Basic JLab Windows Desktop Administration Seminar By Myung Bang June 14, 2005
Topics to be Covered • Get to know your Computer • Network Configuration (IP Address, DHCP, Wireless, …etc) • CUE - Jefferson Lab Windows Domain • Domain login process • Installing software • Automatic Updates – Operating System • Automatic Updates – Anti-Virus • Spy/Adware removal • Storing Data files safely • Checking permissions on Fileservers and Quotas • Email - Managing Inbox and Folders • Calendar • Passwords • PuTTY • Printing • Microsoft Enterprise Agreement • Speed up your system • Restoring your system • Upgrading your system to Windows XP • Security • Shortcut to recovering Mozilla profiles • Windows Shortcut Keys • Recommendations • Getting help
The most important webpage • The Computer Center web page is your friend - http://cc.jlab.org/ • Most references are on the above web page
Before we begin… • In Windows, there are several ways to do the same thing, so the way I am showing you is not the only way, but is the simplest way I know. • All examples are based on Windows XP
Get to know your computer • System Properties will show you Operating System Information, Registration and Computer Information • Right Click ‘My Computer’ and select Properties. Select a General tab.
Get to know your Computer – continue… • What’s my computer’s name? • Right Click ‘My Computer’ , select Properties and Computer Name tab.
Network Configuration:Static vs. DHCP Addresses • A static IP address is assigned to a specific computer and is only intended for use on that specific computer. If that computer needs to move to a different building, you will need to request a new IP. Requesting one is easy; see http://cc.jlab.org/docs/networks/internal/IPrequest.html • A DHCP address (one automatically assigned by the JLab servers to PCs), is being used for mobile PCs, e.g., laptops or PCs used for analysis and moved frequently. • All new build systems are using DHCP to get their IP addresses.
Using DHCP • If you are going to use DHCP, you must follow the instructions on http://cc.jlab.org/docs/helpdesk/dhcp_info.html • If you don’t follow the instructions, your computer will be denied access to the network automatically. • If your system is build by automatic build system (RIS (will cover this later slide)), your system is automatically registered.
Find out what my Network configuration is.. • Open the Command prompt by Start, All Programs and select Command Prompt • or Start , Run and type cmd • Type ipconfig /all • Demo
Modifying Network Configurations • Right click “My Network Places” and Properties. • Right click “Local Area Connection” and Properties. • Select Internet Protocol (TCP/IP) and Properties. • Please see; http://cc.jlab.org/docs/services/windows/WinXPconfig.html for more detailed instructions
Using wireless • You must have a wireless card that will support 128 bit encryption • In order to use wireless, you need to obtain a WEP (Wired Equivalent Privacy) key • All detailed information is on; http://cc.jlab.org/docs/networks/internal/guide/wireless/wireless_main.html
Being in the JLAB domain • All Windows machines must be a member of the JLAB domain. • More information on joining the domain is available at http://cc.jlab.org/docs/services/windows/WinXPconfig.html, in the Windows section • When your machine joins the JLAB domain, your login screen should look like these:
Login Process • During login, at a minimum, your J, K, L and M drives will be mapped. When you open My Computer, those drives should be there. • You will, also, see a black box with unread News. You should read all News messages. They contain valuable information such as Computer Center maintenance days, Outage alerts, and much more. • If you don’t see your mapped drives or News box, please call the helpdesk (x7155) or submit a CCPR via email to email@example.com
Installing CUE supported software- New way • Go to Start, Control Panel, Add/Remove Programs, Add New Programs.
After joining the domain • After your machine has joined the domain, the following will be installed on your system automatically. • Systems Management Server (SMS) clients • Symantec Anti-Virus Corporate Edition software (Symantec CE is the only approved Anti-Virus software in JLAB, do not install different anti-virus software) • We are testing the new version of Symantec CE that includes Spyware & Adware removal tools.
