calnet active directory micronet presentation

CalNet Active Directory

Micronet PresentationOctober 22, 2008

Mike BlasingameBlaine Isbelle

Michael LeefersCurtis Salinas

Forrest Smalley

CalNet Active Directory

History•2000 IST-CNS proposal to implement a centrally supported single-forest Active Directory

•2001 CalNetAD Project started to implement campus Active Directory forest

•2002 CalNet AD forest created, integration with CalNet completed, Haas, COIS, and IST early adopters

CalNet Active Directory

AdvantagesDomain Controllers integrated with campus DNS

User accounts integrated with CalNet ID

Hardware infrastructure and infrastructure support provided free

Facilitates central management of user and computer objects through GPOs

CalNetPKI integration

Integrated authentication with AD-aware applications

CalNet Active Directory

Getting StartedRead CalNetAD policies

Send a request to join

Agree to SLA

OU Administrator mailing list

CalNet ID of first administrator and DNS name of first computer

CalNet Active Directory

Best PracticesCalNetAD Tools

•CalNetAD Website calnetad.berkeley.edu•FAQ’s•Web Tools (Move User, Reset Campus passphrase, Create Computer)•Scripts (Create User, Create Computer, and more)

Group Policy

• Basics & Inheritance• Loopback processing• Remote tools• Software publishing• Group Policy in use

CalNet Active Directory

– What can I do with group policy?– Assigned to containers (sites, domains, OUs)– Applied to computers and user objects

• Computer section at startup• User section at login• Top-down processing

CalNet Active Directory

CalNet Active Directory

CalNet Active Directory

CalNet Active Directory

CalNet Active Directory

CalNet Active Directory

• Loopback processing– Applies policies to user objects outside of your control

• Labs• Student workers• Terminal servers• Virtual desktops

– Merge mode– Replace mode

CalNet Active Directory

• Remote tools– Remote Desktop

• Benefits• Security• Terminal Services Gateway

– Remote Assistance• Solicited vs. Unsolicited

CalNet Active Directory

• Software publishing– Can be applied to either a computer or a user– Assigned versus Published

CalNet Active Directory

CalNet Active Directory

CalNet Active Directory

CalNet Active Directory

• SQL 2005– User rights

• Log on as a service, Log on as a batch job, etc.

– Group memberships– Service startup type and permissions– File permissions– Registry permissions– Audit policy

CalNet Active Directory

CalNet Active Directory

Best Practices -WSUS

• GPO: Campus – WSUS• GPO: Campus – Block IE7 install (use IST WSUS)