Download
1 / 15
150 likes | 235 Views
W2K Migration Experiences. Jack Schmidt Windows Policy Committee. Outline. Background Migration Timeline Present Status Outstanding Issues. NT4 Domain Structure. File Servers, Email and Web. FNAL. D0. TD. ESE. trust. trust. CD,CDF,ESH,FESS,LS, PPD, VMS. BSS. BEAMS.
E N D
W2K Migration Experiences Jack Schmidt Windows Policy Committee
Outline • Background • Migration Timeline • Present Status • Outstanding Issues
NT4 Domain Structure File Servers, Email and Web FNAL D0 TD ESE trust trust CD,CDF,ESH,FESS,LS, PPD, VMS BSS BEAMS Controls Systems D0Level3 BDControls DMACS
Migration Timeline • Fall 2000 • Windows Migration Working Group formed Objective- “Provide Windows users with a secure environment to easily share resources across the site and with other labs.”
Migration Timeline • Winter/Spring 2001 • Computer Security mandates all systems be ‘kerberized’ and user accounts be centralized. • Authentication issues • MIT KDC or Microsoft AD • Allow NTLM authentication? • NTLMv2 vs NTLM/LM
Migration Timeline • Summer/Fall 2001 • Dynamic DNS Issues • All systems or just DCs? • Implementation Plan • Test Domain/Production Domain creation • Fall/Winter 2001 • Production Domain/NT4 Domain Trust Issues • Microsoft bug • Limited User Migration • Clone NT4 user issues
Migration Timeline • Winter/Spring 2002 • Administration Issues • Prevent Creation/Deletion of Users • Prevent override of critical security policies • Domain Admins/OU Managers/OU Admins • Domain Controller Management Issues • Spring/Summer 2002 • Critical System Plan • CNAS Synchronization • Migration Deadline set to Dec 2002 by Computer Security
Migration Timeline • Summer/Fall 2002 • Service/Captive account procedures defined • Service: backups, antivirus • Captive: controls, teststands • Terminal Service Security research • Remote Control Software Security research • Workstation Migration increases • Fall/Winter 2002 • Windows Policy Committee formed • Reports to Directorate • Remote Control Software recommendation (IPSEC solution)
Migration Timeline • Winter/Spring 2003 • Migration Continues • Terminal Server findings • NetBIOS block work • Exception forms • VPN Testing
Unresolved Issues • Collapsing NT4 Domains • Macintosh Authentication • Special NT4 Domains • Terminal Servers/Wincenters not kerberized. • VPN and AD Authentication testing • Win95/98/NT4/2k workgroups & standalones, etc.