Automated Updates – Windows Patches • Software Updated Service (SUS) is used for patching your Windows System. • Normally, patches are released once a month by Microsoft, and the Computer Center will deliver them on maintenance day • If the patch is critical, they could be delivered on non-maintenance days. • When Microsoft releases a patch, Computer Center staff will test each patch to make sure it will work in our environment. When it has passed the test, Computer Center staff will approve the patch through SUS. • Upon approval, SUS will deliver patches at 3 AM on following day in the following order: • If a user with Administrator privileges is logged on • Restart notification allows the user to initiate the shutdown or postpone it • If a user with non-Administrator privilege logged on • Restart notification allows the user to initiate the shutdown but not to postpone it. • If no users are logged on • Automatically restarts the system immediately following installation • If the system was turned off during the scheduled installation and missed the update • It will install updates 15 minutes after restart.
Automated updates – Windows/Application patches • Currently, SUS can only deliver Widows operating systems patches and does not have reporting features. • An upgrade of SUS has just been released (June 6, 2005), called WSUS (Windows Server Update Services) which will deliver OS patches as well as application patches. • WSUS will have a reporting functionality. • An evaluation of WSUS has already been started.
Automated Updates – SMS • Systems Management Server, SMS, is used for hardware/software inventory, deliver patches and install software. • SMS, also, allows CC to remote control client systems for troubleshooting • Windows XP has built-in remote desktop and Remote Assistance to get help from different users (i.e. helpdesk)
Automated Updates – Symantec Anti-Virus software • When your Windows system is in the JLAB domain, you get weekly updates to your Symantec Anti-Virus’s virus definitions (more often if we receive notification of new destructive viruses in the wild). • CUE PCs are configured to run weekly scans and provide real time virus protection (which scans all files you open or receive via email). • Symantec Antivirus CE has three group permissions: • Normal (default): • Automatic weekly scan – User can not stop it • Automatic virus definition update – User can not initiate download • Realtime protection on – User can not turn it off • Mobile • Automatic Weekly scan – User can stop it • Automatic virus definition update – user can initiate download • Realtime protection on – User can not turn it off • Control • Automatic weekly scan – not scheduled • Automatic virus definition update – not turned on. User’s responsibility • Realtime protection on – User can turn it off • Users can request to be in Mobile or Control group via CCPR
Symantec Shields • If your Norton shield on lower right hand corner looks like this: • Good – do nothing • Bad – call Helpdesk • Very Bad – notify Helpdesk immediately
Spyware/adware removal • Spyware, also known as adware, is Internet jargon for any data collection program that secretly gathers information about you and relays it to advertisers and other interested parties. • You can unknowingly install spyware by installing a new piece of software, most commonly a piece of freeware or shareware (e.g., KaZaA, iMesh, WeatherBug). Many of these programs are intended to track your Internet browsing habits, such as frequented sites and favorite downloads, then provide advertising companies with marketing data. • We have a site license of Lavasoft Ad-aware SE Professional to remove spyware/adware. • Removal tool can be installed from following earlier slide (Control Panel, Add/Remove Programs, Add new Programs) instruction. • The new version of Symantec Antivirus CE will detect/remove spyware/adware, also.
Storing Data Files Safely • Always store your data on the Network drives. NEVER STORE ANY CRITICAL DATA ON YOUR LOCAL HARDDRIVE • The Computer Center backs up and protects all files stored in home (J: ), site (K: ), apps (L: ) and group (M: ) directories in real time (well, almost). • Within your home directory, there is a subdirectory named J:\Jde. All files stored in or in subdirectories of Jde can only be accessed by you. • IMPORTANT: All files outside of JDE can be read by Everyone by default. (DEMO)
Storing Data Files Safely • Here’s my thought: “It’s not a matter of ifmy hard drive will fail me, it’s a matter of when.” • Files stored on a local hard drive, unless backed up on a frequent and regular schedule by a reliable method, are not safe. They can be destroyed by being overwritten, deleted, infected by a virus, or failure of hardware. • Very few people have the time or are willing to make the effort to back up files. We always mean to do it… but it’s rarely done. • Remember - Anything stored on Government equipment belongs to government, not you…. so, it’s your responsibility to protect.
