Local Administrator Meeting - PowerPoint PPT Presentation

Local administrator meeting l.jpg
Download
1 / 122

Local Administrator Meeting 2-25-03 Brian Drendel What will we talk about today? Announcements Win2k Migration Progress Key Server Retired New WinXP Ghost Image Site Netbios Block Fermilab Active Directory Structure Beams Division OU Structure Administering the BD OU

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

Local Administrator Meeting

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Local administrator meeting l.jpg

Local Administrator Meeting

2-25-03

Brian Drendel


What will we talk about today l.jpg

What will we talk about today?

  • Announcements

    • Win2k Migration Progress

    • Key Server Retired

    • New WinXP Ghost Image

    • Site Netbios Block

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Administering the BD OU


Win2k migration progress l.jpg

Win2k Migration Progress

  • Win2k Migration Progress

    • Workstations:

      • 458 Users/463 Computers in Fermi

      • 95 computers on Beams browse list

    • Servers

      • Win2k: www-bdnew, Beamssrv1, Beams-Fmpro, beams-prt-srv, beams-backup, Beams-flexlm

      • WinNT: Beams-cdrom, beamsappsrv1, beamsappsrv2

    • Further Concerns

      • Macintoshes

      • BD-Controls Domain


No more key server l.jpg

No more Key Server!

  • Announcements

    • Win2k Migration Progress

    • Key Server Retired

    • New WinXP Ghost Image

    • Site Netbios Block

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples


Key server retired l.jpg

Key Server Retired

  • Key Server Retired Feb. 17th.

    • Email warnings

    • Help desk tickets

    • Key server error messages.


Casper the friendly ghost image l.jpg

Casper the friendly ghost image!

  • Announcements

    • Win2k Migration Progress

    • Key Server Retired

    • New WinXP Ghost Image

    • Site Netbios Block

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples


Casper the friendly ghost image7 l.jpg

Casper the friendly ghost image!

  • Latest Drive Image

    • Office XP Pro

    • Exceed 8

      • Kerberos FTP

      • Jim Smedinghoff custom ACNET configuration

  • Remote Registry Service

    • Needed for SP Management

    • Turn it back on


Site netbios block l.jpg

Site Netbios Block

  • Announcements

    • Win2k Migration Progress

    • Key Server Retired

    • New WinXP Ghost Image

    • Site Netbios Block

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples


Site netbios block9 l.jpg

Site Netbios Block

  • Network

    • NetBIOS Block

      • 137, 138, 139, 445 ports blocked in three stages

        • Fermi DCs

        • Site with exemptions for servers

        • Entire Site

    • Possible solution for offsite connectivity

      • VPN

        • Site VPN in Beta

        • BD Controls VPN

        • Cross Platform


Win2k domain structure at fermilab l.jpg

Win2k Domain Structure at Fermilab

  • Announcements

  • Fermilab Active Directory Structure

    • Root Domain

    • Child Domains

    • Organizational Units (OU)

    • BD OU

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples


Active directory l.jpg

Active Directory

  • Active Directory allows us to organize and manage domain objects:

    • Users

    • Computers

    • Printers

    • Global Groups

    • Shares

  • What does the Fermilab Active Directory structure look like?


Root domain l.jpg

Root Domain

  • The Root Win2k Domain is called WIN.FNAL.GOV.

    • Contains two Domain Controllers (FCC and WH).

    • Owned, managed and maintained by Computing Division.

    • BD has no administrative access to this domain.

    • Functions of Domain:

      • Used only for security.

      • Can push policies down to other OUs

        • Legal Banner

        • Minimum password length


Child domains l.jpg

Child Domains

  • Announcements

  • Fermilab Active Directory Structure

    • Root Domain

    • Child Domains

    • Organizational Units (OU)

    • BD OU

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples


Child domains15 l.jpg

Child Domains

  • Active Directory Objects are connected to the Win.fnal.gov domain via separate child domains.

  • Child Domains:

    • Have a two way transitive trust with Win.

    • Must be approved by Computer Security.

      • Fermi Domain: All users and computers at Fermilab

      • Other Domains: Critical System???

  • Computer Security does not allow:

    • Unattached Domains.

    • Child Domains of the Child Domains.


Child domains16 l.jpg

Child Domains

  • Fermi Child Domain

    • Contains all users, computers, printers, global groups and shares for the entire Fermilab Windows desktop community.

