• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

School project - Software deployment -lots of questions

T

TheGreenGoblin

Senior member

I'm working on setting up a small Win2k network for school and need a bit of help (mostly with the software aspect)

I've got about 7 different departments of users , each with different MS office needs. E.g. Some need word only , some need word + access , etc. I want to iron out the best way to have the software run off one of our servers.

Do I have to use GPO's to assign a software package to each user ? I'd like the apps made available to each user with little or no interaction with installation.

I have each department organized into different OU's in our domain along with Global groups. Is it easy to configure it so that the users that aren't allowed to use Excel for example , won't even see it listed in the start menu?

Since I have no real world networking experience , I don't know how much users are restricted. Are there any GPO restrictions that should definitely be enabled ?

I also would like to use DFS to set up some File shares . How do client machines usually access The DFS ? I've played around with it a bit , but i'm still not quite sure if I can set it up so clients are automatically redirected to the secondary file server if the first goes down. I need my DFS link to point to 2 diff physical locations ?

Seems to me that having clients , go into my network places , open a server icon , and look for shares , is a lot. Right now I've got Home folders appearing as mapped network drives to each user.Is there any way to simplify the File sharing aspect too? Can it be done with DFs ?

Thx for the help.
 
It sounds like you have separated people who need different sets of Office apps into different OUs. This makes things easier.

To do this, you will need the Office Resource Kit (ORK). This program allows to you customize the office .msi file to your liking. You can decide which apps will be installed, which options for those apps, what settings (such as spelling checking in Word) will be implemented. Then you create your package in the GPO and click on the modifications tab. This will allow you to add the changes (which are stored by the ORK in a .mst file) to the package and deploy it.

Then, you will create a GPO for each of the OUs you set up. Each GPO will have an office package that uses the same msi file, but has a different mst modification file, depending on what apps you want for each OU. Make sure you (under the packages properties) that you check the box that says "uninstall this application when it falls out the scope of management" That way, when you move users from one OU to another, apps will be removed and added according to the GPO on each OU.

GPO restrictions are a matter of how much you want your users to be able to do. You can create an environment so locked down that there will no icons (or just one, say IE) and nothing on the start menu execept "log out" A more realistic GPO would disallow access to the computer management mmc, some control panel applets, IE options, and maybe the run command on the start menu.

I dont have too much experience with AD Dfs, but from what I understand you should be able to map shares much like you do now. The shares are published in the AD however. So when writing a logon script to map a drive, you would type the UNC name for the share as it is in the AD. I'm not sure of the actually syntax for referencing something in AD. Once connected, the share could actually be on two or more servers, and the client wouldnt know. So, say before you had a share called "files" on two servers, \\filesrv1\files and \\filesrv2\files If filesrv goes down you could rewrite the logon script to point to filesrv2's share--a big pain, to say the least. With Dfs, the share is on filesrv1 and 2 simultaneously, and the files are replicated between the two. If filesrv1 were to go down, the client should not notice a thing.

Hopes this helps you out.
 


Thanks a lot , it does . Though with the limited time I have left to work on this , I think I might be forced to keep it more simple than 1st planned
 
Just to add to the DFS side of things, once you have it set up, you can easily set permissions on it and map the root of the DFS to a network drive. A shortcut can be placed on the desktop of the user to ease browsing concerns.
If you are short on time, focus on the software publishing/assigning. DFS is not commonly used, and learning how to properly deploy software via GPO and the AD is a nice skill to have.
 

Thx for the advice. Group Policy doesnt seem to be overly complex once you've got a firm grasp of the stacking of the GPO's. Though with " Block inheritance " and " no override" i'm sure it can get messy real fast if there are too many overlapping GPO's. I find this to be one of the more interesting aspects of networking so far.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top