1 / 20

Site/Classroom Deployment, Group Policy, and AFS/Kerberos

Site/Classroom Deployment, Group Policy, and AFS/Kerberos. ASU Information Technology at East WNUG February, 2005. Group Policy. What is Group Policy? What’s the Value of Group Policy? Centralized Management Security Ability to Assign Applications. Group Policy Cont.

pennie
Download Presentation

Site/Classroom Deployment, Group Policy, and AFS/Kerberos

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Site/Classroom Deployment, Group Policy, and AFS/Kerberos ASU Information Technology at East WNUG February, 2005

  2. Group Policy • What is Group Policy? • What’s the Value of Group Policy? • Centralized Management • Security • Ability to Assign Applications

  3. Group Policy Cont. • http://www.microsoft.com/grouppolicy • Group Policy Management Console • Group Policy Reports • ADV2 (Active Directory Version 2)

  4. Group Policy Creation • Use Loopback Processing • Applies policies to users based on computers • Cannot apply a policy directly to a user

  5. Group Policy Permissions

  6. Group Policy Cont. • Demonstration

  7. Troubleshooting Group Policies • Event Viewer • GPResult.exe (most useful tool before the GPMC) • It estimates the Group Policy settings that would be applied at a specific computer • GPMC (biggest tool) • Log files • GPOTool.exe • traverses all of your domain controllers and checks each for consistency between the Group Policy container

  8. Troubleshooting Group Policies • White paper on Microsoft’s website that is thorough.

  9. Policies Used in ASU at East’s Environment • Default Domain Policy (Password Strength Policy) • Examples of what policies are applied • Scripts • Security the public stations • Assigned Applications • Management of scripts (synchronous application of)

  10. ADM Files • Allow further customization of your environment by adding additional GPO settings • MS Office ADM Files • XP SP2 ADM Files (bug with older group policy editor)

  11. Layering Policies • Be aware of the order in which the policies are applied • May increase boot time • Make sure policies do not conflict • Check event logs

  12. The Modular Model • ASU IT at East supports over 100 applications on its site classroom build. All are loaded. It is no longer practical to have all application loaded on each machine

  13. The Modular Model Cont. • Create MSI Packages for each application that is not already in MSI form, or a compatible MSI form (i.e. Adobe) • Use permissions in GPO to specify which application should go where • This model is not yet implemented

  14. Issues with the Modular Model • Customers don’t like install on demand • Permissions have to be accurate • Have experienced inconsistencies

  15. MST (Microsoft Transform) Files • Gives direction to an MSI package • Example using Microsoft Office 2003 • Office 2003 Resource Kit

  16. What can go wrong…  • Don’t use multiple MST files for the same application. First, uninstall an application that was assigned using an MST file and then assign the new one. • MST files have similar formats, but have different parameters based on the application. (need to verify).

  17. MSI Package Frustration • No industry standard

  18. Kerberos and AFS • Issue with the latest AFS Clients, XP SP2, Kerberos Authentication, and the integrated logon working together. • IT is working on this issue. The Open AFS folks are aware it exists. • Open AFS 1.3.78 Released on 1/31/05. Have not tested using this.

  19. File Services Project • The AFS Discussions sparked a University File Services Project • The Project will initially focus on faculty/staff storage space

  20. Collaboration • Would like to work together on… • Group Policy Development and Documentation • AFS Client Issues

More Related