Difference between revisions of "Active Directory/Documentation"
Jump to navigation
Jump to search
m |
|||
(87 intermediate revisions by 6 users not shown) | |||
Line 1: | Line 1: | ||
− | {{Active_Directory_toc}} | + | {{Active_Directory_toc}}__NOTOC__ |
− | =Active Directory | + | =Active Directory Users and Computers= |
− | + | *[[/SpecOps Addon for ADUC|SpecOps Addon for ADUC]] | |
− | |||
− | |||
− | *[[/ | ||
− | |||
=Automatic Logon= | =Automatic Logon= | ||
*[[/Autologon_GPO_Problem| How to prevent group policy from removing automatic logon?]] | *[[/Autologon_GPO_Problem| How to prevent group policy from removing automatic logon?]] | ||
+ | *[[/Autologon| How to enable automatic logon for kiosk?]] | ||
+ | |||
+ | =Administrative Users= | ||
+ | *[[/ACS Applications|ACS Applications]] | ||
=Automatic Updates (WSUS)= | =Automatic Updates (WSUS)= | ||
− | + | Details on the WolfTech WSUS Service Group can be found [[Active_Directory/Service_Groups| here]]. | |
− | + | *[[/Configuring the Windows Update GPO Setting| Configuring the Windows Update GPO Setting]] | |
− | *[[/ | ||
*[[/Manually_Install_Updates| Manually Install Updates]] | *[[/Manually_Install_Updates| Manually Install Updates]] | ||
− | *[[/ | + | *[[/WSUS Management Console | WSUS Management Console]] |
+ | *[[/Manipulate Client Behavior Using Command-line Options|Manipulate Client Behavior Using Command-line Options]] | ||
+ | *[[/WSUS Update Agent Script|Windows Update Agent force script]] | ||
+ | *[[/Personal Computers on WSUS|Personal Computers on WSUS]] | ||
+ | *[[/Configuring Domain Computers|Configuring Domain Computers]] | ||
=Disaster Recovery= | =Disaster Recovery= | ||
Line 24: | Line 27: | ||
=File Servers= | =File Servers= | ||
+ | =Folder Redirection= | ||
=Distributed File System (DFS)= | =Distributed File System (DFS)= | ||
+ | * [[What is DFS? | What is DFS?]] | ||
* [[DFS_Architecture | DFS Architecture]] | * [[DFS_Architecture | DFS Architecture]] | ||
* [http://support.microsoft.com/?kbid=903651 Enable Multiple DFS Roots on Windows 2003 Server Standard] | * [http://support.microsoft.com/?kbid=903651 Enable Multiple DFS Roots on Windows 2003 Server Standard] | ||
=Group Policy= | =Group Policy= | ||
+ | *[[/Using Resultant Set of Policy|Using Resultant Set of Policy]] | ||
+ | *[http://technet.microsoft.com/en-us/magazine/cc137719.aspx More than you wanted to know about ADM...] | ||
+ | |||
+ | =Group Policy Preferences= | ||
+ | *[[/GP Preferences Overview| Overview]] | ||
+ | *[[/Remote Server Administration Tools|Remote Server Administration Tools]] | ||
+ | *[[/Configuring Preferences| Configuring Preferences]] | ||
+ | *[[/Clients & Deploying Preferences|Clients & Deploying Preferences]] | ||
+ | *[[/Item-Level Targeting|Item-Level Targeting]] | ||
+ | |||
+ | *[[/Mapping Printers| Mapping Printers]] | ||
+ | *[[/Mapping Drives| Mapping Drives]] | ||
+ | |||
=Internet Explorer 7= | =Internet Explorer 7= | ||
*[[/IE7_Feeds | RSS Feeds]] | *[[/IE7_Feeds | RSS Feeds]] | ||
− | = | + | *[[/Phishing Filter| Phishing Filter]] |
− | = | + | |
− | = | + | =Laptops= |
+ | *[[/Security Policies When Offsite|Security Policies When Offsite]] | ||
+ | =Lights Out Management= | ||
+ | *HP ILO | ||
+ | *Dell DRAC | ||
+ | =Macintosh= | ||
+ | *[[/Parallels | Parallels]] (BME is currently beta testing) | ||
+ | |||
+ | ==== Options for integrating Mac OS X clients with AD ==== | ||
+ | |||
