Local administrator meeting
Download
1 / 122

Beams Division Local Administrators Meeting - PowerPoint PPT Presentation


  • 295 Views
  • Uploaded on

Local Administrator Meeting 2-25-03 Brian Drendel What will we talk about today? Announcements Win2k Migration Progress Key Server Retired New WinXP Ghost Image Site Netbios Block Fermilab Active Directory Structure Beams Division OU Structure Administering the BD OU

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Beams Division Local Administrators Meeting' - JasminFlorian


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Local administrator meeting l.jpg

Local Administrator Meeting

2-25-03

Brian Drendel


What will we talk about today l.jpg
What will we talk about today?

  • Announcements

    • Win2k Migration Progress

    • Key Server Retired

    • New WinXP Ghost Image

    • Site Netbios Block

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Administering the BD OU


Win2k migration progress l.jpg
Win2k Migration Progress

  • Win2k Migration Progress

    • Workstations:

      • 458 Users/463 Computers in Fermi

      • 95 computers on Beams browse list

    • Servers

      • Win2k: www-bdnew, Beamssrv1, Beams-Fmpro, beams-prt-srv, beams-backup, Beams-flexlm

      • WinNT: Beams-cdrom, beamsappsrv1, beamsappsrv2

    • Further Concerns

      • Macintoshes

      • BD-Controls Domain


No more key server l.jpg
No more Key Server!

  • Announcements

    • Win2k Migration Progress

    • Key Server Retired

    • New WinXP Ghost Image

    • Site Netbios Block

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples


Key server retired l.jpg
Key Server Retired

  • Key Server Retired Feb. 17th.

    • Email warnings

    • Help desk tickets

    • Key server error messages.


Casper the friendly ghost image l.jpg
Casper the friendly ghost image!

  • Announcements

    • Win2k Migration Progress

    • Key Server Retired

    • New WinXP Ghost Image

    • Site Netbios Block

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples


Casper the friendly ghost image7 l.jpg
Casper the friendly ghost image!

  • Latest Drive Image

    • Office XP Pro

    • Exceed 8

      • Kerberos FTP

      • Jim Smedinghoff custom ACNET configuration

  • Remote Registry Service

    • Needed for SP Management

    • Turn it back on


Site netbios block l.jpg
Site Netbios Block

  • Announcements

    • Win2k Migration Progress

    • Key Server Retired

    • New WinXP Ghost Image

    • Site Netbios Block

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples


Site netbios block9 l.jpg
Site Netbios Block

  • Network

    • NetBIOS Block

      • 137, 138, 139, 445 ports blocked in three stages

        • Fermi DCs

        • Site with exemptions for servers

        • Entire Site

    • Possible solution for offsite connectivity

      • VPN

        • Site VPN in Beta

        • BD Controls VPN

        • Cross Platform


Win2k domain structure at fermilab l.jpg
Win2k Domain Structure at Fermilab

  • Announcements

  • Fermilab Active Directory Structure

    • Root Domain

    • Child Domains

    • Organizational Units (OU)

    • BD OU

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples


Active directory l.jpg
Active Directory

  • Active Directory allows us to organize and manage domain objects:

    • Users

    • Computers

    • Printers

    • Global Groups

    • Shares

  • What does the Fermilab Active Directory structure look like?


Root domain l.jpg
Root Domain

  • The Root Win2k Domain is called WIN.FNAL.GOV.

    • Contains two Domain Controllers (FCC and WH).

    • Owned, managed and maintained by Computing Division.

    • BD has no administrative access to this domain.

    • Functions of Domain:

      • Used only for security.

      • Can push policies down to other OUs

        • Legal Banner

        • Minimum password length


Child domains l.jpg
Child Domains

  • Announcements

  • Fermilab Active Directory Structure

    • Root Domain

    • Child Domains

    • Organizational Units (OU)

    • BD OU

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples


Child domains15 l.jpg
Child Domains

  • Active Directory Objects are connected to the Win.fnal.gov domain via separate child domains.

  • Child Domains:

    • Have a two way transitive trust with Win.

    • Must be approved by Computer Security.

      • Fermi Domain: All users and computers at Fermilab

      • Other Domains: Critical System???

  • Computer Security does not allow:

    • Unattached Domains.

    • Child Domains of the Child Domains.


