Difference between revisions of "Active Directory/Documentation"

From WolfTech
Jump to navigation Jump to search
m
m
 
(56 intermediate revisions by 5 users not shown)
Line 1: Line 1:
 
{{Active_Directory_toc}}__NOTOC__
 
{{Active_Directory_toc}}__NOTOC__
=Active Directory Migration Tool (ADMT)=
 
 
*[[/Enable User/Password Migration| Enable User/Password Migration]]
 
*[[/Enable Computer Migration| Enable Computer Migration]]
 
*[[/Computer Migration Instructions| Computer Migration Instructions]]
 
 
=Active Directory Users and Computers=
 
=Active Directory Users and Computers=
 
*[[/SpecOps Addon for ADUC|SpecOps Addon for ADUC]]
 
*[[/SpecOps Addon for ADUC|SpecOps Addon for ADUC]]
 
=Automatic Logon=
 
=Automatic Logon=
 
*[[/Autologon_GPO_Problem| How to prevent group policy from removing automatic logon?]]
 
*[[/Autologon_GPO_Problem| How to prevent group policy from removing automatic logon?]]
 +
*[[/Autologon| How to enable automatic logon for kiosk?]]
 +
 +
=Administrative Users=
 +
*[[/ACS Applications|ACS Applications]]
  
 
=Automatic Updates (WSUS)=
 
=Automatic Updates (WSUS)=
 
+
Details on the WolfTech WSUS Service Group can be found [[Active_Directory/Service_Groups| here]].
*[[/WSUS| WolfTech WSUS]]
+
*[[/Configuring the Windows Update GPO Setting| Configuring the Windows Update GPO Setting]]
*[[/Update_Policy| WSUS Update Policy]]
 
 
*[[/Manually_Install_Updates| Manually Install Updates]]
 
*[[/Manually_Install_Updates| Manually Install Updates]]
*[[/WSUS_Email | WSUS Notification Email Template]]
 
 
*[[/WSUS Management Console | WSUS Management Console]]
 
*[[/WSUS Management Console | WSUS Management Console]]
 +
*[[/Manipulate Client Behavior Using Command-line Options|Manipulate Client Behavior Using Command-line Options]]
 +
*[[/WSUS Update Agent Script|Windows Update Agent force script]]
 +
*[[/Personal Computers on WSUS|Personal Computers on WSUS]]
 +
*[[/Configuring Domain Computers|Configuring Domain Computers]]
  
 
=Disaster Recovery=
 
=Disaster Recovery=
Line 28: Line 29:
 
=Folder Redirection=
 
=Folder Redirection=
 
=Distributed File System (DFS)=
 
=Distributed File System (DFS)=
 +
* [[What is DFS? | What is DFS?]]
 
* [[DFS_Architecture | DFS Architecture]]
 
* [[DFS_Architecture | DFS Architecture]]
 
* [http://support.microsoft.com/?kbid=903651 Enable Multiple DFS Roots on Windows 2003 Server Standard]
 
* [http://support.microsoft.com/?kbid=903651 Enable Multiple DFS Roots on Windows 2003 Server Standard]
Line 33: Line 35:
 
=Group Policy=
 
=Group Policy=
 
*[[/Using Resultant Set of Policy|Using Resultant Set of Policy]]
 
*[[/Using Resultant Set of Policy|Using Resultant Set of Policy]]
 +
*[http://technet.microsoft.com/en-us/magazine/cc137719.aspx More than you wanted to know about ADM...]
  
 
=Group Policy Preferences=
 
=Group Policy Preferences=
 
*[[/GP Preferences Overview| Overview]]
 
*[[/GP Preferences Overview| Overview]]
 +
*[[/Remote Server Administration Tools|Remote Server Administration Tools]]
 
*[[/Configuring Preferences| Configuring Preferences]]
 
*[[/Configuring Preferences| Configuring Preferences]]
 
*[[/Clients & Deploying Preferences|Clients & Deploying Preferences]]
 
*[[/Clients & Deploying Preferences|Clients & Deploying Preferences]]
 +
*[[/Item-Level Targeting|Item-Level Targeting]]
  
 
*[[/Mapping Printers| Mapping Printers]]
 
*[[/Mapping Printers| Mapping Printers]]
Line 46: Line 51:
 
*[[/Phishing Filter| Phishing Filter]]
 
*[[/Phishing Filter| Phishing Filter]]
  