    • Contains all Child Domain user accounts.

    • Domain Controllers scattered throughout the site.

      • The BD Domain Controller is called Bert.


Organizational units l.jpg

Organizational Units

  • Announcements

  • Fermilab Active Directory Structure

    • Root Domain

    • Child Domains

    • Organizational Units (OU)

    • BD OU

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples


Organizational units19 l.jpg

Organizational Units

  • Child Domains are further broken down into Organizational Units (OUs).

    • Each Division has its own OU.

    • Management to each OU is delegated to managers in their respective Divisions.

    • BD OU

      • Has all Beams Division users, computers, printers, global groups and shares.

      • Managed by the BD/Networking Group.


Bd ou l.jpg

BD OU

  • Announcements

  • Fermilab Active Directory Structure

    • Root Domain

    • Child Domains

    • Organizational Units (OU)

    • BD OU

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples


Bd ou management l.jpg

BD OU Management

  • The BD OU is further broken down into Sub-OUs for:

    • Computers

    • Users

    • Groups

    • Printers

    • File Shares


Bd ou in detail l.jpg

BD OU in Detail

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

    • Win2k Admin Guide

    • Users

    • Computers

    • Printers

    • Global Groups

    • Shares

  • Local Admin Administrative Setup

  • Administrative Task Examples


Win2k admin guide l.jpg

Win2k Admin Guide

  • The Win2k Admin guide covers administration of the BD OU.

    • Covers specific details for administration by:

      • BD Active Directory Administrators (BD\Network Group)

      • Local Administrators

  • More detail can be found in my Win2k Admin Guide Document located at

    http://www-bdnew.fnal.gov/network/Win2k-Adminguide/Adminguide.htm


Users l.jpg

Users

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

    • Win2k Admin Guide

    • Users

    • Computers

    • Printers

    • Global Groups

    • Shares

  • Local Admin Administrative Setup

  • Administrative Task Examples


Users28 l.jpg

Users

  • We now want to take a few moments to explore each of the subOUs within the Fermi\BD OU.

    • Users

    • Computers

    • Printers

    • Shares

    • Global Groups


User s ou l.jpg

User’s OU

  • The BD User’s OU is further divided by the org chart.

    • Each department/group has their own OU.

    • Each department/group OU is further broken down into a General and Special OU.

    • Management of Users is covered in the users portion of the Win2k Admin Guide:

      http://www-bdnew.fnal.gov/network/Win2k-Adminguide/users.htm


5 types of fermi domain accounts l.jpg

5 Types of Fermi Domain Accounts

  • There are five types of users in the Fermi Domain:

    • Users:

    • Admins:

    • Managers:

    • Captive Accounts:

    • Service Accounts:


User accounts l.jpg

User Accounts

  • Every user that wants to access Fermi Domain resources has a user account.

    • All of your everyday work.

    • The account does not have administrative privileges across multiple computers.

    • Equivalent of your Kerberos Principal.

      • Cannot share your password

      • Cannot send your password over the network.

    • User accounts are cloned to the Fermi Domain to maintain Beams Domain access.

    • Username has the format of Fermi\{username}.

    • Users live in AD in the Fermi\BD\Users\{Department or Group}\General

    • Only Computing Division creates accounts.

    • You can apply for a user account at

      http://www-bdnew.fnal.gov/network/add_user.asp.


Admin accounts l.jpg

Admin accounts

  • Every users that needs administrative access to objects in the Fermi Domain needs an Admin account.

    • Not for your everyday work.

    • The account is delegated administrative functions in the domain.

    • A user must be a registered sysadmin (https://miscomp.fnal.gov/sysadmindb/).

    • Can be used by LOCALADMINS

      • Manage desktop computers.

      • Manage Departmental SubOU.

    • Username has the format of Fermi\{username}-admin

    • CD stores these accounts in a separate location in AD.

    • You can apply for a user account at

      http://www-bdnew.fnal.gov/network/add_user.asp.


Manager accounts l.jpg

Manager Accounts

  • Each Division assigns no more than three administrators to perform advanced Active Directory Administration for their respective Division.

    • The account is used to create active directory structure, move users and create group policy.

    • Username has the format of Fermi\{username}-mgr

    • CD stores these accounts in a separate location in AD

    • These accounts are assigned. There is no web application form.