Child domains16 l.jpg
Child Domains

  • Fermi Child Domain

    • Contains all users, computers, printers, global groups and shares for the entire Fermilab Windows desktop community.

    • Contains all Child Domain user accounts.

    • Domain Controllers scattered throughout the site.

      • The BD Domain Controller is called Bert.


Organizational units l.jpg
Organizational Units

  • Announcements

  • Fermilab Active Directory Structure

    • Root Domain

    • Child Domains

    • Organizational Units (OU)

    • BD OU

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples


Organizational units19 l.jpg
Organizational Units

  • Child Domains are further broken down into Organizational Units (OUs).

    • Each Division has its own OU.

    • Management to each OU is delegated to managers in their respective Divisions.

    • BD OU

      • Has all Beams Division users, computers, printers, global groups and shares.

      • Managed by the BD/Networking Group.


Bd ou l.jpg
BD OU

  • Announcements

  • Fermilab Active Directory Structure

    • Root Domain

    • Child Domains

    • Organizational Units (OU)

    • BD OU

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples


Bd ou management l.jpg
BD OU Management

  • The BD OU is further broken down into Sub-OUs for:

    • Computers

    • Users

    • Groups

    • Printers

    • File Shares


Bd ou in detail l.jpg
BD OU in Detail

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

    • Win2k Admin Guide

    • Users

    • Computers

    • Printers

    • Global Groups

    • Shares

  • Local Admin Administrative Setup

  • Administrative Task Examples


Win2k admin guide l.jpg
Win2k Admin Guide

  • The Win2k Admin guide covers administration of the BD OU.

    • Covers specific details for administration by:

      • BD Active Directory Administrators (BD\Network Group)

      • Local Administrators

  • More detail can be found in my Win2k Admin Guide Document located at

    http://www-bdnew.fnal.gov/network/Win2k-Adminguide/Adminguide.htm


Users l.jpg
Users

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

    • Win2k Admin Guide

    • Users

    • Computers

    • Printers

    • Global Groups

    • Shares

  • Local Admin Administrative Setup

  • Administrative Task Examples


Users28 l.jpg
Users

  • We now want to take a few moments to explore each of the subOUs within the Fermi\BD OU.

    • Users

    • Computers

    • Printers

    • Shares

    • Global Groups


User s ou l.jpg
User’s OU

  • The BD User’s OU is further divided by the org chart.

    • Each department/group has their own OU.

    • Each department/group OU is further broken down into a General and Special OU.

    • Management of Users is covered in the users portion of the Win2k Admin Guide:

      http://www-bdnew.fnal.gov/network/Win2k-Adminguide/users.htm


5 types of fermi domain accounts l.jpg
5 Types of Fermi Domain Accounts

  • There are five types of users in the Fermi Domain:

    • Users:

    • Admins:

    • Managers:

    • Captive Accounts:

    • Service Accounts:


User accounts l.jpg
User Accounts

  • Every user that wants to access Fermi Domain resources has a user account.

    • All of your everyday work.

    • The account does not have administrative privileges across multiple computers.

    • Equivalent of your Kerberos Principal.

      • Cannot share your password

      • Cannot send your password over the network.

    • User accounts are cloned to the Fermi Domain to maintain Beams Domain access.

    • Username has the format of Fermi\{username}.

    • Users live in AD in the Fermi\BD\Users\{Department or Group}\General

    • Only Computing Division creates accounts.

    • You can apply for a user account at

      http://www-bdnew.fnal.gov/network/add_user.asp.


Admin accounts l.jpg
Admin accounts

  • Every users that needs administrative access to objects in the Fermi Domain needs an Admin account.

    • Not for your everyday work.

    • The account is delegated administrative functions in the domain.

    • A user must be a registered sysadmin (https://miscomp.fnal.gov/sysadmindb/).

    • Can be used by LOCALADMINS

      • Manage desktop computers.

      • Manage Departmental SubOU.

    • Username has the format of Fermi\{username}-admin

    • CD stores these accounts in a separate location in AD.

    • You can apply for a user account at

      http://www-bdnew.fnal.gov/network/add_user.asp.


Manager accounts l.jpg
Manager Accounts

  • Each Division assigns no more than three administrators to perform advanced Active Directory Administration for their respective Division.

    • The account is used to create active directory structure, move users and create group policy.