 +
=Laptops=
 +
*[[/Security Policies When Offsite|Security Policies When Offsite]]
 +
=Lights Out Management=
 +
*HP ILO
 +
*Dell DRAC
 
=Macintosh=
 
=Macintosh=
 
*[[/Parallels | Parallels]] (BME is currently beta testing)
 
*[[/Parallels | Parallels]] (BME is currently beta testing)
 +
 +
==== Options for integrating Mac OS X clients with AD ====
 +
 +
*Billy's instructions on joining domain... [[/Joining Macs to WolfTech Domain|Joining Macs to WolfTech Domain]]
 +
 +
With the included Active Directory plug-in, OS X can be configured to authenticate to an AD domain, and use network home directories. More comprehensive management (MCX) requires one of the 3 options below:
 +
 +
*[[/Extending the AD schema | Extending the AD schema]] Adding 38 attributes and 10 classes to the AD schema.
 +
*[[/Dual directory | Dual directory]] Adding an Open Directory domain running on a Mac OS X Server, also known as a "Magic Triangle" configuration
 +
*[[/Third-party solutions | Third-party solutions]] Options include Thursby's ADmitMac or Centrify DirectControl.
 +
 +
Additional resources:
 +
*[http://images.apple.com/itpro/pdf/AD_Best_Practices_2.0.pdf Best Practices: Integrating Mac OS X with Active Directory]
 +
*http://www.macwindows.com/AD.html
 +
 +
Issues to address:
 +
#Configuring your mac to use your UnityID/paswd (specifically, by authing against the DCs, but alternatively against the campus KDC). Plus how the laptop reacts when not on the network - should be caching.
 +
#Adding your Mac to the domain.
 +
#Restricting access to AD defined users.
 +
#Printing from your domain'd mac to a Windows print server; and to a WolfCopy printer.
 +
#*ksmbprintd v1.0 (http://www.deploystudio.com/News/Entries/2008/4/7_ksmbprintd_v1.0.html / http://www.deploystudio.com/Downloads/ksmbprintd_v1.0.dmg) -- courtesy of Everette, needs to be tested.
 +
#Accessing Windows file shares from your domain mac
 +
#Why DFS doesn't work, or if the new OS fixes this. And steps to get around this (3rd party apps - AdmitMac) or things to look out for).
 +
#Options to apply policies to the mac client via GP? (likely to require 3rd party apps)
 +
#Scripts to inventory hardware/applications on your mac clients (longterm we'd want a WolfTech Collector Agent for Macs)
 +
#AFS client for Macs
 +
#Software distribution to Mac via GP?
  
 
=Migrating=
 
=Migrating=
*[[/Getting Started | Getting Started]]
 
*[[/Join a Computer| Join a Computer]]
 
*[[/Default_OU| Default OU]]
 
*[[/Admin_Shortcuts| Admin Shortcuts]]
 
*[[/ShellRunAs| ShellRunAs]]
 
 
*[[/College of Textiles Migration|College of Textiles Migration]]
 
*[[/College of Textiles Migration|College of Textiles Migration]]
 +
*[[/GUID Collection Tool|GUID Collection Tool]]
 +
*[[/Computer Account Prestaging Tool|Computer Account Prestaging Tool]]
 +
*[[/Computer Migrators Group|Using the Computer Migrators group]]
 +
====Active Directory Migration Tool (ADMT)====
 +
*[[/Enable User/Password Migration| Enable User/Password Migration]]
 +
*[[/Enable Computer Migration| Enable Computer Migration]]
 +
*[[/Computer Migration Instructions| Computer Migration Instructions]]
  
 
=MS-SQL=
 
=MS-SQL=
Line 73: Line 112:
 
*[[/Printing via Print-a-File|Printing via Print-a-File]]
 
*[[/Printing via Print-a-File|Printing via Print-a-File]]
 
*[[/Windows 2003 R2 and Printing|Windows 2003 R2 and Printing]]
 
*[[/Windows 2003 R2 and Printing|Windows 2003 R2 and Printing]]
 +
*[[/Printer Management and Vista/RSAT|Printer Management and Vista/RSAT]]
 +
*[[/WolfPrint Accounted Printing|WolfPrint Accounted Printing]]
  
 
=Public Labs / Kiosks=
 
=Public Labs / Kiosks=
Line 92: Line 133:
 
=Scripting=
 
=Scripting=
 
*[[/phpAD| phpAD Library]]
 
