I'm about 3 weeks in on taking a new job teaching a CIT class and being a Systems Admin for a local trade school. We have about ~100 PCs and a few servers (will be virtualizing/consolidating very soon), but I'll be recreating the servers along with the new hardware.
I'm having a little trouble planning out what I should do to further improve our network and increasing security; the previous Sysadmin/Instructor did things a little odd IMO.
We have one domain that only the faculty is attached to but all of the student PCs are just hanging out on a workgroup. These student PCs are not filtered and they are all running on a bonded T1. You can imagine how slow it must be right now. So my question is more about how should I get these student PCs under control without having a complicated setup.
I'm doing some testing/research on some new firewalls for our location that have web filtering subscriptions included. Got to have web filtering at the firewall level for sure and get web access locked down.
Also, each classroom has 1 instructor PC and 1 server for testing software. I'm sure I'll just assign static IPs to those and have an "unfiltered IP range" for faculty.
I've thought about having 2 domains, one for faculty and one for students. I've thought about having 1 domain, 2 OUs. Faculty wants there to be no way a student can access their servers.
What does the [H] crowd think?
My end game is that I want all student PCs heavily filtered, faculty not as filtered, yet keeping a simple, secure network.
I'm having a little trouble planning out what I should do to further improve our network and increasing security; the previous Sysadmin/Instructor did things a little odd IMO.
We have one domain that only the faculty is attached to but all of the student PCs are just hanging out on a workgroup. These student PCs are not filtered and they are all running on a bonded T1. You can imagine how slow it must be right now. So my question is more about how should I get these student PCs under control without having a complicated setup.
I'm doing some testing/research on some new firewalls for our location that have web filtering subscriptions included. Got to have web filtering at the firewall level for sure and get web access locked down.
Also, each classroom has 1 instructor PC and 1 server for testing software. I'm sure I'll just assign static IPs to those and have an "unfiltered IP range" for faculty.
I've thought about having 2 domains, one for faculty and one for students. I've thought about having 1 domain, 2 OUs. Faculty wants there to be no way a student can access their servers.
What does the [H] crowd think?
My end game is that I want all student PCs heavily filtered, faculty not as filtered, yet keeping a simple, secure network.