    • Username has the format of Fermi\{username}-mgr

    • CD stores these accounts in a separate location in AD

    • These accounts are assigned. There is no web application form.


Captive accounts l.jpg
Captive Accounts

  • These are domain accounts that require a shared login to a dedicated console.

    • Computing Security does not allow users to share their account passwords, so user accounts can not be used for this function.

    • These accounts need Win2k Policy Committee and CD Security approval.

    • Accounts names are of the form Fermi\bd-cap-{function}.

    • Accounts are stored in Active Directory in Fermi\BD\Users\{Department or Group}\Special

    • Accounts can be applied for at http://computing.fnal.gov/pcmanagers/captiveform.html.


Service accounts l.jpg
Service Accounts

  • When accounts are required to run applications, a shared service account is used.

    • Computing Security does not allow users to share their account passwords, so user accounts can not be used for this function.

    • Win2k Policy Committee and CD Security approval.

    • A Shared Service Account has the following requirements:

      • Run software as an unattended service, like Unix daemons

      • Use Domain account authentication

      • Usage of this account over the network

      • Sharing of the account password between multiple administrators

    • These accounts need Accounts names are of the form Fermi\bd-srv-{function}.

    • Accounts are stored in Active Directory in Fermi\BD\Users\{Department or Group}\Special

    • Accounts can be applied for at http://www-win2k.fnal.gov/pub/Docs/Sharing_service_accounts.doc.


Users ou l.jpg
Users OU

Users are stored in Active Directory in Fermi\BD\Users\{Department or Group}\General.


Computers l.jpg
Computers

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

    • Win2k Admin Guide

    • Users

    • Computers

    • Printers

    • Global Groups

    • Shares

  • Local Admin Administrative Setup

  • Administrative Task Examples


Bd computers ou l.jpg
BD Computers OU

  • The BD Group OU is further divided by the org chart.

    • Each department/group has their own OU.

    • Each department/group OU is further broken down into a Desktop, Laptop and Server OU.

      • The GPO applied on Servers different from Desktops, different from laptops.

    • Management of Computers is covered in the computers portion of the Win2k Admin Guide:

      http://www-bdnew.fnal.gov/network/Win2k-Adminguide/computers.htm


Computers ou l.jpg
Computers OU

Computers are stored in

Fermi\BD\Computers\{Department or Group}\{Computer Type}.


Printers l.jpg
Printers

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

    • Win2k Admin Guide

    • Users

    • Computers

    • Printers

    • Global Groups

    • Shares

  • Local Admin Administrative Setup

  • Administrative Task Examples


Printers43 l.jpg
Printers

  • Printers are published in Active Directory.

    • The Win2k Print queues still live on beams-prt-srv

    • Additionally, the printers are published in Active Directory.

      • Makes adding printers easier for the client computers.

    • Management of Printers is covered in the printers portion of the Win2k Admin Guide:

      http://www-bdnew.fnal.gov/network/Win2k-Adminguide/printers.htm


Printers45 l.jpg
Printers

Computers are stored in Fermi\BD\Printers\


Global groups l.jpg
Global Groups

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

    • Win2k Admin Guide

    • Users

    • Computers

    • Printers

    • Global Groups

    • Shares

  • Local Admin Administrative Setup

  • Administrative Task Examples


Global groups47 l.jpg
Global Groups

  • Win2k Domain permissions are assigned by global groups.

    • Beams Domain global groups are cloned to the Fermi Domain to maintain Beams Domain access.

    • Global groups follow the naming convention Fermi\BD {group name}.

    • Management of Global Groups is covered in the global groups portion of the Win2k Admin Guide:

      http://www-bdnew.fnal.gov/network/Win2k-Adminguide/groups.htm


Global groups49 l.jpg
Global Groups

Computers are stored in Fermi\BD\Global Groups\


Shares l.jpg
Shares

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

    • Win2k Admin Guide

    • Users

    • Computers

    • Printers

    • Global Groups

    • Shares

  • Local Admin Administrative Setup

  • Administrative Task Examples


Shares51 l.jpg
Shares

  • Server shares can be published to Active Directory.

    • The share still lives on the server.

    • Published to Active Directory for client convenience.

    • Allows us to collect share from multiple servers and put them in one place.