Captive accounts l.jpg

Captive Accounts

  • These are domain accounts that require a shared login to a dedicated console.

    • Computing Security does not allow users to share their account passwords, so user accounts can not be used for this function.

    • These accounts need Win2k Policy Committee and CD Security approval.

    • Accounts names are of the form Fermi\bd-cap-{function}.

    • Accounts are stored in Active Directory in Fermi\BD\Users\{Department or Group}\Special

    • Accounts can be applied for at http://computing.fnal.gov/pcmanagers/captiveform.html.


Service accounts l.jpg

Service Accounts

  • When accounts are required to run applications, a shared service account is used.

    • Computing Security does not allow users to share their account passwords, so user accounts can not be used for this function.

    • Win2k Policy Committee and CD Security approval.

    • A Shared Service Account has the following requirements:

      • Run software as an unattended service, like Unix daemons

      • Use Domain account authentication

      • Usage of this account over the network

      • Sharing of the account password between multiple administrators

    • These accounts need Accounts names are of the form Fermi\bd-srv-{function}.

    • Accounts are stored in Active Directory in Fermi\BD\Users\{Department or Group}\Special

    • Accounts can be applied for at http://www-win2k.fnal.gov/pub/Docs/Sharing_service_accounts.doc.


Users ou l.jpg

Users OU

Users are stored in Active Directory in Fermi\BD\Users\{Department or Group}\General.


Computers l.jpg

Computers

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

    • Win2k Admin Guide

    • Users

    • Computers

    • Printers

    • Global Groups

    • Shares

  • Local Admin Administrative Setup

  • Administrative Task Examples


Bd computers ou l.jpg

BD Computers OU

  • The BD Group OU is further divided by the org chart.

    • Each department/group has their own OU.

    • Each department/group OU is further broken down into a Desktop, Laptop and Server OU.

      • The GPO applied on Servers different from Desktops, different from laptops.

    • Management of Computers is covered in the computers portion of the Win2k Admin Guide:

      http://www-bdnew.fnal.gov/network/Win2k-Adminguide/computers.htm


Computers ou l.jpg

Computers OU

Computers are stored in

Fermi\BD\Computers\{Department or Group}\{Computer Type}.


Printers l.jpg

Printers

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

    • Win2k Admin Guide

    • Users

    • Computers

    • Printers

    • Global Groups

    • Shares

  • Local Admin Administrative Setup

  • Administrative Task Examples


Printers43 l.jpg

Printers

  • Printers are published in Active Directory.

    • The Win2k Print queues still live on beams-prt-srv

    • Additionally, the printers are published in Active Directory.

      • Makes adding printers easier for the client computers.

    • Management of Printers is covered in the printers portion of the Win2k Admin Guide:

      http://www-bdnew.fnal.gov/network/Win2k-Adminguide/printers.htm


Printers45 l.jpg

Printers

Computers are stored in Fermi\BD\Printers\


Global groups l.jpg

Global Groups

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

    • Win2k Admin Guide

    • Users

    • Computers

    • Printers

    • Global Groups

    • Shares

  • Local Admin Administrative Setup

  • Administrative Task Examples


Global groups47 l.jpg

Global Groups

  • Win2k Domain permissions are assigned by global groups.

    • Beams Domain global groups are cloned to the Fermi Domain to maintain Beams Domain access.

    • Global groups follow the naming convention Fermi\BD {group name}.

    • Management of Global Groups is covered in the global groups portion of the Win2k Admin Guide:

      http://www-bdnew.fnal.gov/network/Win2k-Adminguide/groups.htm


Global groups49 l.jpg

Global Groups

Computers are stored in Fermi\BD\Global Groups\


Shares l.jpg

Shares

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

    • Win2k Admin Guide

    • Users

    • Computers

    • Printers

    • Global Groups

    • Shares

  • Local Admin Administrative Setup

  • Administrative Task Examples


Shares51 l.jpg

Shares

  • Server shares can be published to Active Directory.

    • The share still lives on the server.

    • Published to Active Directory for client convenience.

    • Allows us to collect share from multiple servers and put them in one place.

