# Setting up a new cyber cafe with 10 Systems.



## hosseinrz (Jan 29, 2006)

Hello all.
One of my friends wants to setup a new cyber cafe with these specs:
10 Clients each one PIII Windows XP pro.
1 Server Which is connected to internet trough ADSL modem. (Windows 2003)
A 16 port switch to connect systems to server.
I would like to know is it better to install two network cards on the server or just connecting Adsl modem's output to the switch ?
Is there any configuration for windows 2003 server I have to do ?
Please suggest me setting up this network.
Please explain it for me.
How should I share internet connection between server and clients ?
What should I do after bridging two networks on the server?
I would like to restrict the clients that the users cannot execute, go to my computer, install software and... I want to have a very secure system.
Because people working always try to hack the systems or install keyloggers.

How can I limit client systems and what programs on the server/client do you suggest me to use ?

Thank you in advance.
Rz


----------



## Squashman (Apr 14, 2005)

Whey do you feel you need a Windows 2003 Server for this. I see no need unless there is something you are not telling us. I would buy a router as well. Connect the modem to the Wan port on the router. You may be able to get a router with an integrated 16 port switch. The biggest I have ever bought was 8. But I am sure they are available.

I would aslo install the Shared Computer toolkit on all those machines to lock them down.
http://www.microsoft.com/windowsxp/sharedaccess/default.mspx


----------



## hosseinrz (Jan 29, 2006)

Squashman said:


> Whey do you feel you need a Windows 2003 Server for this. I see no need unless there is something you are not telling us. I would buy a router as well. Connect the modem to the Wan port on the router. You may be able to get a router with an integrated 16 port switch. The biggest I have ever bought was 8. But I am sure they are available.
> 
> I would aslo install the Shared Computer toolkit on all those machines to lock them down.
> http://www.microsoft.com/windowsxp/sharedaccess/default.mspx


If windows 2003 server is not required, I will appreciate it, but what if I wish to setup the network without a router ?
There is a server that would be our router. 
Some people talking about setting up NAT. Is it really required?
I have a DI-624 router, does it also assing IP to systems that connected to a hub and then hub is connected to the router? 
Is Zonelabs internet security suite a good product to use ?

Thank you.


----------



## crazijoe (Oct 19, 2004)

The D-Link DI-624 is a wireless router. I would turn off the wireless capabilities unless you want users to connect wirelessly. This router also has a built-in 4 port switch. To connect more user just add an 8 port switch to it. This will enable you to connect the 10 workstations in your cyber cafe. You do not need a server as the router is cabable of DHCP and provides NAT routing.


----------



## hosseinrz (Jan 29, 2006)

crazijoe said:


> The D-Link DI-624 is a wireless router. I would turn off the wireless capabilities unless you want users to connect wirelessly. This router also has a built-in 4 port switch. To connect more user just add an 8 port switch to it. This will enable you to connect the 10 workstations in your cyber cafe. You do not need a server as the router is cabable of DHCP and provides NAT routing.


Ok.
I have more questions.
What if he doe's not want to use the router and set it up with server/clients
and what do you suggest me to block clients from installing, executing and... because they will install key loggers on the systems...
If I use the router, am I still able to limit bandwidth on each client as DI-624 does not support bandwidth limiting.
I want to setup a limit for PC1 daily limit of 300 Kbps until used 300 MB traffic and then slows down to 100 Kbps for example.

Thank you.


----------



## Sum Yung Guy (Jul 25, 2006)

> I would like to restrict the clients that the users cannot execute, go to my computer, install software and... I want to have a very secure system.
> Because people working always try to hack the systems or install keyloggers.


Goto Start Menu> Run > mmc
Once MMC is open, goto file click "Add Remove Snap In"
At the next screen click add and find "group policy". 
Youll want to go into User Configuration and then Administrative Templates.
There you can restrict what happens on the users of that computer. Do that on all the comps. You can probally find a baseline file somewhere online that configures all that stuff automatically.


----------



## johnwill (Sep 26, 2002)

Why in the world would you go to the expense and bother of setting up Server 2003 when a simple router will do the job?


----------



## hosseinrz (Jan 29, 2006)

Sum Yung Guy said:


> Goto Start Menu> Run > mmc
> Once MMC is open, goto file click "Add Remove Snap In"
> At the next screen click add and find "group policy".
> Youll want to go into User Configuration and then Administrative Templates.
> There you can restrict what happens on the users of that computer. Do that on all the comps. You can probally find a baseline file somewhere online that configures all that stuff automatically.


thank you.
But I did not find Group Policy in my personal XP pro system, but I can see Group policy object editor in the list.
Shall I use it ?

I have found a way to do this but there is a question.
I run mgpedit.msc from Run and then can restrict any thing I wish.
But restrictions applies for both administrator and Limited users.
When I restrict a feature, I can re enable it from restricted user account.
If a user knows this then he can enable all access for himself.
If I disable run command I cannot access gpedit.msc myself...
Please help me restricting only limited users.

Thank you.


----------



## Sum Yung Guy (Jul 25, 2006)

Yea Group Policy Object Editor is what I meant. Sorry bout the mixup.


----------



## Terrister (Apr 18, 2005)

You could also look into custom cyber cafe software. 
Take a look at these and when you decide on one, post back and we will see what hardware you will need.
http://www.google.com/search?source...LJ,GGLJ:2006-22,GGLJ:en&q=cyber+cafe+software


----------



## hosseinrz (Jan 29, 2006)

Terrister said:


> You could also look into custom cyber cafe software.
> Take a look at these and when you decide on one, post back and we will see what hardware you will need.
> http://www.google.com/search?source...LJ,GGLJ:2006-22,GGLJ:en&q=cyber+cafe+software


I've downloaded CyberCafePro.5.0.250 Client Server
What do suggest ?

I can enable features disabled by Administrator in group policy, so limited users can also do ...
Any suggests?


----------



## Squashman (Apr 14, 2005)

hosseinrz said:


> Please help me restricting only limited users.
> 
> Thank you.


This is why Microsoft created the Shared Computer Security toolkit. I suggest you take a look at it. I linked to it, in my first post in this thread.


----------



## Squashman (Apr 14, 2005)

hosseinrz said:


> . because they will install key loggers on the systems...
> .


If you are going to do that, you better be damn sure that people know you are doing it and make them sign a release form before they use the computer otherwise you are going to be in a World of hurt from alot of Lawyers.


----------



## whardman (Jun 28, 2006)

I think he's trying to PREVENT other people from installing keyloggers.



hosseinrz said:


> because *they *will install key loggers on the systems...


----------



## Squashman (Apr 14, 2005)

whardman said:


> I think he's trying to PREVENT other people from installing keyloggers.


I guess I misunderstood that one.


----------