    • Management of Shares is covered in the shares portion of the Win2k Admin Guide:

      http://www-bdnew.fnal.gov/network/Win2k-Adminguide/shares.htm


Shares52 l.jpg
Shares

Shares are published in Fermi\BD\Global Shares\


Setting up for ad management l.jpg
Setting up for AD Management

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

    • Install AD Tool

    • Configure AD Tool

    • Add Fermi\user-admin account to local computers

    • Enable Remote Registry on local computers.

  • Administrative Task Examples


Administrative tools l.jpg
Administrative Tools

  • To manage our Active Directory and Computers, we need:

    • Active Directory Management

      • An Fermi\user-admin account

      • The AD User and Computer management tool.

    • Desktop Management (option)

      • Fermi\User-admin account in administrators group

      • Remote Registry Service.

    • Installation and setup of management tools is covered in the administrative tools portion of the Win2k Admin Guide:

      http://www-bdnew.fnal.gov/network/Win2k-Adminguide/tools.htm


Administrative tools install l.jpg
Administrative Tools: Install

  • The Active Directory Users and Computers tool runs as a snap-in tool in the MMC.

  • The tool can be run on any Win2k or WinXP (must be SP1) desktop or laptop computer that is in the Fermi Domain.

  • There are two versions:

    • Win2k: Obtained from the Win2k Server CD.

    • WinXP: Downloaded from Microsoft.

  • We will walk through the installation on a WinXP SP1 client computer.


Active directory users and computers installation l.jpg
Active Directory Users and Computers Installation

  • Login to your WinXP desktop using your local administrator account

  • Check the Service pack level

    • Start->Run



Active directory users and computers installation59 l.jpg
Active Directory Users and Computers Installation

  • WinXP needs to be at SP1 level or later.


Active directory users and computers installation60 l.jpg
Active Directory Users and Computers Installation

  • If you need to install WinXP SP1, then you can do so from \\Beamssrv1\WinXP-Setup\WinXP SP1 + hotfixes.bat.


Active directory users and computers installation61 l.jpg
Active Directory Users and Computers Installation

  • When prompted for username and password, do not forget to use the form Fermi\{username} for your username.


Active directory users and computers installation62 l.jpg
Active Directory Users and Computers Installation

  • Follow online directions to complete SP1 installation followed by a reboot.


Active directory users and computers installation63 l.jpg
Active Directory Users and Computers Installation

  • We will now install the Active Directory Users and Computers tool.

  • Login to your local administrator account and browse the network to Beamssrv1.


Active directory users and computers installation64 l.jpg
Active Directory Users and Computers Installation

  • Again, you are prompted for your Fermi Domain credentials.

  • Wouldn’t it be nice not to have to do this? Stay tuned!


Active directory users and computers installation65 l.jpg
Active Directory Users and Computers Installation

  • Go to the installation directory as shown here (different for Win2k than WinXP).

  • Run adminpak.msi

  • Note the installation is faster if you copy the entire directory to your PC and run it locally.


Active directory users and computers installation66 l.jpg
Active Directory Users and Computers Installation

  • Click NEXT> at the welcome screen.


Active directory users and computers installation67 l.jpg
Active Directory Users and Computers Installation

  • Select to agree to the license agreement.

  • Click NEXT>.


Active directory users and computers installation68 l.jpg
Active Directory Users and Computers Installation

  • When the installation has completed, click FINISH.


Configure the ad tool l.jpg
Configure the AD Tool!

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

    • Install AD Tool

    • Configure AD Tool

    • Add Fermi\user-admin account to local computers

    • Enable Remote Registry on local computers.

  • Administrative Task Examples


Active directory users and computers configuration l.jpg
Active Directory Users and Computers Configuration

  • The Active Directory Users and Computers tool needs to be configured for use.

  • We will

    • Add the tool to an MMC Console

    • Save the MMC configuration

    • Later we will use the tool using runas with Fermi\user-admin (more on admin accounts later) credentials.


Active directory users and computers configuration71 l.jpg
Active Directory Users and Computers Configuration

  • Logon to either your Fermi\user account or your local admin account.

  • Click Start -> Run.


Active directory users and computers configuration72 l.jpg
Active Directory Users and Computers Configuration

  • Type MMC in the run window, then click OK.