*[[/phpAD| phpAD Library]]
 +
*[http://technet.microsoft.com/en-us/sysinternals/ SysInternals Tools (incls psexec / pstools)]
 +
*[[/GUI for psexec|GUI for psexec]]
 +
*[[Using PsExec to delete old local profiles on lab machines]]
 +
 +
==Services for UNIX==
 +
*[[/What is SFU?|What is SFU?]]
 +
 
=Software Packaging=
 
=Software Packaging=
 
* [[/Packaging_Notes| Packaging Notes]]
 
* [[/Packaging_Notes| Packaging Notes]]
Line 98: Line 146:
 
* [http://support.installshield.com/kb/view.asp?articleid=q106234 Manually Uninstall MSI]
 
* [http://support.installshield.com/kb/view.asp?articleid=q106234 Manually Uninstall MSI]
 
* [[Removing_ghost_installs| Removing Ghost Installs]]
 
* [[Removing_ghost_installs| Removing Ghost Installs]]
 +
* [[/Controling Licenses via GPP|Controling Licenses via GPP]]
 +
 +
* [[/Exclusions List | Exclusions List]]
 +
 +
*[[/MSI Testing|MSI Testing]]
 +
*[[/MSI Logging|MSI Loggingg]]
  
 
=Symantec Antivirus (SAV)=
 
=Symantec Antivirus (SAV)=
Line 105: Line 159:
 
=Teaching Labs=
 
=Teaching Labs=
 
*[[/Using Common Accounts|Using Common Accounts]]
 
*[[/Using Common Accounts|Using Common Accounts]]
 +
*[[/Monitoring Lab Usage|Monitoring Lab Usage]]
 +
*[[/Generate Remote Desktop Files|Generate Remote Desktop Files]]
  
 
=User Account Control (UAC)=
 
=User Account Control (UAC)=
Line 116: Line 172:
 
*[[/Planning | Planning]]
 
*[[/Planning | Planning]]
  
=Windows 2003 Server R2=
+
=Windows Server 2003 R2=
 
*[[/Extend_Schema_R2| How to extend the schema?]]
 
*[[/Extend_Schema_R2| How to extend the schema?]]
 +
 +
=Windows Server 2008=
 +
*[[/Server 2008 Core | Server 2008 Core]]
  
 
=Windows Defender=
 
=Windows Defender=
Line 124: Line 183:
 
=Windows Deployment Services (WDS)=
 
=Windows Deployment Services (WDS)=
 
*[[/WDS | WDS]]
 
*[[/WDS | WDS]]
 +
 +
=Windows 7=

Latest revision as of 15:58, 23 April 2010

Active Directory Users and Computers

Automatic Logon

Administrative Users

Automatic Updates (WSUS)

Details on the WolfTech WSUS Service Group can be found here.

Disaster Recovery

DNS

File Servers

Folder Redirection

Distributed File System (DFS)

Group Policy

Group Policy Preferences

Internet Explorer 7

Laptops

Lights Out Management

  • HP ILO
  • Dell DRAC

Macintosh

Options for integrating Mac OS X clients with AD

With the included Active Directory plug-in, OS X can be configured to authenticate to an AD domain, and use network home directories. More comprehensive management (MCX) requires one of the 3 options below:

Additional resources:

Issues to address:

  1. Configuring your mac to use your UnityID/paswd (specifically, by authing against the DCs, but alternatively against the campus KDC). Plus how the laptop reacts when not on the network - should be caching.
  2. Adding your Mac to the domain.
  3. Restricting access to AD defined users.
  4. Printing from your domain'd mac to a Windows print server; and to a WolfCopy printer.
  5. Accessing Windows file shares from your domain mac
  6. Why DFS doesn't work, or if the new OS fixes this. And steps to get around this (3rd party apps - AdmitMac) or things to look out for).
  7. Options to apply policies to the mac client via GP? (likely to require 3rd party apps)
  8. Scripts to inventory hardware/applications on your mac clients (longterm we'd want a WolfTech Collector Agent for Macs)
  9. AFS client for Macs
  10. Software distribution to Mac via GP?

Migrating

Active Directory Migration Tool (ADMT)

MS-SQL

New OU Admins

Printing

Public Labs / Kiosks

Remote Assistance

Remote Installation Services (RIS)

Scripting

Services for UNIX

Software Packaging

Symantec Antivirus (SAV)

Teaching Labs

User Account Control (UAC)

Virtual Servers

Vista

Windows Server 2003 R2

Windows Server 2008

Windows Defender

Windows Deployment Services (WDS)

Windows 7