    • Management of Shares is covered in the shares portion of the Win2k Admin Guide:

      http://www-bdnew.fnal.gov/network/Win2k-Adminguide/shares.htm


Shares52 l.jpg

Shares

Shares are published in Fermi\BD\Global Shares\


Setting up for ad management l.jpg

Setting up for AD Management

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

    • Install AD Tool

    • Configure AD Tool

    • Add Fermi\user-admin account to local computers

    • Enable Remote Registry on local computers.

  • Administrative Task Examples


Administrative tools l.jpg

Administrative Tools

  • To manage our Active Directory and Computers, we need:

    • Active Directory Management

      • An Fermi\user-admin account

      • The AD User and Computer management tool.

    • Desktop Management (option)

      • Fermi\User-admin account in administrators group

      • Remote Registry Service.

    • Installation and setup of management tools is covered in the administrative tools portion of the Win2k Admin Guide:

      http://www-bdnew.fnal.gov/network/Win2k-Adminguide/tools.htm


Administrative tools install l.jpg

Administrative Tools: Install

  • The Active Directory Users and Computers tool runs as a snap-in tool in the MMC.

  • The tool can be run on any Win2k or WinXP (must be SP1) desktop or laptop computer that is in the Fermi Domain.

  • There are two versions:

    • Win2k: Obtained from the Win2k Server CD.

    • WinXP: Downloaded from Microsoft.

  • We will walk through the installation on a WinXP SP1 client computer.


Active directory users and computers installation l.jpg

Active Directory Users and Computers Installation

  • Login to your WinXP desktop using your local administrator account

  • Check the Service pack level

    • Start->Run


Active directory users and computers installation58 l.jpg

Active Directory Users and Computers Installation

  • Type winver in the open field.


Active directory users and computers installation59 l.jpg

Active Directory Users and Computers Installation

  • WinXP needs to be at SP1 level or later.


Active directory users and computers installation60 l.jpg

Active Directory Users and Computers Installation

  • If you need to install WinXP SP1, then you can do so from \\Beamssrv1\WinXP-Setup\WinXP SP1 + hotfixes.bat.


Active directory users and computers installation61 l.jpg

Active Directory Users and Computers Installation

  • When prompted for username and password, do not forget to use the form Fermi\{username} for your username.


Active directory users and computers installation62 l.jpg

Active Directory Users and Computers Installation

  • Follow online directions to complete SP1 installation followed by a reboot.


Active directory users and computers installation63 l.jpg

Active Directory Users and Computers Installation

  • We will now install the Active Directory Users and Computers tool.

  • Login to your local administrator account and browse the network to Beamssrv1.


Active directory users and computers installation64 l.jpg

Active Directory Users and Computers Installation

  • Again, you are prompted for your Fermi Domain credentials.

  • Wouldn’t it be nice not to have to do this? Stay tuned!


Active directory users and computers installation65 l.jpg

Active Directory Users and Computers Installation

  • Go to the installation directory as shown here (different for Win2k than WinXP).

  • Run adminpak.msi

  • Note the installation is faster if you copy the entire directory to your PC and run it locally.


Active directory users and computers installation66 l.jpg

Active Directory Users and Computers Installation

  • Click NEXT> at the welcome screen.


Active directory users and computers installation67 l.jpg

Active Directory Users and Computers Installation

  • Select to agree to the license agreement.

  • Click NEXT>.


Active directory users and computers installation68 l.jpg

Active Directory Users and Computers Installation

  • When the installation has completed, click FINISH.


Configure the ad tool l.jpg

Configure the AD Tool!

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

    • Install AD Tool

    • Configure AD Tool

    • Add Fermi\user-admin account to local computers

    • Enable Remote Registry on local computers.

  • Administrative Task Examples


Active directory users and computers configuration l.jpg

Active Directory Users and Computers Configuration

  • The Active Directory Users and Computers tool needs to be configured for use.

  • We will

    • Add the tool to an MMC Console

    • Save the MMC configuration

    • Later we will use the tool using runas with Fermi\user-admin (more on admin accounts later) credentials.


Active directory users and computers configuration71 l.jpg

Active Directory Users and Computers Configuration

  • Logon to either your Fermi\user account or your local admin account.

  • Click Start -> Run.


Active directory users and computers configuration72 l.jpg

Active Directory Users and Computers Configuration

  • Type MMC in the run window, then click OK.


Active directory users and computers configuration73 l.jpg

Active Directory Users and Computers Configuration

  • In the MMC Console file menu, click File -> Add/Remove Snap-in…


Active directory users and computers configuration74 l.jpg

Active Directory Users and Computers Configuration

  • Click the Add button.


