User:Ilya/Win.mit.edu: Difference between revisions

From OpenWetWare
Jump to navigationJump to search
No edit summary
 
 
(31 intermediate revisions by the same user not shown)
Line 1: Line 1:
==Common tasks==
*[http://web.mit.edu/ist/topics/windows/server/winmitedu/join.html Joining the domain]
*[http://web.mit.edu/ist/topics/windows/server/winmitedu/join.html Joining the domain]
*#[http://web.mit.edu/ist/topics/windows/server/winmitedu/container_info.html Add the machine to your container.]
*#[http://web.mit.edu/ist/topics/windows/server/winmitedu/container_info.html Add the machine to your container.]
Line 11: Line 12:
*#The next screen will prompt you to enter the WIN account name and password authorized to install machines in the domain. Enter the temporary join account name and password. Result: You will get a screen welcoming you to the domain.
*#The next screen will prompt you to enter the WIN account name and password authorized to install machines in the domain. Enter the temporary join account name and password. Result: You will get a screen welcoming you to the domain.
*#Reboot the machine for the changes to take effect.
*#Reboot the machine for the changes to take effect.
*Removing a machine from the domain:
*#Uninstall MIT managed software (such as Kfw, locker service, logonbefore, etc)
*#Put that machine back in a workgroup (System Properties->Computer name)
*#Delete that machine's account in AD using [https://wince.mit.edu/ wince web form]
*User profile setup:
*#Optionally rename previous profile
*#Give full permissions to the old profile to the new user account
*#Let the user login
*#Copy all files from the old profile to the new user profile
*#Import Firefox profile/bookmarks
*#Try running Office and other applications
*#Make sure users don't store a lot of data on their desktop (synchronized at login and logout)
*#Optionally add user's account to the local Administrators group


*To check Moira record for a hostname of IP adress:
*To check Moira record for a hostname of IP adress:
Line 35: Line 51:


*AD Container Management (available on WIN machines) - an MMC snap-in tool, normally found under the "Administrative Tools" menu, or invoked with the command adcontmgr.msc.
*AD Container Management (available on WIN machines) - an MMC snap-in tool, normally found under the "Administrative Tools" menu, or invoked with the command adcontmgr.msc.
*To connect remotely or from non-Windows OS:
**must to set win password before connecting to home directory from mac/linux
mount -t cifs //win.mit.edu/dfs/profile/(first letter of username)/(username) /mnt/win -o user=username,domain=WIN.MIT.EDU
==Windows Update==
*[http://web.mit.edu/ist/topics/windows/updates/advanced.html MIT Windows Automatic Update Service: Advanced Installation and Configuration Instructions]
*[http://web.mit.edu/ist/topics/windows/server/winmitedu/os_management.html Operating System Maintenance]
*From network at mit:
:Auto Hotfixer is a retired tool. We use WSUS to have replaced it. You don't need to make the change to autohotfixer when you switch to MIT WSUS.  Machines in win.mit.edu should be all set for using MIT WSUS as long as you didn't make changes in your container to overwrite Windows Update settings.
*[http://web.mit.edu/ist/topics/windows/updates/ MIT Windows Automatic Update Service (WAUS)]
*[http://web.mit.edu/ist/topics/windows/updates/win2k.html MIT Windows Automatic Update Service: Windows 2000 Domain Machines]
*Computer Configuration\Administrative Templates\Windows Components\Windows Update\Configure Automatic Updates
:enabled|disabled|5 - local admin to choose the update/reboot behavior
*Computer Configuration > Administrative Templates > Windows Components > Windows Update > No auto-restart for scheduled Automatic Update installations
==Endy Lab OU==
*Machine containers:
**Machines/BioEng/endylab/workstations
**Machines/BioEng/endylab/servers
*User lists:
**endylab
**endylab-admin
*To edit group policy for the machines in your OU (using Windows):
**run mmc from the command line
**Add a new snap in Group Policy Editor
**Browse to this: GP Bioeng/endylab/workstation
===Todo===
*Problem: how to disable synchronization with the drive H: completely?
*To disable roaming profiles:
**Computer configuration\Admin templates\System\User Profiles
**Only allow local user profiles - if enabled: at first logon, the user receives a new local profile (rather than the roaming profile); at logoff, changes are saved to the local profile and all subsequent logons use the local profile
**Prevent Roaming Profile changes from propagating to the server - if enabled: at login, the user receives their roaming profile but any changes a user makes to their profile will not be merged to their roaming profile when they log off
**If both of the above settings are enabled, then roaming profiles will be disabled
**Are these settings per machine or for the whole OU?
*To disable folder redirection:
**[http://support.microsoft.com/kb/888203 How to stop Folder Redirection in Windows Server 2003 and in Windows 2000 Server]
**User Configuration\Windows Settings\Folder Redirection (does this apply to .winprofile or WinData?)
**Application Data
**Desktop
**My Documents
**Start Menu
*[http://web.mit.edu/ist/topics/windows/server/winmitedu/group_policy.html#nonoveruser Non-Overrideable User Settings]
*:Folder Redirection: Users located in the Moira\Users container will have several of their roaming profile directories (My Documents, My Pictures, Favorites, and Application Data) redirected into their WinData directory.
*Make sure machine logins are restricted to endylab members
**By default anyone with an Athena account can login to any of the lab machines.
**Add your lab name to Computer configurations\Windows Settings\Restricted groups
*Add users to endy-admin list (default restrictions: can't change the system time (viewing calendar), cant copy files to the C drive)
*Is it possible to change the default set of rights for regular user accounts?
*try connecting a lab machine to WIN.MIT.EDU using MITnet drops (get an unused hostname, add it to the container)
===Usefulness===
====Pros====
*Easy user login using Kerberos (Athena) account
*Centralized management and support of the machines in the domain by MIT IS&T
**Automatic subscription to MIT WSUS
*Access to 2GB of online storage drive H: that has up to 64 daily snapshots
*Roaming profile: your computing session will look the same no matter what domain computer you login to.
====Cons====
*Your local user directory effectively cannot contain more than 2GB of data if it is synchronized to drive H:
*Folder redirection and flaky network in building 68 may be slowing down logins, logouts and work (since application end up storing their user data on the network)
==Bionet==
*Status as of 2006-12-19
**Goal is to keep things running as they are now (snapshots and backups); space should not be a problem but there is still no budget and warranty on the filers already ran out.
**Bionet will move to WIN.MIT.EDU in late January or early February