Active directory users and computers configuration73 l.jpg
Active Directory Users and Computers Configuration

  • In the MMC Console file menu, click File -> Add/Remove Snap-in…



Active directory users and computers configuration75 l.jpg
Active Directory Users and Computers Configuration

  • Select the Active Directory Users and computers (only once)

  • Click Add

  • Click Close

1

1

2

3


Active directory users and computers configuration76 l.jpg
Active Directory Users and Computers Configuration

  • The Add/Remove Snap in window now shows the Active Directory Users and Computers tool

  • Click OK.


Active directory users and computers configuration77 l.jpg
Active Directory Users and Computers Configuration

  • The MMC console now shows the Active Directory Users and Computers Tool.

  • From the file menu, click File -> Save As.


Active directory users and computers configuration78 l.jpg
Active Directory Users and Computers Configuration

  • Save the file to a location that is not in your profile (i.e. not on your desktop)

  • C:\AdminTools\Active Directory.MMC in my example.


Setting up for desktop management l.jpg
Setting up for Desktop Management

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

    • Install AD Tool

    • Configure AD Tool

    • Add Fermi\user-admin account to local computers

    • Enable Remote Registry on local computers.

  • Administrative Task Examples


Administration of client computers l.jpg
Administration of client computers

  • To better manage your desktop computers we will make two more configuration changes.

    • Add your Fermi\{user}-admin account to the administrator group on all computers that you manage.

    • Turn on the Remote Registry Service on all computers that you manage.

  • These changes need to occur on all desktops that you want to manage.


Add fermi user admin to administrators group l.jpg
Add Fermi\user-admin to Administrators Group

  • Start the User Account applet in the control panel.

    • Start->Settings->Control Panel->User Accounts


Add fermi user admin to administrators group82 l.jpg
Add Fermi\user-admin to Administrators Group

  • In the User Accounts applet, click the Advanced Tab, then the Advanced button.

1

2


Add fermi user admin to administrators group83 l.jpg
Add Fermi\user-admin to Administrators Group

  • Select Groups.

  • Double-click on Administrators.

2

1


Add fermi user admin to administrators group84 l.jpg
Add Fermi\user-admin to Administrators Group

  • In the Administrators Properties window, click the Add button.


Add fermi user admin to administrators group85 l.jpg
Add Fermi\user-admin to Administrators Group

  • Type your Fermi\user-admin account in the object name field.

  • Click OK.

1

2


Add fermi user admin to administrators group86 l.jpg
Add Fermi\user-admin to Administrators Group

  • Type your Fermi\user account in the object name field.

  • Click OK.

  • With the Fermi\user-admin account in the Administrators group, you won’t have to do this anymore!


Add fermi user admin to administrators group87 l.jpg
Add Fermi\user-admin to Administrators Group

  • Verify that your Fermi\user-admin account in the members list

  • Click OK.

  • Repeat for your other desktops.


Setting up the remote registry service l.jpg
Setting up the Remote Registry Service

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

    • Install AD Tool

    • Configure AD Tool

    • Add Fermi\user-admin account to local computers

    • Enable Remote Registry on local computers

  • Administrative Task Examples


Remote registry service l.jpg
Remote Registry Service

  • Right-Click My Computer and select Manage.

Right-click


Remote registry service90 l.jpg
Remote Registry Service

  • Find Services.

  • Double-click on Remote Registry


Remote registry service91 l.jpg
Remote Registry Service

  • Set startup type to Automatic.

  • Click the Apply button to enable the service for future logins.

  • Click the Start button to start the service.

1

3

2


Putting it all together l.jpg
Putting it all together!

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples

    • Fermi\user-admin for desktop support

    • Start the AD Tool

    • Reset a user password

    • Reset a computer

    • Delete a computer

    • Computer Management


Admin tasks l.jpg
Admin Tasks

  • How can you use your Fermi\user-admin account to administer users and computers in your department?

    • Local logon to desktops that you manage

    • Administration over the network using the Active Directory Users and Computers tool.


Using fermi user admin on client computers l.jpg
Using Fermi\user-admin on client computers

  • On any desktop computer that you manage, logon to your Fermi\user-admin account.

  • You know have

    • Access to all “local administrator” resources on Beamssrv1.

    • Have administrative privileges on the local computer.


Putting it all together95 l.jpg
Putting it all together!

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples

    • Fermi\user-admin for desktop support

    • Start the AD Tool

    • Reset a user password

    • Reset a computer

    • Delete a computer

    • Computer Management


Starting the active directory users and computers l.jpg
Starting the Active Directory Users and Computers

Right-click

  • Login to your Fermi\user account on the desktop that you are managing your users and computers from.