+ | *Billy's instructions on joining domain... [[/Joining Macs to WolfTech Domain|Joining Macs to WolfTech Domain]] | ||
+ | |||
+ | With the included Active Directory plug-in, OS X can be configured to authenticate to an AD domain, and use network home directories. More comprehensive management (MCX) requires one of the 3 options below: | ||
+ | |||
+ | *[[/Extending the AD schema | Extending the AD schema]] Adding 38 attributes and 10 classes to the AD schema. | ||
+ | *[[/Dual directory | Dual directory]] Adding an Open Directory domain running on a Mac OS X Server, also known as a "Magic Triangle" configuration | ||
+ | *[[/Third-party solutions | Third-party solutions]] Options include Thursby's ADmitMac or Centrify DirectControl. | ||
+ | |||
+ | Additional resources: | ||
+ | *[http://images.apple.com/itpro/pdf/AD_Best_Practices_2.0.pdf Best Practices: Integrating Mac OS X with Active Directory] | ||
+ | *http://www.macwindows.com/AD.html | ||
+ | |||
+ | Issues to address: | ||
+ | #Configuring your mac to use your UnityID/paswd (specifically, by authing against the DCs, but alternatively against the campus KDC). Plus how the laptop reacts when not on the network - should be caching. | ||
+ | #Adding your Mac to the domain. | ||
+ | #Restricting access to AD defined users. | ||
+ | #Printing from your domain'd mac to a Windows print server; and to a WolfCopy printer. | ||
+ | #*ksmbprintd v1.0 (http://www.deploystudio.com/News/Entries/2008/4/7_ksmbprintd_v1.0.html / http://www.deploystudio.com/Downloads/ksmbprintd_v1.0.dmg) -- courtesy of Everette, needs to be tested. | ||
+ | #Accessing Windows file shares from your domain mac | ||
+ | #Why DFS doesn't work, or if the new OS fixes this. And steps to get around this (3rd party apps - AdmitMac) or things to look out for). | ||
+ | #Options to apply policies to the mac client via GP? (likely to require 3rd party apps) | ||
+ | #Scripts to inventory hardware/applications on your mac clients (longterm we'd want a WolfTech Collector Agent for Macs) | ||
+ | #AFS client for Macs | ||
+ | #Software distribution to Mac via GP? | ||
+ | |||
+ | =Migrating= | ||
+ | *[[/College of Textiles Migration|College of Textiles Migration]] | ||
+ | *[[/GUID Collection Tool|GUID Collection Tool]] | ||
+ | *[[/Computer Account Prestaging Tool|Computer Account Prestaging Tool]] | ||
+ | *[[/Computer Migrators Group|Using the Computer Migrators group]] | ||
+ | ====Active Directory Migration Tool (ADMT)==== | ||
+ | *[[/Enable User/Password Migration| Enable User/Password Migration]] | ||
+ | *[[/Enable Computer Migration| Enable Computer Migration]] | ||
+ | *[[/Computer Migration Instructions| Computer Migration Instructions]] | ||
=MS-SQL= | =MS-SQL= | ||
Line 40: | Line 101: | ||
*[http://msdn2.microsoft.com/en-us/library/ms345408.aspx Moving System Databases] | *[http://msdn2.microsoft.com/en-us/library/ms345408.aspx Moving System Databases] | ||
*[http://support.microsoft.com/kb/909801 Set SPN] | *[http://support.microsoft.com/kb/909801 Set SPN] | ||
+ | |||
+ | =New OU Admins= | ||
+ | *[[/Getting Started | Getting Started]] | ||
+ | *[[/Join a Computer| Join a Computer]] | ||
+ | *[[/Default_OU| Default OU]] | ||
+ | *[[/Admin_Shortcuts| Admin Shortcuts]] | ||
+ | *[[/ShellRunAs| ShellRunAs]] | ||
+ | |||
+ | =Printing= | ||
+ | *[[/Printing via Print-a-File|Printing via Print-a-File]] | ||
+ | *[[/Windows 2003 R2 and Printing|Windows 2003 R2 and Printing]] | ||