==Reference==
==Reference==
*[https://biowiki.mit.edu/biowiki/index.php/Migrating_to_WIN.MIT.EDU_Active_Directory_Domain Migrating_to_WIN.MIT.EDU_Active_Directory_Domain] - MIT BioMicro Center Information Technology Team wiki
*Do not store large files on Desktop - this folder is transferred to/from H: drive each time you log in/out.
*Do not store over 2GB of data in My Documents folder (e.g., move out your iTunes folder) - it is mapped to H:\WinData\My Documents folder and H: drive has quota with hard limit of 2GB.
*[http://web.mit.edu/ist/topics/windows/server/winmitedu/ The win.mit.edu Domain]
*[http://web.mit.edu/ist/topics/windows/server/winmitedu/ The win.mit.edu Domain]
*[http://web.mit.edu/acs/windows/ Academic Computing - Windows Support]
*[http://web.mit.edu/acs/windows/ Academic Computing - Windows Support]
Line 42: Line 131:
*[http://web.mit.edu/winathena-stat/ Windows Domain win.mit.edu Statistics]
*[http://web.mit.edu/winathena-stat/ Windows Domain win.mit.edu Statistics]
*[http://mit.edu/is/topics/windows/server/winmitedu/sendbug.html Report a bug or problem with a win.mit.edu machine]
*[http://mit.edu/is/topics/windows/server/winmitedu/sendbug.html Report a bug or problem with a win.mit.edu machine]
*[http://web.mit.edu/is/topics/windows/server/winmitedu/help.html Logon procedure]
*[http://web.mit.edu/ist/topics/windows/server/request_forms.html Request forms]
*[https://wince.mit.edu User and container admin tasks] (delete machine, change AD password, etc)
*[http://web.mit.edu/ist/topics/windows/server/winmitedu/RIS.html RIS] - Remote Installation Service
**MITnet DHCP will route PXE requests to WIN.MIT.EDU – RIS
*[http://web.mit.edu/ist/topics/windows/server/winmitedu/user_profiles.html Managing user profile]
**By default your profile will be in two top-level directories in your DFS home directory. The .winprofile and WinData directories are created the first time you log on to a WIN machine.
**By default the .winprofile directory contains the following information:
***ntuser.dat - a binary file that is used to populate the HKCU registry hive on the client workstation
***ntuser.pol - another file containing registry information
***ntuser.ini - an ini file
***Templates - a directory containing shortcuts to template items
***Start Menu - a directory containing the files and folders that create the user's menus
***SendTo - a directory that contains shortcut files that create the "SendTo" menu for the user
***Recent - a directory that contains shortcuts to the most recently accessed files
***PrintHood - a directory that contains shortcuts to items in the user's Printers folder
***NetHood - a directory that contains shortcuts to items in the user's My Network Places folder
***Desktop - a directory that contains the items that make up the user's desktop
***Cookies - a directory that contains the browser cookies that the user has acquired while traversing the web
**By default the WinData directory contains the following information:
***Favorites - a directory that contains the user's Internet Explorer Favorites (like Bookmarks in Netscape)
***My Documents - the user's default data directory. It exists on the user's desktop and tends to be the default location for Save As
***Application Data - a directory that contains configuration data saved by applications run by the user.
**[https://wince.mit.edu/changeprofile/index.jsp WinAthena User Profile and Home Directory Management Page] - a user can change their default DFS roaming profile and home directory locations to a local profile and home directory or to a path on a departmental server
**[http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html Profile and Folder Redirection In Windows Server 2003]

