Using Server 2000 for a Multiplatform Student Learning Environment

1. Using Server 2000 for a Multiplatform Student Learning Environment Linda Roach Eric Fink

2. Topics Covered • Our Background • Student Logon Accounts and Home Directories • Sharing/Directory Permissions • Different types of Shared Folders • Scripts • Using Mandatory Profiles and Group/System Policies • Remote Desktop

3. Background • In 1998, we were given the task of creating a secure and user-friendly environment with Server NT4 • Upgraded from Server NT4 to Server 2000 over the summer of 2003 • Student workstations include Windows XP, Windows NT, Windows 98, and Macintosh

4. Background • Server Configuration • C: drive- System Files • E: drive- Data • Collapsed 30+ Domains into 2 • Had at least 2 domain controllers on each campus (as many as 4) for 30+ campuses. • Initially reduced to 24 domain controllers. • Had to reduce the 24 domain controllers to 6 because of replication problems

5. Student Logon Accounts and Home Directories • Students K-12 use student ID# for username • Used to be first and last name under NT • Easiest unique identifier • Home Directory is students first and last name but shared as student ID# • First and last name so teachers can find students easily • Each share name needs to be unique so each student only sees their folder

6. Sharing/Directory Permissions • General Rule- The share permission on a folder must be at least as permissive as permissions needed in a subfolder. Security permissions will lock it down further if needed.

7. Sharing/Directory Permissions • Old Directory Structure with NT4 • Students (Share- Change, Security- Read) • Users01 (Security- Read) • Joe Shmoe (Security- Change) • New Directory Structure with 2000 • Students (Share- No Access for students) • Joe Shmoe (Share- Change for Joe Shmoe) hidden share- {ID#}$

8. Different Types of Shared Folders • Student folders • Teachers can Read all student folders • Students can Change their folder only • Homework folder (mapped in script) • Teachers can Change • Students can only Read • Projects folder (mapped in script) • Teachers can Change • Students can Change • Install Folder • Administrators only

9. Scripts • Logon scripts used to attach printers, map network drives, track logons, etc. • Scripts can also be used to do administrative tasks such as creating shares, adding users, changing permissions, etc.

10. Logon Script if not "%printer%" == ""net use lpt1: /delete if not "%printer%" == "" net use lpt1: %printer% net time \\servername /set /yes net use h: \\servername2\homework /yes net use j: \\servername2\projects /yes if not exist "%tmp%\logtap.txt" echo "Logstart" > %tmp%\logtap.txt echo %username% >> %tmp%\logtap.txt echo | date/t >> %tmp%\logtap.txt echo | time/t >> %tmp%\logtap.txt

11. Server Scripts • Importing users script • Setting permissions script • Password not expiring script

12. Using Mandatory Profiles and Group/System Policies • Mandatory Profiles • All profiles stored in Users folder on campus server • Can set student desktop • Sometimes machine specific • Make on oldest machine • Group/System Policies • System Policies can conflict with Group Policies on XP (system policies set before logon)??? • 2000 Group policies are much more specific than NT System Policies

13. Remote Desktop • Allows you to administer multiple servers from a workstation • Installation: • Load c:\winnt\system32\adminpak.msi on XP machine • Start -> All Programs -> Accessories -> Communications ->Remote Desktop Connection • Note: Logoff at end to avoid leaving open sessions

14. Questions?