Difference between revisions of "Active Directory/Service Groups"

From WolfTech
Jump to navigation Jump to search
 
(28 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 +
{{Active_Directory_toc}}__NOTOC__
 +
 
There are a number of people critical to the success of the WolfTech Active Directory domain. While many provide encouragement, support, and assistance when asked by the community, the following service groups have agreed to provide support for specific key sections of the domain.  
 
There are a number of people critical to the success of the WolfTech Active Directory domain. While many provide encouragement, support, and assistance when asked by the community, the following service groups have agreed to provide support for specific key sections of the domain.  
  
==Domain Controllers==
+
==NCSU AD Policy Committee==
*Domain Administrators: Dan Green (djgreen), Billy Beaudion (wrbeaudo), Derek Ballard (ddballar).
+
One of the results of the Identity Management - Active Directory committee was to determine not only the choice to use the WolfTech Active Directory domain as the campus default, but to establish two committees which will be charged with the responsibility to oversee the domain.  
  
==WDS Service Group==
+
The Policy Committee will be responsible for all non-technical issues related to the domain; while not an exhaustive list, this will include:
*Leads: Alan Gerber (agerber), Michael Underwood (mpunderw)
+
*Domain Layout and Structure
 +
*Planning and Establishment of new OU units
 +
*Default Domain Group Policies
 +
*Funding
 +
*Related Documentation and Reporting
 +
*Responsibilities and requirements of member units and OU Administrators
 +
 
 +
Membership of this committee will include the following makeup (for a maximum of 8 members):
 +
*Chair: Dan Green (djgreen)
 +
*The chair of the Technical Group: Billy Beaudoin (wrbeaudo)
 +
*4 representatives from the colleges: Joshua Gira (jjgira) [CNR]; Joey Jenkins (jmjenki3) [Design]; Daniel Henninger (daniel) [CHASS]; Wes Thibodeaux (wlthibod) [Libraries]
 +
*1 from OIT: Dan Evans (dlevans) [OIT Client Services]
 +
*1 at‐large: Tom Farwig (tmfarwig) [OIT Learning Spaces]
  
 +
Website (Agendas, Minutes, Meeting Schedule): http://oit.ncsu.edu/iam/ncsu-ad-policy-committee
  
==WSUS Service Group==
+
==NCSU AD Technical Committee==
*Leads: Dan Green (djgreen), Joshua Gira (jjgira)
+
The other committee formed by the Identity Management - Active Directory committee was the Technical Committee, which will be responsible for all technical implementation and security issues related to the domain; while not an exhaustive list, this will include:
WolfTech's WSUS Service provides a convenient way to automatically keep your computer up-to-date with the latest software updates from Microsoft.  The prompt installation of security updates is critical to the security of the NC State University Network.
+
*Security
 +
*Domain-level Implementations/Automation/Upgrades
 +
*Test Domain
 +
* http://www.wolftech.ncsu.edu/support/support/Active_Directory/Documentation/Infrastructure_Todo_List
  
===Usage Policy===
+
Membership of this committee will include the following makeup (for a maximum of 8 members):
*<b>University-Owned Computers</b> - All University-owned computers are automatically configured to use WSUS to install updates.
+
*Chair: Billy Beaudoin (wrbeaudo)
*<b>Personal Machines</b> - All personal machines used on the NC State University Network should be kept patched. These may be manually configured to use the WolfTech WSUS Service. See [[Active_Directory/Documentation#How_to_Manually_Configure_Your_Personal_Computer]].
+
*The chair of the Policy Group: Dan Green (djgreen)
*<b>Home Machines</b> - NCSU faculty and staff are encouraged to manually configure their home computers to use WolfTech WSUS. See [[Active_Directory/Documentation#How_to_Manually_Configure_Your_Personal_Computer]].
+
*Domain Admin: Derek Ballard (ddballar)
 +
*Domain Admin: John Klein (jaklein)
 +
*Domain Admin: Kevin Swann (kmswann2)
 +
*Security: Tim Gurganus (tsgurgan)
 +
*OU Admin: Richard Norris (rdnorris)
 +
*OU Admin: Ryan Leap (srleap)
  
===Client Support===
+
Website (Agendas, Minutes, Meeting Schedule):
WSUS supports the following client operating systems:
+
http://oit.ncsu.edu/iam/ncsu-ad-technical-committee
  
*Windows 2000 SP3 or later
+
==Domain Controllers and Central File Servers==
*Windows XP, Vista
+
The heart of the domain, the domain controllers allow authentication and authorization services to all computers, groups, and users. The domain administrators are responsible for all upkeep of these critical servers.  The central file servers include the DFS root servers and the primary application package servers.
*Windows Server 2003, 2008
 
  
Earlier operating systems, such as Windows 95, Windows 98, and Windows ME are not supported.  These operating systems are no longer supported by Microsoft and should be upgraded immediately. Non-Windows operating systems are not supported.
+
''Domain Administrators: Dan Green (djgreen), Billy Beaudion (wrbeaudo), Derek Ballard (ddballar).''
  