Latest revision as of 08:53, 8 August 2007

Common tasks

  • Joining the domain
    1. Add the machine to your container.
    2. Get a temporary join account name and password.
    3. Log on to the machine as local administrator.
    4. Right click the My Computer icon.
    5. Select Properties.
    6. Click the Network Identification tab.
    7. Click the Properties button.
    8. Select the Member of Domain radio button.
    9. Type in: WIN.MIT.EDU (in all capitals).
    10. The next screen will prompt you to enter the WIN account name and password authorized to install machines in the domain. Enter the temporary join account name and password. Result: You will get a screen welcoming you to the domain.
    11. Reboot the machine for the changes to take effect.
  • Removing a machine from the domain:
    1. Uninstall MIT managed software (such as Kfw, locker service, logonbefore, etc)
    2. Put that machine back in a workgroup (System Properties->Computer name)
    3. Delete that machine's account in AD using wince web form
  • User profile setup:
    1. Optionally rename previous profile
    2. Give full permissions to the old profile to the new user account
    3. Let the user login
    4. Copy all files from the old profile to the new user profile
    5. Import Firefox profile/bookmarks
    6. Try running Office and other applications
    7. Make sure users don't store a lot of data on their desktop (synchronized at login and logout)
    8. Optionally add user's account to the local Administrators group
  • To check Moira record for a hostname of IP adress:
athena% stella foo

or 

athena% hostinfo foo

or 

athena% nslookup foo
  • To check container assigment:
athena% stella foo -lcn
Machine: Container: Machines/pismere-laptops
  • To add the machine "foo" to the container "test":
athena% stella foo -acn Machines/test
  • Moira (available on UNIX Athena and WIN machines)
    • /usr/athena/bin/moira (The container menu is available from the top level menu, currently it is choice number 12)
    • http://web.mit.edu/moira
    • Administrative Tools-> Moira Account Management
  • mitch - examine and modify informtion about containers in Moira
athena% mitch Machines/BioEng/endy
  • AD Container Management (available on WIN machines) - an MMC snap-in tool, normally found under the "Administrative Tools" menu, or invoked with the command adcontmgr.msc.
  • To connect remotely or from non-Windows OS:
    • must to set win password before connecting to home directory from mac/linux
mount -t cifs //win.mit.edu/dfs/profile/(first letter of username)/(username) /mnt/win -o user=username,domain=WIN.MIT.EDU

Windows Update

Auto Hotfixer is a retired tool. We use WSUS to have replaced it. You don't need to make the change to autohotfixer when you switch to MIT WSUS. Machines in win.mit.edu should be all set for using MIT WSUS as long as you didn't make changes in your container to overwrite Windows Update settings.
enabled|disabled|5 - local admin to choose the update/reboot behavior
  • Computer Configuration > Administrative Templates > Windows Components > Windows Update > No auto-restart for scheduled Automatic Update installations

Endy Lab OU

  • Machine containers:
    • Machines/BioEng/endylab/workstations
    • Machines/BioEng/endylab/servers
  • User lists:
    • endylab
    • endylab-admin
  • To edit group policy for the machines in your OU (using Windows):
    • run mmc from the command line
    • Add a new snap in Group Policy Editor
    • Browse to this: GP Bioeng/endylab/workstation