+ | *[[/Printer Management and Vista/RSAT|Printer Management and Vista/RSAT]] | ||
+ | *[[/WolfPrint Accounted Printing|WolfPrint Accounted Printing]] | ||
+ | |||
+ | =Public Labs / Kiosks= | ||
+ | *[[/Printing via Print-a-File|Printing via Print-a-File]] | ||
+ | *[http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx Microsoft SteadyState] | ||
=Remote Assistance= | =Remote Assistance= | ||
Line 47: | Line 125: | ||
=Remote Installation Services (RIS)= | =Remote Installation Services (RIS)= | ||
*[[/RIS| RIS]] | *[[/RIS| RIS]] | ||
+ | *[[/Add_Driver_To_RIS | Add Driver To RIS]] | ||
+ | *[http://www.nliteos.com/ nLite] | ||
+ | *[[/Duplicate GUID | Duplicate GUID]] | ||
+ | *[[/Computers folder | Computers folder]] | ||
+ | *[[/Centralized RIS|Centralized RIS]] | ||
=Scripting= | =Scripting= | ||
*[[/phpAD| phpAD Library]] | *[[/phpAD| phpAD Library]] | ||
+ | *[http://technet.microsoft.com/en-us/sysinternals/ SysInternals Tools (incls psexec / pstools)] | ||
+ | *[[/GUI for psexec|GUI for psexec]] | ||
+ | *[[Using PsExec to delete old local profiles on lab machines]] | ||
+ | |||
+ | ==Services for UNIX== | ||
+ | *[[/What is SFU?|What is SFU?]] | ||
+ | |||
=Software Packaging= | =Software Packaging= | ||
* [[/Packaging_Notes| Packaging Notes]] | * [[/Packaging_Notes| Packaging Notes]] | ||
Line 55: | Line 145: | ||
* [http://msdn2.microsoft.com/en-us/library/aa372866.aspx Windows Installer] | * [http://msdn2.microsoft.com/en-us/library/aa372866.aspx Windows Installer] | ||
* [http://support.installshield.com/kb/view.asp?articleid=q106234 Manually Uninstall MSI] | * [http://support.installshield.com/kb/view.asp?articleid=q106234 Manually Uninstall MSI] | ||
+ | * [[Removing_ghost_installs| Removing Ghost Installs]] | ||
+ | * [[/Controling Licenses via GPP|Controling Licenses via GPP]] | ||
+ | |||
+ | * [[/Exclusions List | Exclusions List]] | ||
+ | |||
+ | *[[/MSI Testing|MSI Testing]] | ||
+ | *[[/MSI Logging|MSI Loggingg]] | ||
=Symantec Antivirus (SAV)= | =Symantec Antivirus (SAV)= | ||
* [[/SAV_Definition_Updates | Definition Updates]] | * [[/SAV_Definition_Updates | Definition Updates]] | ||
* [[/SAV_Group_Management | Group Management Script]] | * [[/SAV_Group_Management | Group Management Script]] | ||
+ | |||
+ | =Teaching Labs= | ||
+ | *[[/Using Common Accounts|Using Common Accounts]] | ||
+ | *[[/Monitoring Lab Usage|Monitoring Lab Usage]] | ||
+ | *[[/Generate Remote Desktop Files|Generate Remote Desktop Files]] | ||
=User Account Control (UAC)= | =User Account Control (UAC)= | ||
Line 70: | Line 172: | ||
*[[/Planning | Planning]] | *[[/Planning | Planning]] | ||
− | =Windows 2003 | + | =Windows Server 2003 R2= |
*[[/Extend_Schema_R2| How to extend the schema?]] | *[[/Extend_Schema_R2| How to extend the schema?]] | ||
+ | |||
+ | =Windows Server 2008= | ||
+ | *[[/Server 2008 Core | Server 2008 Core]] | ||
+ | |||
+ | =Windows Defender= | ||
+ | *[http://windowshelp.microsoft.com/Windows/en-US/Help/31d797aa-091d-4d67-a556-dbfaf21bf0dc1033.mspx Disable Windows Defender] | ||
=Windows Deployment Services (WDS)= | =Windows Deployment Services (WDS)= | ||
*[[/WDS | WDS]] | *[[/WDS | WDS]] | ||
+ | |||
+ | =Windows 7= |
Latest revision as of 15:58, 23 April 2010
Active Directory Users and Computers
Automatic Logon
Administrative Users
Automatic Updates (WSUS)
Details on the WolfTech WSUS Service Group can be found here.