Storing Data Files Safely • There are two files you’ll need to copy to your home directory fairly often, bookmarks and address books. These save locally by default, and many users find them personally important. • http://cc.jlab.org/docs/services/email/import_export_pab.html • http://cc.jlab.org/docs/services/email/import_export_bookmark.html
Retrieving data from J, K, L, M drive • If you need to retrieve data deleted for less than 3 days, retrieve it from the ~snapshot directory. • ~snapshot is being backup every 1 hour • If the data was deleted more than 3 days ago, submit a CCPR and we will get it from tapes. • Demo
If you need temporary storage spaces… • Jlab scratch area is available for you to file storage needs for two weeks; after that, it is deleted. • Start, Run and type \\jlabscr\scratch • Scratch area is not being backed up, so if you delete a file from the scratch area, it’s gone.
Checking permissions on the fileserver • Need to use a special tool called “Secure Access” • Can be installed from Jlab-Cue/Client Installed Programs/ • Demo • There are a few folders on the M drive (group) which are using NTFS style permissions • The NTFS style group area is created by special request
Checking Group membership • Used for assign access rights on files/directory • Windows groups and Unix groups are different but they are synchronized • Use following commands to find what groups you are in; • Windows: net user /domain username • Unix: groups • Demo
Checking quota • Fileservers have a limited amount of disk space, so everyone has a disk quota. • Users need to check their quota before they start to copy large volumes of data • Users can check their quota from http://cc.jlab.org/ , in the Quota Check section
Email • Your email address • firstname.lastname@example.org (i.e. email@example.com) • Firstname.firstname.lastname@example.org (i.e. email@example.com) • Computer Center supports Mozilla mail • Keep the number of messages in your inbox small (ideally less than 100) • Use the Filtering feature to filter messages to different folders • We use MX Logic to filter out SPAM mails • If MX Logic miss a particular spam email, you can forward that email to firstname.lastname@example.org so they can add that address to SPAM list. • or Junk mail feature in Mozilla to send SPAM to a Junk folder automatically. • More information can be found at http://cc.jlab.org/services/email/
Checking email from the Web • Web based email • From any browser, type webmail.jlab.org • Same functionalities as any other email client • Great for people on travel • More inofrmation can be found at; http://cc.jlab.org/services/email/
What is smail??? • Smail is secure outgoing email server users can use from anywhere. • If you have a laptop and connect to a network other than JLAB, you need to configure your outgoing email server as smail.jlab.org • More information is available at http://cc.jlab.org/docs/services/email/SecureMailClientSetup.html
Calendar • Jlab Calendar (jcal) is the only authorized calendar tool for scheduling meetings and reserving rooms. • Everyone who has a JLAB user account has a calendar account automatically. • More information is available from: http://cc.jlab.org/services/calendar/ • Web based calendar can be used from: • http://webcal.jlab.org
Passwords • Your password is used on: • Unix login (db1, central systems, etc.) • E-Mail • Windows • Calendar • MIS Web pages (timesheet, stock, credit cards, etc.) • Dial-up networking • Ingenium Training Database • Jefferson Lab Users must change their password every 6 months • When changing your password, it will be changed for all applications listed above. • More information on password is available at • http://cc.jlab.org/docs/services/cue/password.html
How to change your password • You need to follow the password rules at: http://cc.jlab.org/policies/PasswordRules.html • Using the CUE Password Change Utility at https://cc.jlab.org/services/PMF/JPasswdClient.html • Login to any central Unix system (jlabs1, jlabl1, or db1, …etc.) • type jpasswd - you will be prompted for your current password, and your desired new password (twice)
Calendar Offline Password • The current supported Corporate Time Calendar program is 6.0 • Corporate Time saves an encrypted file on your hard drive containing your offline calendar password. • If you experience trouble logging into the Calendar Server after a password change that relates to an "offline agenda", please follow instructions at; http://cc.jlab.org/docs/services/calendar/offline-agenda.html
What is SSH? PuTTY?? • Secure Shell is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications. It is a replacement for rlogin, rsh, rcp, and rdist. • SSH protects a network from attacks such as IP spoofing, IP source routing, and DNS spoofing. • PuTTY is JLAB's only supported SSH software package for Microsoft Windows based computersystems • PuTTY will let you login to db1 or any other Unix systems
Printing • Install printers by going to Start, Run and typing \\jlabprt • Double click the name of the printer you want to use • Demo
What is Microsoft Enterprise Agreement? • We have pre-paid (yearly) for a number of OS and Application suite licenses. • If we use more licenses than what we have paid for, then we pay the difference at the end of year (True up). • Software includes OS upgrade, Microsoft Office Professional suites, Project, Visio and Front Page.
