Home Forums Any truth to what my tech person is telling me about LAN and user acc?

Hi everyone. Tech gurus, please opine.
We use a LAN in my office where about 15 PCs connect to a PC which functions as a server. Windows 7 and 8 machines, pretty newer machines- all with at least 4G RAM.
The way the LAN was setup was with a 'guest' user account on the main computer. Meaning every computer does not have a user account and permissions on the main computer-- some of them do. The one which don't access it thru the guest account.

My tech guy says we need to have a user account for ea of the client computers and this will speed up traffic on the LAN for AC and also for my PM program. Is this true? I've never heard of such a thing.
Thanks in advance. (hope my question was clear)

First, far more that performance issues, an argument can be made that using guest access ANYWHERE that patient data is available is a HIPAA violation.

Having individual accounts on the host/AC "server" not only allows you to better manage security, but it also allows for network traffic to be segmented. That may be more pertinent depending on your PM system.

Setting aside the obvious argument for a domain controller, named accounts on single machines make it far easier to recover from a corrupted user profile on a client machine. We see those regularly, so we setup a BestPractice profile on machines (for many reasons) but that gives each machine an untainted Admin User Profile to make repairs from.

I suspect there are performance improvements, but then I have never knowingly allowed a guest login on a network we are responsible, so I've never quantified it. The exception to the previous is those times that we have setup Honey-Traps to catch intruders.

Ok, thanks Indy.
I understand the HIPAA concern, however, access to the network and therefore to the guest account is protected by wireless access passwords and individual machine user passwords. I understand its not perfect but I didn't want anyone to think my data is just open and out there!

AJ,

I'm not maligning your security, rather pointing out that the guest account is a standard attack vector. Folks may not know that Administrator is another common attack account.

In a related fact, several of us are on record of NOT approving of setting the AC share to EVERYONE. that is the standard AC setup, but we recommend changing the share to, at minimum, Authenticated Users. That is a small, but important distinction.

I always appreciate your insight Indy and all the other gurus on this board.

Update: we changed the authentication method on my network this afternoon to individual user accounts and disabled the guest account. It seems to have speeded up AC to a small but noticeable extent.

A.J.

You may have already addressed this, but check your network for 10/100 switches.

Also check your edge router/modem, and if it has 100 ports, then it should only have a patch cord into your Gig switch.

An unbelievably inexpensive fix if that is the weak link.

What is a edge/router modem? Is that the modem that 'goes out the building'?
Also, about the 10/100 switches: do I want them or NOT want them in my network?

Thanks. Sorry for the ignorance, I'm just a doctor!

I believe he is referring to the desirability of 1000 bps switches (Gigabit switches, often referred to as 10/100/1000 bps switches). If you have a partially gigabit network, but somewhere in there is a 10/100 bps switch (not 10/100/1000 bps), then you have a bottleneck. (It's like a 90% occlusion in the femoral artery causing claudication symptoms further down in the leg during heavy exertion.)

Not absolutely positive what is meant regarding the router (yes, the modem that goes out of the building), but most access to the internet is much less than 100 bps so internet routers may not have a 1000 Gbit port. They may, however, have multiple ports, ie be a switch as well as a router. If the switch part is only 100 bps (10/100 bps), then you don't want to be using any of those ports for distribution in your office network. You only want to use the one that connects your internal network to the internet (one patch cord or cable). Hope that helps.

Hi AJ,

Based upon the above, I too wonder if you don't have a 1G (10/100/1000) switch, where the 1000 refers to 1000M, or 1G speed. If you need one, I can highly recommend the Netgear JGS516PE Prosafe switch, which has 16 ports, just enough for you. However, I think that they make a 24 port model which would probably be a model number JGS524PE, which would give you room for expansion. I don't recall how much I paid for it on Amazon, but I do remember thinking that it was quite reasonable.

All computers including the "server" get plugged into the switch, as does the connection to the outside world such as DSL modem/router or cable modem. Printers, scanners, etc. can get plugged into it too or they can be wireless. But if you have a lot of those, you may want to plug then into a separate switch which then gets plugged into the first one.

You would also benefit by having good cable, category 6 or better connecting everything, especially the cable going between the "server" and the switch. There is a lot of bad cable out there, so if you need a recommendation for it, let me know. I can also recommend wire fishing device, category 6 connectors, crimping tool, and LAN cable tester to make sure that you've made up the cables correctly. I upgraded from wireless to wired one weekend and it made a huge difference in AC performance. Ran the wire through the walls and ceiling (plenum cable), cut the low voltage boxes into the drywall, and installed the cable connectors one weekend. All pre-straightforward. There is also a good You Tube video on instilling the connectors.

"Dammit Jim, I'm a doctor, not an IT guy"

Norm Numerof, M.D.
Solo Internal Medicine in the beautiful Vail Valley, CO

If you have are upgrading a network switch, highly recommend you get one with (many) more ports than you think you need. Devices that want access to the network multiply like rabbits.

I started with an 8 port hub, changed to 2 8-port switches (Ha!), then upgraded to 2 of 16 ports each, now have a 16 port and a 24 port (albeit I'm using 4 ports in each to connect the two switches to each other). BTW, you need "managed" (meaning manageable) switches for link aggregation (AKA ganging or teaming) cables like that.

Adding to the above, may as well add PoE in case you go to VoIP so your office is less of an Octopus. Also, Don's right about manageable. But, just get manageable so you can do many things. You can just use a web interface. So, don't let Don's link aggregation phrase scare you. LOL. But, it's always nice to plan out your network. Know which Ethernet jack goes to what port and have the ports assigned to them even if on an index card. And, those can all correlate with what you see in the managed switch via the website. I think I have added to the confusion. But, pay the extra $150 and get PoE. Now, some would spend the entire $150 on a switch. Get a good switch, LinkSys or Cisco, someting like that.

Also, riding on Don's coattails, one thing we all do is forget to add extra Ethernet ports by running extra cables. If you run one cable, run two. If you run two somewhere, run four. It's easy to run extra. It's the first cable that's hard. If not, you end up with small 4-port Netgear switches everywhere.

Don is dating himself talking about hubs. Yikes!