===Patches / Approval===
+
==WDS Service Group==
Classifications of patches and their configuration / deployment on the WolfTech WSUS server.  
+
Windows Deployment Services (WDS) provides a convenient way to install Windows onto computers, both via network distribution and via CD/DVD distribution.  WDS also provides mechanisms for automating Windows' installations, allowing users to completely reinstall Windows - without any interaction on their part - oftentimes in as little as 45 minutes.  The WDS leads are responsible for implementing and maintaining the WDS infrastructure, as well as providing a core set of operating system images to the campus community.
===Automatically Approved Update Classifications===
 
The WolfTech WSUS server has been configured to automatically download and approve for installation the following update classifications:
 
*Definition Updates
 
===Manually Approved Update Classifications===
 
The following classification of updates are downloaded to the WolfTech WSUS server but are not approved for installation without minimal testing by IT support staff. Unless critical circumstances arise, these patches will not be approved until after each month's "Patch Tuesday" and will be accompanied by an email to the OU Admins: 
 
*Service Packs
 
*Updates
 
*Feature Packs
 
*Tools
 
*Critical Updates
 
*Security Updates
 
*Update Rollups
 
===Unapproved Update Classifications===
 
Updates that are classified as 'Drivers' are not downloaded to the WolfTech WSUS server.
 
  
==How to Manually Configure Your Personal Computer==
+
''Leads: Alan Gerber (agerber), Michael Underwood (mpunderw)''
NOTE: You must have local administrative rights on the computer.
 
  
#Download [http://www.wolftech.ncsu.edu/wsus/restricted/wsus.reg wsus.reg] to your hard disk.
+
For more info about WDS, see: [http://go.microsoft.com/fwlink/?LinkId=81873 http://go.microsoft.com/fwlink/?LinkId=81873]
#Double click on wsus.reg.
 
#When prompted if you are sure you want to add the information to the registry, click Yes.  You should see a confirmation that the information was successfully entered into the registry.
 
#Click OK.
 
#Reboot.
 
  
==WSUS Settings for Personal Computers==
+
For documentation and technical support for WDS on the WolfTech Domain: [[Active_Directory/Documentation/WDS| WDS section of AD Documentation]]
WSUS Clients on Personal Computers are configured with the following settings:
 
  
*Turn on Automatic Updates.
+
==WSUS Service Group==
*Point to WolfTech's WSUS server.
+
WolfTech's WSUS Service provides a convenient way to automatically keep your computer up-to-date with the latest software updates from Microsoft. The prompt installation of security updates is critical to the security of the NC State University Network. The WSUS leads are responsible for the maintanance of the WSUS server, the timely approval of patches, and the communication of monthly patch releases to the community.  
*Set the appropriate client-side target group - ECE-Personal.
 
*Auto-download and install patches approved on the WSUS server at the scheduled install time.
 
*Set the scheduled install time to be 2:00 PM every day.
 
*Reschedule patch installation to the next boot time if the regular scheduled time is missed.
 
*Specify a 15 minute delay that Automatic Updates will wait, following system start-up, before proceeding with a scheduled installation that was missed previously. This is to ensure that the machine is fully operational before patch installation will occur.
 
*Allow non-admins to install patches and to delay rebooting after patch installation.
 
*Set the option to not restart the computer automatically during a scheduled installation if a user is logged in to the computer. Instead, Automatic Updates will notify the user to restart the computer to complete the installation.
 
*Enable the immediate installation of minor patches that do not require a reboot.
 
*Set new update detection frequency to every 8 hours.
 
