Haslett, Andrew
andrew.haslett at ilc.gov.au
Mon Mar 6 20:34:38 CST 2006
Oops, so my recommended steps would basically be: * Upgrade your server to a DC (DCPromo). * Create a User account for each of your users (with Roaming Profile stored on your file server). * Create a Group called 'WorkStationAdministrators' (see below) * Create any other Groups required for restricting access to the filesystem as required. * Apply group restrictions to the filesystem on your server as required (ie to your users directories). * Add each machine to the domain (you do this from each machine individually) * Add the WorkstationAdministrators Group to the Local Administrators group on each machine. By doing this you can then add the users you wish to the 'WorkstationAdministrators' group in Active Directory, and these users will have admin privileges on the machine they are logged into. You could also do something similar with slightly less privileges and place them in the 'Power Users' group on the local machine instead of the Local Administrators. The only other thing to consider is that machines can only be a member of one domain (at a time). So those users that bring their own laptop (I assume its their own?) will have to be a member of your domain to get all this neat stuff to happen. Ie - they will still be a member of your domain when they take their machine home - which is not a huge issue as they should already have 'local' accounts on their laptops that they will still be able to log into. Clear as mud? -----Original Message----- From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Haslett, Andrew Sent: Tuesday, 7 March 2006 12:51 PM To: Discussion of Hardware and Software issues Subject: Re: [dba-Tech] Kill a Workgroup and Replace it with a Domain There's really no such thing as 'Nuking the workgroup'. Basically, if you're not part of a domain, then you're in a workgroup. But being part of a 'workgroup' really means nothing. It doesn't functionally do much at all. The only issue you're going to have out of those below, is access to emails from every machine. It means you'll have to place your mail folders at a central location. How are they accessing it currently? I assume you're not using exchange. A -----Original Message----- From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Arthur Fuller Sent: Tuesday, 7 March 2006 11:49 AM To: 'Discussion of Hardware and Software issues' Subject: Re: [dba-Tech] Kill a Workgroup and Replace it with a Domain I have one machine that is running Windows 2003 Server, but it so far is defined as part of the workgroup. How can I nuke the workgroup and then retroactively set up this box as the primary domain controller? In the short term, I don't care that while I reorganize everything I lose connectivity to the ancillary boxes, because that's all they are -- ancillary. So I feel quite free to nuke the workgroup, then create the domain and establish this box as the primary domain controller, then create the required users and then bring each box into the domain. I don't want to digress, but we are venturing close to the topic about what I really want, whose one-word answer I have been led to believe is ActiveDirectory. What I really want is that any of the known users be able to sit at any computer and login and have her Outlook file, her Favourites, Recent Documents list, etc. etc. available at once. I have lived on systems set up like this, but I didn't set them up and I have no idea how it's done. But that is my ultimate goal: 10 users, 3 of whom bring notebooks and connect via the wireless router, and the system knows who they are and knows which directories are available to them, etc. In the case of the latter 3, who are all clients, they should be able to access their client-specific directory on the server, and a few other directories, but not the whole world. In the case of, let's call them resident-users, of whom there are 8, they should be able to see their own data plus selected directories located here and there. Two of these 8 are fictional persons that I created to test the functionality of limited access. One is a user and the other is a developer (the latter so I can test VSS, Visual Studio 2005's concept of partial classes, etc.). Exactly two persons (me and my trusted colleague) can see everything everywhere. The immediate problems, I surmise from your reply, are: 1. nuke the workgroup; 2. retroactively reconfig the W23Server box to be the primary domain controller. I need help with both these steps. Thanks! Arthur -----Original Message----- From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Stuart McLachlan Sent: March 4, 2006 7:45 PM To: Discussion of Hardware and Software issues Subject: Re: [dba-Tech] Kill a Workgroup and Replace it with a Domain On 4 Mar 2006 at 19:20, Arthur Fuller wrote: > Way back when, I set up my home network, back when I knew even less > than I do now, which is almost nothing. When it asked if I wanted to > set up a domain, I assumed that it meant an internet domain, which I > didn't have, so > I chose Workgroup. I would now like to change this, and ultimately > arrive at > an Active Directory solution, replete with roaming profiles, so that > no matter which box I am on, I see the same Outlook files, the same shortcuts, > etc. In short, how do I get from here to there? Should I just remove > everyone from the workgroup, then destroy the workgroup, then create a > domain, then add the boxes to the domain, and finally add the users? > If not > this, then what? Assuming that you are using workstation OSs (2KPro, XPPro), you will need to upgrade the OS on one machine to a Server version or instal a new server with the appropriate OS. When you do the update, you set up that machine as the Primary Domain Controller. You then create user accounts on that server for all of your users. Once you have the domain controller set up, on each workstation change the Network properties to be part of a domain and enter the domain name. Then just follow the prompts to connect. >I have tried a few googles and got nowhere useful. One more thing. I >have purchased a wireless router, but not yet set it up. The intended >purpose of this box is to allow immediate access to my network to >several selected people only: clients and colleagues. I want a client >to be > able to visit, turn on her notebook and immediately have access to my > network -- not complete unfettered access, of course, but access to > areas of > interest to her. As long as you are using NTFS on all machines, once you hae set up a domain with a PDC, you can restrict access to any resource on any machine based on the user logon. Using wireless access to your network, if they have the relevant encryption key, they will be able to log on to your network and use whatever resources you have made available to them. > The list of clients/colleagues is small; less than 10 -- and the only > way they will ever access the network is by bringing their notebooks > here. In addition to the clients/colleagues, there are 4 others to > whom I want to give roaming profile abilities, so they can log in to > any available box and see their stuff and not see the stuff to which > they have no access. Again, this will all happen automagically once you set up a domain controller and user access rights. -- Stuart _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com IMPORTANT - PLEASE READ *** This email and any files transmitted with it are confidential and may contain information protected by law from disclosure. If you have received this message in error, please notify the sender immediately and delete this email from your system. No warranty is given that this email or files, if attached to this email, are free from computer viruses or other defects. They are provided on the basis the user assumes all responsibility for loss, damage or consequence resulting directly or indirectly from their use, whether caused by the negligence of the sender or not. _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com IMPORTANT - PLEASE READ *** This email and any files transmitted with it are confidential and may contain information protected by law from disclosure. If you have received this message in error, please notify the sender immediately and delete this email from your system. No warranty is given that this email or files, if attached to this email, are free from computer viruses or other defects. They are provided on the basis the user assumes all responsibility for loss, damage or consequence resulting directly or indirectly from their use, whether caused by the negligence of the sender or not.