Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Partners October 25th, 2002 WinAthena

Published byLucille René Modified over 5 years ago

Similar presentations

Presentation on theme: "IT Partners October 25th, 2002 WinAthena"— Presentation transcript:

1 IT Partners October 25th, 2002 WinAthena
Paul B. Hill 12/4/2018

2 Project Goals A campus wide domain to foster collaboration, teaching, and access to institutional data Uses existing Kerberos infrastructure, AFS, Moira, Data Warehouse, … Expect wide usage before NT4 is phased out by Microsoft 12/4/2018

3 Description The WinAthena system should provide a scalable, customizable system for managing Windows workstations and servers at MIT FOR MORE INFO... 12/4/2018

4 Status Servers in continuous operation since Spring of 2001
In use by several groups today New departments and groups on a case-by-case decision at this time 12/4/2018

5 New Technology PXE, RIS, RIPREP Group Policies MSI ActiveDirectory
- Remote installation of the operating system (Portable Execution Environment, Remote Installation, Remote Image Preperation) Group Policies Management of computer settings via a mixture of central IS and departmental administrators MSI Microsoft Installer Service enables the distribution of software using Group Policies ActiveDirectory 12/4/2018

6 MIT Standards being adopted
Kerberos Authentication used across departments and applications Single sign-on Moira Lists and Groups used across departments and applications AFS File system used by Athena and Web.mit.edu 12/4/2018

7 What the user sees Identifying a WinAthena machine
Ctrl-Alt-Del should show a screen that has a “log on to” entry for “ATHENA.MIT.EDU (Kerberos Realm)” Use your normal MIT username and password You must have changed your ATHENA password since February of 2001 12/4/2018

8 Your password and cross-realm authentication
All WinAthena authentications rely on cross-realm authentication Initial authentication is made to the Athena realm Users native Windows passwords are set to a unique 127 character random string 12/4/2018

9 Applications that don’t support Kerberos
Microsoft Exchange 5.5 and 2000 Outlook 2000, XP, 10, … Microsoft’s FTP Microsoft’s Macintosh File and Print Services Many versions of Microsoft SQL Server 12/4/2018

10 How to use those applications in our environment
Set your Windows password to a value that you know, or manually synchronize it with your Athena Kerberos password This page also lets you reset your Windows password to a random value 12/4/2018

11 Getting a computer into the Domain
Multiple methods Remote Installation (RIS) Remote Image Preparation (RIPREP) Joining an existing machine Ghost Drive Image historical 12/4/2018

12 RIS Performs a complete OS installation Reformats the hard disk
Gives everyone a known stable state to start from Appropriate for new hardware Reformats the hard disk Can support multiple partitions Currently installs Win2k with SP3 12/4/2018

13 RIS Disadvantages Reformats the drive destroying all existing applications and data Does not install any application software Image needs maintenance as newer hardware drivers are required 12/4/2018

14 Ghost / Drive Image These products have been used by many departments running NT4 domains Well understood by several departments Creates machine with OS and applications installed 12/4/2018

15 Ghost/Drive Image disadvantages
Simple cloned image that must be joined to the domain after installation All of the hardware must be very similar Multiple images required for each new model of hardware 12/4/2018

16 RIPREP Think of this as a hybrid of RIS and Ghost
Installation over the network Joins the domain Image supports multiple hardware models Applications can also be installed 12/4/2018

17 RIPREP disadvantages Reformats the drive and only supports a single partition No dual boot Requires IS to host the image Requires driver maintenance and testing against a growing number of hardware models 12/4/2018

18 Joining existing installations
Highly desired by many users No reformat No down time No data loss No application loss 12/4/2018

19 Disadvantages of “Joining”
Machine starts in an unknown state May be corrupted before joining May or may not work Not very supportable May be unsecured 12/4/2018

20 Computers, Moira, and Active Directory
Computers in a Win2k or .NET Domain have an identity, just like users do Moira is used to manage some of this information Moira data is propagated to Active Directory 12/4/2018

21 Steps before RIS, RIPREP or Joining
Get the data into Moira Machine needs MIT hostname and IP address What container or OU will the machine be placed into? Adcontmgr or Stella A container admin can add a machine to his or her container 12/4/2018

22 Reinstallation issues
To reinstall or rejoin a machine Do not delete or modify in Moira You only need to delete the machine’s object entry in Active Directory AD Container Management or web form: 12/4/2018

23 Default Software Installed
We do not modify the Microsoft Operating System or their utilities Group Policies are used to assign software, a minimal set is required: Active State Perl distribution Used for scripting for some of our maintenance tasks Pismere.msi package ADContMgr.msi package 12/4/2018

