• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Not sure how to accomplish my goals...

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

Ludivous_Kain

Member
Joined
Aug 25, 2003
Location
Where The Buses Don't Go...
Several months after making a list of parts to order, everything finally came in, and I set up all the hardware. I was assembling a corporate network for one of my clients. It's my first domain/network job, so it was a good learning experience for me. Now, I don't know how to do the final bit of setting up. Right now, the network consists of 5 computers: One server, and four workstations. My client wants the software set up as follows:

The server has Microsoft Windows 2000 Server installed on it(already done).
The workstations will have Windows 2000 Professional installed on them (not yet completed).

The cloudy parts is as follows:

My client wants each workstation require domain authentication for the users, and for certian icons to appear on the desktop according to the group that the user is registered to. For instance, an administrator will have access to more programs/etc. than a common employee.

The programs that the employees use are: Office XP, QuickBooks Pro, Key-CAD Pro, and a few other minor things.

I was thinking about setting up the server to act as a domain for the workstations, and using Active Directory. But, I'm uncertian about how to go about and set access permissions that make actual configuration changes to the workstations. All four workstations are exactly the same, but my client wants to have an administrator log on to any one of them and still have all their options available. But, all their access permissions and additional program usage configurations shouldn't carry over to the common employees. Any ideas, appart from integrating the user's login prompt with a TermServ login? The apropriate CALs can be purchased, but it might be a needless expense if I can accomplish the goal without them.

I know there is a way around this problem, since my university does it. Faculty members have their own account that they use, which allows everything students can use, as well as additional programs, and they can log on to any computer on campus.
 
Your on the right track, use server as the domain controller w/ active directory. Several ways to configure it. I would set up 2 groups, one for regular employees and one for the admin. Use group policies and login scripts for each to limit access to programs/icons/ etc.
 
Okay. I used the "Configure your server" wizard to set up the server as a domain controller. I also added several user accounts in the Active Directory User section. I made a new OU, titled "Accounts", and then two more inside it, titled "Admin" and "General". I still fail to see how to set up login scripts, or even the location for the group policies. After this post, I'm going to do a more thorough examination of the administrative tools. At least now I know that I can do this with my current tools. :)
 
Excellent. Thanks for the suggestion. I didn't even think about the group policies. The only thing I need to figure out now is how to remove the "Network Places" icons/abilities, and how to have the server rename the computer logging on, so I can make a single ghost image for the workstations. But I don't know if that second thing is even possible. :)
 
You were hired to do this? Dude, you're not qualified AT ALL. There are 100,000 sys admins without jobs who could do this in a few hours, while napping. You must have good selling skills, you'll probably be my boss someday :eek:
 
electromagnetic said:
You were hired to do this? Dude, you're not qualified AT ALL. There are 100,000 sys admins without jobs who could do this in a few hours, while napping. You must have good selling skills, you'll probably be my boss someday :eek:

I wasn't hired to do the software configuration, I was hired to construct the network. I built them the five computers, and they wanted to know if I could take a shot at setting things up the way they wanted them. Sure, I could have told them "Screw you, get someone else to do it, I'm not qualified for this!" but that wouldn't have been very professional of me, now would it? Rather than blowing them off, and tarnishing my reputation (which finally got started with this job), I offered to take a shot at it. It'd earn me some extra money, and they'll be more likely to remember my name the next time they have a problem they need solved. I'm not pretending to know what I'm doing, and my client knows that. My expertise is in troubleshooting and system design, not the actual OS configuration settings. :)

[edit]
After all, we all gotta start somewhere, right?
 
Ludivous_Kain said:


I wasn't hired to do the software configuration, I was hired to construct the network. I built them the five computers, and they wanted to know if I could take a shot at setting things up the way they wanted them. Sure, I could have told them "Screw you, get someone else to do it, I'm not qualified for this!" but that wouldn't have been very professional of me, now would it? Rather than blowing them off, and tarnishing my reputation (which finally got started with this job), I offered to take a shot at it. It'd earn me some extra money, and they'll be more likely to remember my name the next time they have a problem they need solved. I'm not pretending to know what I'm doing, and my client knows that. My expertise is in troubleshooting and system design, not the actual OS configuration settings. :)

[edit]
After all, we all gotta start somewhere, right?

WOOT!
 
Back