Todo

  • Problem: how to disable synchronization with the drive H: completely?
  • To disable roaming profiles:
    • Computer configuration\Admin templates\System\User Profiles
    • Only allow local user profiles - if enabled: at first logon, the user receives a new local profile (rather than the roaming profile); at logoff, changes are saved to the local profile and all subsequent logons use the local profile
    • Prevent Roaming Profile changes from propagating to the server - if enabled: at login, the user receives their roaming profile but any changes a user makes to their profile will not be merged to their roaming profile when they log off
    • If both of the above settings are enabled, then roaming profiles will be disabled
    • Are these settings per machine or for the whole OU?
  • To disable folder redirection:
  • Non-Overrideable User Settings
    Folder Redirection: Users located in the Moira\Users container will have several of their roaming profile directories (My Documents, My Pictures, Favorites, and Application Data) redirected into their WinData directory.
  • Make sure machine logins are restricted to endylab members
    • By default anyone with an Athena account can login to any of the lab machines.
    • Add your lab name to Computer configurations\Windows Settings\Restricted groups
  • Add users to endy-admin list (default restrictions: can't change the system time (viewing calendar), cant copy files to the C drive)
  • Is it possible to change the default set of rights for regular user accounts?
  • try connecting a lab machine to WIN.MIT.EDU using MITnet drops (get an unused hostname, add it to the container)

Usefulness

Pros

  • Easy user login using Kerberos (Athena) account
  • Centralized management and support of the machines in the domain by MIT IS&T
    • Automatic subscription to MIT WSUS
  • Access to 2GB of online storage drive H: that has up to 64 daily snapshots
  • Roaming profile: your computing session will look the same no matter what domain computer you login to.

Cons

  • Your local user directory effectively cannot contain more than 2GB of data if it is synchronized to drive H:
  • Folder redirection and flaky network in building 68 may be slowing down logins, logouts and work (since application end up storing their user data on the network)

Bionet

  • Status as of 2006-12-19
    • Goal is to keep things running as they are now (snapshots and backups); space should not be a problem but there is still no budget and warranty on the filers already ran out.
    • Bionet will move to WIN.MIT.EDU in late January or early February

Reference

  • Migrating_to_WIN.MIT.EDU_Active_Directory_Domain - MIT BioMicro Center Information Technology Team wiki
  • Do not store large files on Desktop - this folder is transferred to/from H: drive each time you log in/out.
  • Do not store over 2GB of data in My Documents folder (e.g., move out your iTunes folder) - it is mapped to H:\WinData\My Documents folder and H: drive has quota with hard limit of 2GB.
  • The win.mit.edu Domain
  • Academic Computing - Windows Support
  • Windows Server Platforms at MIT
  • Windows Domain win.mit.edu Statistics
  • Report a bug or problem with a win.mit.edu machine
  • Logon procedure
  • Request forms
  • User and container admin tasks (delete machine, change AD password, etc)
  • RIS - Remote Installation Service
    • MITnet DHCP will route PXE requests to WIN.MIT.EDU – RIS
  • Managing user profile
    • By default your profile will be in two top-level directories in your DFS home directory. The .winprofile and WinData directories are created the first time you log on to a WIN machine.
    • By default the .winprofile directory contains the following information:
      • ntuser.dat - a binary file that is used to populate the HKCU registry hive on the client workstation
      • ntuser.pol - another file containing registry information
      • ntuser.ini - an ini file
      • Templates - a directory containing shortcuts to template items
      • Start Menu - a directory containing the files and folders that create the user's menus
      • SendTo - a directory that contains shortcut files that create the "SendTo" menu for the user
      • Recent - a directory that contains shortcuts to the most recently accessed files
      • PrintHood - a directory that contains shortcuts to items in the user's Printers folder
      • NetHood - a directory that contains shortcuts to items in the user's My Network Places folder
      • Desktop - a directory that contains the items that make up the user's desktop
      • Cookies - a directory that contains the browser cookies that the user has acquired while traversing the web
    • By default the WinData directory contains the following information:
      • Favorites - a directory that contains the user's Internet Explorer Favorites (like Bookmarks in Netscape)
      • My Documents - the user's default data directory. It exists on the user's desktop and tends to be the default location for Save As
      • Application Data - a directory that contains configuration data saved by applications run by the user.
    • WinAthena User Profile and Home Directory Management Page - a user can change their default DFS roaming profile and home directory locations to a local profile and home directory or to a path on a departmental server
    • Profile and Folder Redirection In Windows Server 2003
Retrieved from "https://openwetware.org/mediawiki/index.php?title=User:Ilya/Win.mit.edu&oldid=138671"