So 6 months ago I became a union steward and was introduced to the systems that are used to process and store data and its a "BIG MESS" and I was asked to make it better by the new union PRESIDENT given my IT background.

The people before me were not very IT savy, and ran these systems like careless home users would, and there was no concern for data redundancy and backups etc, and both systems were run as admin and infected multiple times, and of which they had like 3 different antivirus's running on each system as a result of mismanaged systems. Also deleted about 250 GB of other software and questionable sources of data which may have been illegally downloaded etc by the prior president who thought he was king and also found out he was involved in illegal gambling in the work place, but was dethroned by the members in the recent landslide election after 12 years of his rule.

Locks changed immediately on the door to the union office upon election day when everyone knew he was getting kicked out before the vote so he couldnt do like one president did in the past which was grab a trash bag and throw folders of important documents into the trash bag from filing cabinet and shake the bag to mix it all up and walk out with a grin and they couldnt do anything but pick up the pieces by hours of sorting it all back together.

I have since COMPLETELY rebuilt both systems clean and locked out everyone but myself from admin privileges, so that no one can install junk on the systems etc, so everyone is running under a single 'User' profile for now. I also performed a hard reset on the wireless router and wiped out any crap that he may have had port forwarding or remote admin access to router etc to lock that down tight.

I also took my admin credentials and split them up into 3 slips of paper in which all 3 slips of paper are needed to construct the password. * I decided to implement this in case at some point in the future I am not available  3 responsible people can join the 3 pieces together and form the admin password and gain access to the systems to do whatever is needed in my absence. The new president, the Vice President, and the Treasurer each were given a slip each to keep hidden from everyone as 1 of 3 keys to gaining admin access. This way its secure and yet trusted among 3 people that the access would be of good intent and not a single person with that password can go in and destroy data like the prior president did before he left.

I also have a scheduled task that copies the important data from the 500GB NAS to the 500GB C: drive of the Windows 7 machine as a critically needed backup source so that if the 500GB NAS dies we still have most of the data excluding data altered or created that day on the C: drive of the workstation.

I also found out from another union member of good standing who doesnt spread rumors, but only truth, that this former union presidents brother who is now passed on was also an IT leak in the pentagon years ago and he was close to his brother. So this guys shadyness could have been secretly savy in hacking, remote access etc, which would now be illegal hacking if he did try to access the data that he should not have access to, and so I had to immediately reinitialize everything back to factory and build it all back up clean just to make sure he doesnt have any back doors in.

And the worthless idiot I didnt know still had access to the ISP e-Mail account and so from home in retaliation for his dethroning he went in and destroyed years of e-mail some of which were very important and we have yet to gain control of this e-Mail account which he has password to and refuses to give it up, and the ISP will not reset the password without the correct security questions answered of which the prior president has and so I told the new president to cancel this ISP Account and open a new account and that will sever the prior presidents access to data that he should not have access to messing with. And the biggest problem there is that the thousands of contacts are now GOING to need to know to contact us through a different e-mail so we will likely not get 100% of the mail we use to.

---------------------------------------------------------------------------------------------------------------------------
Ok enough with the background of this problem that was given to me and on with the uncertainty

( Items in BOLD are the questions to make them stand out, others are just listing stuff to do )
---------------------------------------------------------------------------------------------------------------------------



So I am attempting now something that I have never done before and looking for advice because I am not sure if it would work or not. Figured I'd check here basically before hitting a roadblock when trying to attempt this!

In the past I have used the PROFESSIONAL Editions of XP and 7 and  Server or Servers and everything works seamlessly as intended with the Professional Edition of these OS and Windows Server OS integration, but in this setup there is no server and just a NAS that is shared between the 2 systems for central data access between the 2 systems.

Here is the list of stuff I'd like to make work with the HOME Versions of XP and 7 and a 500GB NAS:

#1 - User Profiles Roaming for each of the 30 users so that no matter what system they log on to, their desktop is the same and everything stored locally to desktop is stored in the profile...... This profile will read/write from the NAS at Z:  ( I have never done this before and not sure if it can be redirected from C:\Documents and Settings\   ( and ) C:\Users\ to point to Z:\Users\  with the HOME Edition of these OS?

#2 - MS Office default save location to Z:\UserData\    and of which each user has a storage folder here, so to make it easy lets say user1, user2, user3 etc in which there are 30 people who will store data on Z:   (* This I have done before manually in MS Office to change the default save location, so I know that can be done.

#3 - Home Versions of XP and 7 only have ( Admin or User ) privileges. No Power User etc, and it would be NICE to give the president privileges above that of a normal user, but not admin privileges as for I am the IT Guru for this setup now and responsible to keep infections out and keeping it all working 24/7. I am not sure if this can be done somehow or if they really need to upgrade to Professional Edition OS to have more privilege tiers?

#4 - For 30 users with Windows XP and 7 Home editions the logon shows tabs for all user accounts, is there an easy way to make the logon screen like Professional has with just a USER / PASSWORD box instead of a clutter of accounts and having to find the right one to select from the pile?


Requests from all the users are the following in which some would be a lot of work to pull off:

#1 - Allow both systems to be able to use FileMaker 5.5 on both systems at the same time both working in the same database file at the same time..... *This to me is an issue where this is not a transactional database, and the only way I could see this POTENTIALLY working is if both systems were running stand alone copies of this database and then at timed intervals throughout the day both databases update a central database that is located on the Z: drive NAS ... But this is not a perfect solution as for if 2 people were working in the same tables and one person saved one piece of info and another saved a different piece of info, its my understanding that the last to save would overwrite the first to save. So there would have to be communication between the users to avoid working on the same case on that same day from 2 different computers or withing that timeframe that the merge hasnt happened yet. ** Personally it would be way better if a new transactional database was implemented based around like mySQL with a user interface to a mySQL server so that it would work flawless, but the problem is that there is 15 years of FileMaker database info that would need to migrate to the new database etc and that is something I am not looking forward to tackling, as well as the time I have to work on this is minimal, so I dont have time to construct a new database for this with a user interface.

#2 - They also are upset that the wifi was shut off intentionally. I told them that this was a security protocol that had to happen to keep certain people out ( vs stating the prior president out ). I may add 2 older routers in a Y configuration if its really necessary to give people the wifi. This way if anyone leaks the credentials and their mac address to the old president who is still here unfortunately, he has no way in through router firewall. To do this 1 router would be the primary to the modem and the 2 other routers would be the 2 isolated networks that share this single broadband connection. *Adds some latency, but the only cheap way to have 2 (isolated) secure networks sharing a single internet connection.

#3 - They also requested that the older Pentium 4 get replaced with a faster machine, but the prior union president was extremely wasteful with money and he was burning through his $300 a week without a vote required and who knows what it was spent on since slips are conveniently missing to account for money. So the new president took over with an account balance close to $0.00 and bills to pay that month in which they had to break into CD's to pay bills. So there will not be a new computer for some time.

----------------------------------------------------------------------------------------------------------------------------
Other stuff on my to do list is to add Battery Backups to the systems to protect them and keep them up during power disruptions. As well as to get a scanner to scan important documents to have electronic copies of them in PDF form so that if we are doing research into a case/problem we can search through text in documents for key words and find information vs fumbling through file cabinets packed with records.

Others with important roles in the union have also gone and changed bank account info and required signatures etc, and so once we get that e-mail account issue taken care of we should be done with locking out this idiot. 

Well thats that.... and the reason why we cant upgrade to XP and 7 Pro and am attemtping to do this with the Home editions that I have never done before to know if it could be pulled off or not.

Thanks for input on this project that was thrown my way