Active directory users and computers configuration75 l.jpg

Active Directory Users and Computers Configuration

  • Select the Active Directory Users and computers (only once)

  • Click Add

  • Click Close

1

1

2

3


Active directory users and computers configuration76 l.jpg

Active Directory Users and Computers Configuration

  • The Add/Remove Snap in window now shows the Active Directory Users and Computers tool

  • Click OK.


Active directory users and computers configuration77 l.jpg

Active Directory Users and Computers Configuration

  • The MMC console now shows the Active Directory Users and Computers Tool.

  • From the file menu, click File -> Save As.


Active directory users and computers configuration78 l.jpg

Active Directory Users and Computers Configuration

  • Save the file to a location that is not in your profile (i.e. not on your desktop)

  • C:\AdminTools\Active Directory.MMC in my example.


Setting up for desktop management l.jpg

Setting up for Desktop Management

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

    • Install AD Tool

    • Configure AD Tool

    • Add Fermi\user-admin account to local computers

    • Enable Remote Registry on local computers.

  • Administrative Task Examples


Administration of client computers l.jpg

Administration of client computers

  • To better manage your desktop computers we will make two more configuration changes.

    • Add your Fermi\{user}-admin account to the administrator group on all computers that you manage.

    • Turn on the Remote Registry Service on all computers that you manage.

  • These changes need to occur on all desktops that you want to manage.


Add fermi user admin to administrators group l.jpg

Add Fermi\user-admin to Administrators Group

  • Start the User Account applet in the control panel.

    • Start->Settings->Control Panel->User Accounts


Add fermi user admin to administrators group82 l.jpg

Add Fermi\user-admin to Administrators Group

  • In the User Accounts applet, click the Advanced Tab, then the Advanced button.

1

2


Add fermi user admin to administrators group83 l.jpg

Add Fermi\user-admin to Administrators Group

  • Select Groups.

  • Double-click on Administrators.

2

1


Add fermi user admin to administrators group84 l.jpg

Add Fermi\user-admin to Administrators Group

  • In the Administrators Properties window, click the Add button.


Add fermi user admin to administrators group85 l.jpg

Add Fermi\user-admin to Administrators Group

  • Type your Fermi\user-admin account in the object name field.

  • Click OK.

1

2


Add fermi user admin to administrators group86 l.jpg

Add Fermi\user-admin to Administrators Group

  • Type your Fermi\user account in the object name field.

  • Click OK.

  • With the Fermi\user-admin account in the Administrators group, you won’t have to do this anymore!


Add fermi user admin to administrators group87 l.jpg

Add Fermi\user-admin to Administrators Group

  • Verify that your Fermi\user-admin account in the members list

  • Click OK.

  • Repeat for your other desktops.


Setting up the remote registry service l.jpg

Setting up the Remote Registry Service

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

    • Install AD Tool

    • Configure AD Tool

    • Add Fermi\user-admin account to local computers

    • Enable Remote Registry on local computers

  • Administrative Task Examples


Remote registry service l.jpg

Remote Registry Service

  • Right-Click My Computer and select Manage.

Right-click


Remote registry service90 l.jpg

Remote Registry Service

  • Find Services.

  • Double-click on Remote Registry


Remote registry service91 l.jpg

Remote Registry Service

  • Set startup type to Automatic.

  • Click the Apply button to enable the service for future logins.

  • Click the Start button to start the service.

1

3

2


Putting it all together l.jpg

Putting it all together!

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples

    • Fermi\user-admin for desktop support

    • Start the AD Tool

    • Reset a user password

    • Reset a computer

    • Delete a computer

    • Computer Management


Admin tasks l.jpg

Admin Tasks

  • How can you use your Fermi\user-admin account to administer users and computers in your department?

    • Local logon to desktops that you manage

    • Administration over the network using the Active Directory Users and Computers tool.


Using fermi user admin on client computers l.jpg

Using Fermi\user-admin on client computers

  • On any desktop computer that you manage, logon to your Fermi\user-admin account.

  • You know have

    • Access to all “local administrator” resources on Beamssrv1.

    • Have administrative privileges on the local computer.


Putting it all together95 l.jpg

Putting it all together!

