calnet active directory micronet presentation
DESCRIPTION
CalNet Active Directory Mike Blasingame Blaine Isbelle Michael Leefers Curtis Salinas Forrest Smalley History •2002 CalNet AD forest created, integration with CalNet completed, Haas, COIS, and IST early adopters •2001 CalNetAD Project started to implement campus Active Directory forest •2000 IST-CNS proposal to implement a centrally supported single-forest Active DirectoryTRANSCRIPT
CalNet Active Directory
Micronet PresentationOctober 22, 2008
Mike BlasingameBlaine Isbelle
Michael LeefersCurtis Salinas
Forrest Smalley
CalNet Active Directory
History•2000 IST-CNS proposal to implement a centrally supported single-forest Active Directory
•2001 CalNetAD Project started to implement campus Active Directory forest
•2002 CalNet AD forest created, integration with CalNet completed, Haas, COIS, and IST early adopters
CalNet Active Directory
AdvantagesDomain Controllers integrated with campus DNS
User accounts integrated with CalNet ID
Hardware infrastructure and infrastructure support provided free
Facilitates central management of user and computer objects through GPOs
CalNetPKI integration
Integrated authentication with AD-aware applications
CalNet Active Directory
Getting StartedRead CalNetAD policies
Send a request to join
Agree to SLA
OU Administrator mailing list
CalNet ID of first administrator and DNS name of first computer
CalNet Active Directory
Best PracticesCalNetAD Tools
•CalNetAD Website calnetad.berkeley.edu•FAQ’s•Web Tools (Move User, Reset Campus passphrase, Create Computer)•Scripts (Create User, Create Computer, and more)
Group Policy
• Basics & Inheritance• Loopback processing• Remote tools• Software publishing• Group Policy in use
CalNet Active Directory
– What can I do with group policy?– Assigned to containers (sites, domains, OUs)– Applied to computers and user objects
• Computer section at startup• User section at login• Top-down processing
CalNet Active Directory
CalNet Active Directory
CalNet Active Directory
CalNet Active Directory
CalNet Active Directory
CalNet Active Directory
• Loopback processing– Applies policies to user objects outside of your control
• Labs• Student workers• Terminal servers• Virtual desktops
– Merge mode– Replace mode
CalNet Active Directory
• Remote tools– Remote Desktop
• Benefits• Security• Terminal Services Gateway
– Remote Assistance• Solicited vs. Unsolicited
CalNet Active Directory
• Software publishing– Can be applied to either a computer or a user– Assigned versus Published
CalNet Active Directory
CalNet Active Directory
CalNet Active Directory
CalNet Active Directory
• SQL 2005– User rights
• Log on as a service, Log on as a batch job, etc.
– Group memberships– Service startup type and permissions– File permissions– Registry permissions– Audit policy
CalNet Active Directory
CalNet Active Directory
Best Practices -WSUS
• GPO: Campus – WSUS• GPO: Campus – Block IE7 install (use IST WSUS)