problem from the Security tab.
If the files and folders in question have been properly setup and shared as above, and you're getting only partial access (maybe Read, although you intend to grant Write access), check both the Share and NTFS Authorization lists. Remember that if you grant access, to the share in question, to "Everyone", that refers to Everyone who is properly authenticated. Either a properly setup Guest account (on the server), or non-Guest account (for a workgroup, on both the client and server, with matching passwords), is still required.
What's a homegroup? A homegroup is a group of PCs on a home network that can share files and printers. Using a homegroup makes sharing easier. You can share pictures, music, videos, documents, and printers with other people in your homegroup.
You can help protect your homegroup with a password, which you can change at any time. Other people can't change the files that you share unless you give them permission to do so.
After you create or join a homegroup, you select the libraries (for example, My Pictures or My Documents) that you want to share. You can prevent specific files or folders from being shared, and you can share additional libraries later.
HomeGroup is available in Windows 8.1, Windows RT 8.1, and Windows 7. You can join a homegroup on a PC runningWindows RT 8.1, but you can't create a homegroup or share content with the homegroup. In Windows 7 Starter and Windows 7 Home Basic, you can join a homegroup, but you can’t create one.