    • You do NOT need to login to your Fermi\user-admin account.

  • Right-click and select Run as on the Active Directory shortcut that you made in the previous step.


Starting the active directory users and computers97 l.jpg
Starting the Active Directory Users and Computers

  • Pass your Fermi\user-admin account credentials as shown here.


Starting the active directory users and computers98 l.jpg
Starting the Active Directory Users and Computers

  • You are now ready to manage Active Directory Objects!!!


Password amnesia l.jpg
Password amnesia?

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples

    • Fermi\user-admin for desktop support

    • Start the AD Tool

    • Reset a user password

    • Reset a computer

    • Delete a computer

    • Computer Management


Reset user password l.jpg
Reset User Password

  • To reset a password, we will browse through Active Directory to Fermi\BD\Users


Reset user password101 l.jpg
Reset User Password

  • Browse to your Department/group OU.

  • Go to the General OU.

  • Right-click on the user and select reset password.

Right-click


Reset user password102 l.jpg
Reset User Password

  • Type in the new password and confirm it.

  • Make sure to check the box that requires the user to change their password on next logon.

  • Click OK.

1

2

3

4


Reset user password103 l.jpg
Reset User Password

  • You will be notified that the password change was successful.

  • Click OK.


After a fresh ghost image l.jpg
After a fresh ghost image!

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples

    • Fermi\user-admin for desktop support

    • Start the AD Tool

    • Reset a user password

    • Reset a computer

    • Delete a computer

    • Computer Management


Reset computer before rejoining to the domain l.jpg
Reset Computer before rejoining to the Domain

  • To reset a password, we will browse through Active Directory to Fermi\BD\Computers


Reset computer before rejoining to the domain106 l.jpg
Reset Computer before rejoining to the Domain

  • Browse to your Department/group OU.

  • Go to the Desktop or Laptop OU.

  • Right-click on the computer and select reset account.

Right-click


Reset computer before rejoining to the domain107 l.jpg
Reset Computer before rejoining to the Domain

  • Click OK when asked to reset the computer account.


Reset computer before rejoining to the domain108 l.jpg
Reset Computer before rejoining to the Domain

  • You will be notified that the computer account reset was successful.

  • Click OK.


Renaming or retiring a computer l.jpg
Renaming or retiring a computer?

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples

    • Fermi\user-admin for desktop support

    • Start the AD Tool

    • Reset a user password

    • Reset a computer

    • Delete a computer

    • Computer Management


Delete a computer account l.jpg
Delete a Computer Account

  • Browse through Active Directory to Fermi\BD\Computers


Delete a computer account111 l.jpg
Delete a Computer Account

  • Browse to your Department/group OU.

  • Go to the Desktop or Laptop OU.

  • Right-click on the computer and select delete.

Right-click


Delete a computer account112 l.jpg
Delete a Computer Account

  • Click OK when asked to delete the computer account.


The power of computer management l.jpg
The Power of Computer Management

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples

    • Fermi\user-admin for desktop support

    • Start the AD Tool

    • Reset a user password

    • Reset a computer

    • Delete a computer

    • Computer Management


Computer management l.jpg
Computer Management

  • Browse through Active Directory to Fermi\BD\Computers


Computer management115 l.jpg
Computer Management

  • Browse to your Department/group OU.

  • Go to the Desktop or Laptop OU.

  • Right-click on the computer and select manage.

Right-click


Computer management116 l.jpg
Computer Management

  • The Computer Management Tool is launched.


Computer management117 l.jpg
Computer Management

  • Application, Security and System entries can be viewed through the Event Viewer.


Computer management118 l.jpg
Computer Management

  • Local user accounts and local groups can be managed through computer management.


Computer management119 l.jpg
Computer Management

  • The Device Manager can be viewed in read-only mode.


Computer management120 l.jpg
Computer Management

  • Partitions can be viewed with the Disk Management.


Computer management121 l.jpg
Computer Management

  • Services can be stopped, started or configured.


What did we talk about today l.jpg
What did we talk about today?

  • Announcements

  • Fermilab Active Directory Structure

  • Beams Division OU Structure

  • Local Admin Administrative Setup

  • Administrative Task Examples


ad