- Configuring the Windows Update GPO Setting
- Manually Install Updates
- WSUS Management Console
- Manipulate Client Behavior Using Command-line Options
- Windows Update Agent force script
- Personal Computers on WSUS
- Configuring Domain Computers
Disaster Recovery
DNS
File Servers
Folder Redirection
Distributed File System (DFS)
Group Policy
Group Policy Preferences
- Overview
- Remote Server Administration Tools
- Configuring Preferences
- Clients & Deploying Preferences
- Item-Level Targeting
Internet Explorer 7
Laptops
Lights Out Management
- HP ILO
- Dell DRAC
Macintosh
- Parallels (BME is currently beta testing)
Options for integrating Mac OS X clients with AD
- Billy's instructions on joining domain... Joining Macs to WolfTech Domain
With the included Active Directory plug-in, OS X can be configured to authenticate to an AD domain, and use network home directories. More comprehensive management (MCX) requires one of the 3 options below:
- Extending the AD schema Adding 38 attributes and 10 classes to the AD schema.
- Dual directory Adding an Open Directory domain running on a Mac OS X Server, also known as a "Magic Triangle" configuration
- Third-party solutions Options include Thursby's ADmitMac or Centrify DirectControl.
Additional resources:
Issues to address:
- Configuring your mac to use your UnityID/paswd (specifically, by authing against the DCs, but alternatively against the campus KDC). Plus how the laptop reacts when not on the network - should be caching.
- Adding your Mac to the domain.
- Restricting access to AD defined users.
- Printing from your domain'd mac to a Windows print server; and to a WolfCopy printer.
- ksmbprintd v1.0 (http://www.deploystudio.com/News/Entries/2008/4/7_ksmbprintd_v1.0.html / http://www.deploystudio.com/Downloads/ksmbprintd_v1.0.dmg) -- courtesy of Everette, needs to be tested.
- Accessing Windows file shares from your domain mac
- Why DFS doesn't work, or if the new OS fixes this. And steps to get around this (3rd party apps - AdmitMac) or things to look out for).
- Options to apply policies to the mac client via GP? (likely to require 3rd party apps)
- Scripts to inventory hardware/applications on your mac clients (longterm we'd want a WolfTech Collector Agent for Macs)
- AFS client for Macs
- Software distribution to Mac via GP?
Migrating
- College of Textiles Migration
- GUID Collection Tool
- Computer Account Prestaging Tool
- Using the Computer Migrators group
Active Directory Migration Tool (ADMT)
MS-SQL
New OU Admins
Printing
- Printing via Print-a-File
- Windows 2003 R2 and Printing
- Printer Management and Vista/RSAT
- WolfPrint Accounted Printing
Public Labs / Kiosks
Remote Assistance
- Configuring AD for Remote Assistance
- Offering Remote Assistance
Remote Installation Services (RIS)
Scripting
- phpAD Library
- SysInternals Tools (incls psexec / pstools)
- GUI for psexec
- Using PsExec to delete old local profiles on lab machines
Services for UNIX
Software Packaging
- Packaging Notes
- Assigning Software via Group Policy
- Windows Installer
- Manually Uninstall MSI
- Removing Ghost Installs
- Controling Licenses via GPP