  
==References==
+
''Leads: Dan Green (djgreen), Joshua Gira (jjgira), Joe Wells (jrwells)''
For more info about WSUS, see:
 
  
*[http://www.microsoft.com/windowsserversystem/updateservices/default.mspx http://www.microsoft.com/windowsserversystem/updateservices/default.mspx]
+
*[[/WSUS/Usage Policy| Usage Policy]]
*[[../Update_Policy| WSUS Update Policy]]
+
*[[/WSUS/Patches| Types of Patches]]
 +
*[[/WSUS/Target Groups| Computer Groups and Approval Timelines]]
 +
*[[/WSUS/Emergency Patches| Emergency Patches]]
  
 +
For more info about WSUS, see: [http://www.microsoft.com/windowsserversystem/updateservices/default.mspx http://www.microsoft.com/windowsserversystem/updateservices/default.mspx]
  
Documentation and Technical Support for WSUS: [[Active_Directory/Documentation#Automatic_Updates_.28WSUS.29| WSUS section of AD Documentation]]
+
For documentation and technical support for WSUS on the WolfTech Domain: [[Active_Directory/Documentation#Automatic_Updates_.28WSUS.29| WSUS section of AD Documentation]]

Latest revision as of 19:20, 19 October 2009


There are a number of people critical to the success of the WolfTech Active Directory domain. While many provide encouragement, support, and assistance when asked by the community, the following service groups have agreed to provide support for specific key sections of the domain.

NCSU AD Policy Committee

One of the results of the Identity Management - Active Directory committee was to determine not only the choice to use the WolfTech Active Directory domain as the campus default, but to establish two committees which will be charged with the responsibility to oversee the domain.

The Policy Committee will be responsible for all non-technical issues related to the domain; while not an exhaustive list, this will include:

  • Domain Layout and Structure
  • Planning and Establishment of new OU units
  • Default Domain Group Policies
  • Funding
  • Related Documentation and Reporting
  • Responsibilities and requirements of member units and OU Administrators

Membership of this committee will include the following makeup (for a maximum of 8 members):

  • Chair: Dan Green (djgreen)
  • The chair of the Technical Group: Billy Beaudoin (wrbeaudo)
  • 4 representatives from the colleges: Joshua Gira (jjgira) [CNR]; Joey Jenkins (jmjenki3) [Design]; Daniel Henninger (daniel) [CHASS]; Wes Thibodeaux (wlthibod) [Libraries]
  • 1 from OIT: Dan Evans (dlevans) [OIT Client Services]
  • 1 at‐large: Tom Farwig (tmfarwig) [OIT Learning Spaces]

Website (Agendas, Minutes, Meeting Schedule): http://oit.ncsu.edu/iam/ncsu-ad-policy-committee

NCSU AD Technical Committee

The other committee formed by the Identity Management - Active Directory committee was the Technical Committee, which will be responsible for all technical implementation and security issues related to the domain; while not an exhaustive list, this will include:

Membership of this committee will include the following makeup (for a maximum of 8 members):

  • Chair: Billy Beaudoin (wrbeaudo)
  • The chair of the Policy Group: Dan Green (djgreen)
  • Domain Admin: Derek Ballard (ddballar)
  • Domain Admin: John Klein (jaklein)
  • Domain Admin: Kevin Swann (kmswann2)
  • Security: Tim Gurganus (tsgurgan)
  • OU Admin: Richard Norris (rdnorris)
  • OU Admin: Ryan Leap (srleap)

Website (Agendas, Minutes, Meeting Schedule): http://oit.ncsu.edu/iam/ncsu-ad-technical-committee

Domain Controllers and Central File Servers

The heart of the domain, the domain controllers allow authentication and authorization services to all computers, groups, and users. The domain administrators are responsible for all upkeep of these critical servers. The central file servers include the DFS root servers and the primary application package servers.

Domain Administrators: Dan Green (djgreen), Billy Beaudion (wrbeaudo), Derek Ballard (ddballar).

WDS Service Group

Windows Deployment Services (WDS) provides a convenient way to install Windows onto computers, both via network distribution and via CD/DVD distribution. WDS also provides mechanisms for automating Windows' installations, allowing users to completely reinstall Windows - without any interaction on their part - oftentimes in as little as 45 minutes. The WDS leads are responsible for implementing and maintaining the WDS infrastructure, as well as providing a core set of operating system images to the campus community.

Leads: Alan Gerber (agerber), Michael Underwood (mpunderw)

For more info about WDS, see: http://go.microsoft.com/fwlink/?LinkId=81873

For documentation and technical support for WDS on the WolfTech Domain: WDS section of AD Documentation

WSUS Service Group

WolfTech's WSUS Service provides a convenient way to automatically keep your computer up-to-date with the latest software updates from Microsoft. The prompt installation of security updates is critical to the security of the NC State University Network. The WSUS leads are responsible for the maintanance of the WSUS server, the timely approval of patches, and the communication of monthly patch releases to the community.

Leads: Dan Green (djgreen), Joshua Gira (jjgira), Joe Wells (jrwells)

For more info about WSUS, see: http://www.microsoft.com/windowsserversystem/updateservices/default.mspx

For documentation and technical support for WSUS on the WolfTech Domain: WSUS section of AD Documentation