24 Pismere MSI package MIT Kerberos libraries and utilities
AFS client and utilities Selfmaint service EventSysLogger service Moira clients WinZephyr and utilities Klpr 12/4/2018

25 Your user profile Only roaming profiles are supported
All roaming profiles are kept in AFS H: is your AFS home directory Z: is the root of AFS The profile is split between two subdirectories in H: 12/4/2018

26 .winprofile and WinData
The profile is split between these directories .winprofile contents is always downloaded during login WinData is redirected, files are transferred over the network as needed after login 12/4/2018

27 .winprofile StartMenu Desktop Cookies NTUser.DAT NTUser.pol 12/4/2018

28 WinData My Documents Application Data Favorites 12/4/2018

29 Hints and tricks Do not store large files on your desktop, use shortcuts on the desktop Place shortcuts in your My Documents folder using UNC file names 12/4/2018

30 Web publishing You can publish static content to the web using the copy command or saving files using the GUI Create a www shortcut in My Documents pointing to your AFS www directory 12/4/2018

31 AFS quotas Check your AFS quota Fs help Fs quota h:.
We don’t have the Athena quota command Fs help 12/4/2018

32 AFS locker utilities Add Attach Addmenu
These are not persistent across logins, use scripts with these commands 12/4/2018

33 Moira utilities Moira MMC
Moira, listmaint, mailmaint, stella, blanche, stanley, chfn, chpobox AD Container Management 12/4/2018

34 Active Directory tools
AD Container Management Talks to Moira and AD AD Users and Computers Only aware of AD 12/4/2018

35 Active Directory Access
Do not write directly to AD to create groups or security descripters The data will get over-written Make these changes in Moira AD access requires Kerberos authentication to the directory, SSL is disabled 12/4/2018

36 Printing Publishing a printer in Active Directory 12/4/2018

37 Member Servers Departments should consider a departmental file and print server within the domain to provide departmental services Member servers may include other application servers 12/4/2018

38 Group Policies Group policy objects (GPOs) apply settings to multiple machines Whole container Subset of container (ACLs/groups) Multiple containers can link to same GPO Microsoft has many documents Specific to WinAthena: Only computer configuration is useful Administrative templates/WinAthena settings 12/4/2018

39 WIN Domain default policies
Documentation Non-overridable Installs Pismere, ResKit, Perl, Adcontmgr Startup/shutdown/logon/logoff scripts Kerberos & DNS information Overridable Minor cosmetic settings (no autoplay etc) Sync Administrator password to Athena Messenger service is manual 12/4/2018

40 Using Group Policies to deploy software
Microsoft Installer (MSI) GP can assign MSIs to machines Versioning/upgrades Transforms: Install to a non-default location (e.g., share point) Install a subset of the package (e.g., Office) How-to 12/4/2018

41 Placing machines on ACL to restrict access to software
Machines may be placed on Groups in Moira Apply to NTFS / AD Do not yet propagate to AFS Always use Moira groups for machine ACLs… even for just one machine SID dependency 12/4/2018

42 Automatic Groups and Containers
When a container is created a Moira group is created Use moira tools or adcontmgr to view the name Usually named “cnt-foo” for container Machines/foo As objects are added to the container the objects are also added to the Moira group 12/4/2018

43 Using Group Policies to execute scripts
Startup: Computer Configuration/Windows Settings/Scripts Shutdown: Computer Configuration/Windows Settings/Scripts Logon: Computer Configuration/Administrative Templates/System/Run these programs at user logon Non-GP scripting: Logon: AllUsers’ Startup folder Scheduled: Selfmaint 12/4/2018

44 Microsoft Updates Microsoft Auto-Update WinAthena Updates
Quick and easy Not Regression Tested WinAthena Updates Hotfixes: Selfmaint runs AutoHotfixer Service Packs: pushed out as MSIs via GP RIS images updated to include them 12/4/2018

Download ppt "IT Partners October 25th, 2002 WinAthena"

Similar presentations

WIN.MIT.EDU Tips and Tricks

WIN.MIT.EDU Tips and Tricks
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
WIN.MIT.EDU  Where are we today  Related services  Current enhancements  Some future enhancements  SharePoint  Panel Discussion.

WIN.MIT.EDU  Where are we today  Related services  Current enhancements  Some future enhancements  SharePoint  Panel Discussion.
Module 5: Creating and Configuring Group Policy

Module 5: Creating and Configuring Group Policy
Managing User Settings with Group Policy

Managing User Settings with Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
14.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
11.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

11.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:

Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.

Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.

11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.
Guide to MCSE 70-290, Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.

Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.
Introduction to Active Directory December 10th, 2008 1-3pm Daniels 407.

Introduction to Active Directory December 10th, pm Daniels 407.

Similar presentations

Ads by Google