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples

    • Fermi\user-admin for desktop support

    • Start the AD Tool

    • Reset a user password

    • Reset a computer

    • Delete a computer

    • Computer Management


Starting the active directory users and computers l.jpg

Starting the Active Directory Users and Computers

Right-click

  • Login to your Fermi\user account on the desktop that you are managing your users and computers from.

    • You do NOT need to login to your Fermi\user-admin account.

  • Right-click and select Run as on the Active Directory shortcut that you made in the previous step.


Starting the active directory users and computers97 l.jpg

Starting the Active Directory Users and Computers

  • Pass your Fermi\user-admin account credentials as shown here.


Starting the active directory users and computers98 l.jpg

Starting the Active Directory Users and Computers

  • You are now ready to manage Active Directory Objects!!!


Password amnesia l.jpg

Password amnesia?

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples

    • Fermi\user-admin for desktop support

    • Start the AD Tool

    • Reset a user password

    • Reset a computer

    • Delete a computer

    • Computer Management


Reset user password l.jpg

Reset User Password

  • To reset a password, we will browse through Active Directory to Fermi\BD\Users


Reset user password101 l.jpg

Reset User Password

  • Browse to your Department/group OU.

  • Go to the General OU.

  • Right-click on the user and select reset password.

Right-click


Reset user password102 l.jpg

Reset User Password

  • Type in the new password and confirm it.

  • Make sure to check the box that requires the user to change their password on next logon.

  • Click OK.

1

2

3

4


Reset user password103 l.jpg

Reset User Password

  • You will be notified that the password change was successful.

  • Click OK.


After a fresh ghost image l.jpg

After a fresh ghost image!

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples

    • Fermi\user-admin for desktop support

    • Start the AD Tool

    • Reset a user password

    • Reset a computer

    • Delete a computer

    • Computer Management


Reset computer before rejoining to the domain l.jpg

Reset Computer before rejoining to the Domain

  • To reset a password, we will browse through Active Directory to Fermi\BD\Computers


Reset computer before rejoining to the domain106 l.jpg

Reset Computer before rejoining to the Domain

  • Browse to your Department/group OU.

  • Go to the Desktop or Laptop OU.

  • Right-click on the computer and select reset account.

Right-click


Reset computer before rejoining to the domain107 l.jpg

Reset Computer before rejoining to the Domain

  • Click OK when asked to reset the computer account.


Reset computer before rejoining to the domain108 l.jpg

Reset Computer before rejoining to the Domain

  • You will be notified that the computer account reset was successful.

  • Click OK.


Renaming or retiring a computer l.jpg

Renaming or retiring a computer?

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples

    • Fermi\user-admin for desktop support

    • Start the AD Tool

    • Reset a user password

    • Reset a computer

    • Delete a computer

    • Computer Management


Delete a computer account l.jpg

Delete a Computer Account

  • Browse through Active Directory to Fermi\BD\Computers


Delete a computer account111 l.jpg

Delete a Computer Account

  • Browse to your Department/group OU.

  • Go to the Desktop or Laptop OU.

  • Right-click on the computer and select delete.

Right-click


Delete a computer account112 l.jpg

Delete a Computer Account

  • Click OK when asked to delete the computer account.


The power of computer management l.jpg

The Power of Computer Management

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples

    • Fermi\user-admin for desktop support

    • Start the AD Tool

    • Reset a user password

    • Reset a computer

    • Delete a computer

    • Computer Management


Computer management l.jpg

Computer Management

  • Browse through Active Directory to Fermi\BD\Computers


Computer management115 l.jpg

Computer Management

  • Browse to your Department/group OU.

  • Go to the Desktop or Laptop OU.

  • Right-click on the computer and select manage.

Right-click


Computer management116 l.jpg

Computer Management

  • The Computer Management Tool is launched.


Computer management117 l.jpg

Computer Management

  • Application, Security and System entries can be viewed through the Event Viewer.


Computer management118 l.jpg

Computer Management

  • Local user accounts and local groups can be managed through computer management.


Computer management119 l.jpg

Computer Management

  • The Device Manager can be viewed in read-only mode.


Computer management120 l.jpg

Computer Management

  • Partitions can be viewed with the Disk Management.


Computer management121 l.jpg

Computer Management

  • Services can be stopped, started or configured.


What did we talk about today l.jpg

What did we talk about today?

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples


  • Login