200 likes | 331 Views
Site/Classroom Deployment, Group Policy, and AFS/Kerberos. ASU Information Technology at East WNUG February, 2005. Group Policy. What is Group Policy? What’s the Value of Group Policy? Centralized Management Security Ability to Assign Applications. Group Policy Cont.
E N D
Site/Classroom Deployment, Group Policy, and AFS/Kerberos ASU Information Technology at East WNUG February, 2005
Group Policy • What is Group Policy? • What’s the Value of Group Policy? • Centralized Management • Security • Ability to Assign Applications
Group Policy Cont. • http://www.microsoft.com/grouppolicy • Group Policy Management Console • Group Policy Reports • ADV2 (Active Directory Version 2)
Group Policy Creation • Use Loopback Processing • Applies policies to users based on computers • Cannot apply a policy directly to a user
Group Policy Cont. • Demonstration
Troubleshooting Group Policies • Event Viewer • GPResult.exe (most useful tool before the GPMC) • It estimates the Group Policy settings that would be applied at a specific computer • GPMC (biggest tool) • Log files • GPOTool.exe • traverses all of your domain controllers and checks each for consistency between the Group Policy container
Troubleshooting Group Policies • White paper on Microsoft’s website that is thorough.
Policies Used in ASU at East’s Environment • Default Domain Policy (Password Strength Policy) • Examples of what policies are applied • Scripts • Security the public stations • Assigned Applications • Management of scripts (synchronous application of)
ADM Files • Allow further customization of your environment by adding additional GPO settings • MS Office ADM Files • XP SP2 ADM Files (bug with older group policy editor)
Layering Policies • Be aware of the order in which the policies are applied • May increase boot time • Make sure policies do not conflict • Check event logs
The Modular Model • ASU IT at East supports over 100 applications on its site classroom build. All are loaded. It is no longer practical to have all application loaded on each machine
The Modular Model Cont. • Create MSI Packages for each application that is not already in MSI form, or a compatible MSI form (i.e. Adobe) • Use permissions in GPO to specify which application should go where • This model is not yet implemented
Issues with the Modular Model • Customers don’t like install on demand • Permissions have to be accurate • Have experienced inconsistencies
MST (Microsoft Transform) Files • Gives direction to an MSI package • Example using Microsoft Office 2003 • Office 2003 Resource Kit
What can go wrong… • Don’t use multiple MST files for the same application. First, uninstall an application that was assigned using an MST file and then assign the new one. • MST files have similar formats, but have different parameters based on the application. (need to verify).
MSI Package Frustration • No industry standard
Kerberos and AFS • Issue with the latest AFS Clients, XP SP2, Kerberos Authentication, and the integrated logon working together. • IT is working on this issue. The Open AFS folks are aware it exists. • Open AFS 1.3.78 Released on 1/31/05. Have not tested using this.
File Services Project • The AFS Discussions sparked a University File Services Project • The Project will initially focus on faculty/staff storage space
Collaboration • Would like to work together on… • Group Policy Development and Documentation • AFS Client Issues