Additional benefits from MS EA • Home Use – You can purchase MS Office for just the shipping cost • http://cc.jlab.org/docs/services/windows/MS_Home_Use_program.htm • You can only use this software while you are JLAB employee. • You can only purchase one copy and you can not purchase OS • You need to use this software for JLAB related work sometimes • Employee Purchase – Cost are more than Home Use, but still cheaper than store purchase • http://cc.jlab.org/docs/services/windows/MS_Employee_Purchase_program.htm • Yours to keep forever • You can purchase multiple copies includes OS • You don’t have to use this for JLAB related work at all
How to speed up your system • Defragment, Disk Cleanup utilities from All Programs, Accessories, System Tools • Convert from FAT or FAT32 to NTFS • Remove temporary files, reduce cache sizes • Do not install any programs you don’t know/need.
System Restore • By default, XP saves several system settings. • Number of saved settings is determined by the size of the hard drive (configurable). • To access that, go to Accessories, System Tools, System Restore. • Demo
How to upgrade to Windows XP • Backup your data (i.e. address book, book mark, Mozilla profiles, …etc) • Submit a request to build your system at: https://cc.jlab.org/services/windows/BuildSystem/index.html • You will get notified via page or phone to reboot your system to begin installation process. • During the reboot, the system will connect to Remote Install Services (RIS) server and install new operating system • During the installation, the hard drive will be reformatted. • All necessary patches and all CUE supported software will be installed. • More information can be found at http://cc.jlab.org/docs/services/windows/Upgrade2XP.html
Benefits of RIS install • Is fully supported by Computer Center (we know exact configuration of the system). • Guarantee delivery of clean/working system • Automatic upgrade of all CUE supported software when it’s available.
Security • NEVER share your password with anyone (including your best friends) • Use the screen saver to password protect your desktop if idle for 5 minutes • Lock your desktop when you leave your desktop (Winkey+l)
Shortcut to Recovering Mozilla profiles • For Mozilla 1.7x • From the Windows Explorer, go to Tools, Folder Options, View and select Show hidden files and folders • Go to c:\document and setting\Username\Application Data\Mozilla\Profiles\Username\xxxxxxxx.slt\ • Delete the Cache directory contents • Backup the xxxxxxx.slt directory to somewhere safe (CD, network, …etc.) • On a new machine, configure your Mozilla profile • Navigate to the xxxxxxx.slt directory on the new machine (xxxxxxxx will be different from the previous machine) • Copy the content of the old xxxxxxxx.slt to the new xxxxxxxx.slt directory
HelpfulWindows Shortcut Keys • WINKEY + E Open Windows Explorer • WINKEY + TAB Cycle through open programs in the taskbar • WINKEY + L Lock Computer (XP only) • WINKEY + M Minimize all Windows • WINKEY + SHIFT + M Undo minimize • WINKEY + F Open Search/Find feature • WINKEY + CTRL + F Open search for Computers • WINKEY + F1 Open MS Windows Help • WINKEY + R Open the Run Window • WINKEY + PAUSE Open Systems Properties
My recommendations • Email - Keep your inbox as small as possible • Leave you system up at night – just lock it when you leave. • Reboot at least once a week • Do not install any programs you don’t know (screen savers, weather bug, plug-ins, …etc) • Don’t let your free disk space be less than 100mb • If you are using Windows NT, upgrade to Windows XP as soon as possible • If you have any questions, concerns or problems, call helpdesk (x7155), email to email@example.com or submit a CCPR.
Getting Help • CCPR (Computer Center Problem Reporting) via web http://mis.jlab.org/mis/ccpr/ccpr_user/ccpr_new_user_request.cfm?CCPR%A0New%A0Request or email to firstname.lastname@example.org • Help desk opens daily during 1:30 to 4:30 PM (x7155) • Frequently Ask Questions (FAQ) page at http://cc.jlab.org/general/FAQ.html