During our class discussion today we learned about setting group policies within Active Directory.
Lyle talked about using a single sign on service policy and explained how important this is in a large organization. I was unsure why and asked for clarity. It was explained that this policy enables a user to log on to any computer and have consistent access. To confirm that we had correctly set-up single service, we signed on to other classmembers’ networks using our usernames.
Next we discussed mapping, which involves using drive letters (i.e. f- z) as virtual drives. I learned that I can map a drive letter to a drive share, which means no matter which computer I log onto I can access a particular drive share. To map a drive letter one must use login scripts. A script is a set of instructions for the computer.
To create a new script we clicked on start, opened notepad and typed the command: net use $:\\scservered5769-dc
Lyle provided a break down of this script using Jen’s server address as an example. He typed the command: \\neserver/c$ . In this script
- \\ this means go on the network to find something
- the next part of the scrip is the name of the server
- the next \ tells the computer to go to the drive share
- $ means it is a hidden script
I really appreciate when Lyle breaks things down into Laymen terms... I often find that I am confused because I don’t have time to look up the information/definitions or acronyms during the class due to the fast pace.
A caution about security:
If I type \\ name of the server \ in the run command prompt I can see all the drive shares on the server. Lyle suggested that we do not allow students to access the run command.
Additional words of wisdom:
Organizing groups can save a lot of time, and setting permissions is critical to ensure FOIP has been addressed.
Moving into our activities for the day... we assigned a group policy to a particular group in the active directory. Below I have included the steps we followed while completing this Mini Exercise.
Mini Exercise 1: Login Scripts Using Group Policy
Login script ChristinaSean
- make up a batch file
- must know syntax of a command
-should store in netlogon
To begin we checked the File share permissions to make sure that the security was set correctly:
start, computer, ... shared folder, right click, properties, go into security and look at administrators to see access permissions, then check students
Create file Logon Christina Sean.bat
net use s: \\scserver2008\Shared
Open Notepad type the command:
net use s: add the UNC path to the folder, in this case add \\ed5769-dc\shared, file save as
login.bat - to get here drive share
c:\windows\sysvol\network5769.local/scripts
Make a policy
- Call it Login Script Christina Sean
- policies, windows settings, scripts (logon/login)
Next we added teacher and student accounts to all teacher and all students groups:
Open Active Directory users and computers, Open network5769.local, Sean-Christina, students, right click on student account: Sean student, Add to group,
When we got here we were unable to locate the groups: all students, all teachers
Mini Exercise 2: Folder Redirection
Our goal in this exercise was to create a home folder. As identified in Lyle’s notes, a home folder can be set-up on the network by an administrator so that the end user can save/retrieve files from the server as opposed to using the hard drive of the local workstation.
Creating a home folder:
Open my computer, double click on the C drive, file, new folder, home
Start, administrative tools, share and storage management, click provision share, a wizard will open, browse to c:\home, click next, next, next, type “user home directories” in the description box and click next, select Administrators have full control, all other users and groups have only read and write access, next, next, create, close
We now have our home directory.
To make home directories for the student and teacher accounts we completed the following steps:
Open Active Directory users and computers, Open network5769.local, Sean-Christina, students, right click on student account: Sean student, properties, click on profile, under home folder, local path set the profile tab to c:\home\%username% click apply, you will see c:\home\sean.student in the local path section, click ok
Repeat the process for teacher:
Open Active Directory users and computers, Open network5769.local, Sean-Christina, teachers, right click on teacher account: Sean teacher, properties, click on profile tab, under home folder, local path set the profile tab to c:\home\%username% click apply, you will see c:\home\sean.teacher in the local path section, click ok
To redirect to “My Documents” we completed the following steps:
Start, administrative tools, group policy management, select the Sean-Christina OU, right click and select create a GPO in this domain and link it here, New GPO, name: Documents Redirection Christina Sean, ok, right click on the GPO Documents Redirection Christina Sean, edit, User Configuration, policies/windows settings, folder redirection, documents, right click properties, change the setting to Basic-redirect everyone’s folders to the same location, Target folder location select Redict to the user’s home directory
Challenges and Errors of the Day:
Our server was trying to replicate active directory from the wrong server. To correct this we opened active directory sites and services and reconfigured our server to replicate from the main server.
Another issues we had today: our server was not recognizing one of our computer workstations so we took this computer off the domain, renamed it and rejoined it to the domain.
References