IST Support Model for ADS/Win2K:
What's in it for the Department?

The IST Active Directory and Windows 2000 project has been well documented from the perspective of IST's goals. However, the user perspective is not as well represented. Why would a department join this environment? What are the trade-offs? What are the options? This short document outlines one department's considerations as it tries to create a more managed environment for its computers.

Example department: Learning and Teaching Through Technology (LT3)

Over a period of two and a half years (2000 - 2002) LT3 has grown in size as we've hired co-ops, temporary staff, and contract personnel to work on externally funded projects. Our computing needs have correspondingly grown - more computers, more software, more chaos, and more critical backup requirements.

Activities such as uncontrolled software installations cause more work for the computing systems manager (answering questions, debugging, security holes, rebuilds, etc.). We could prevent some of these problems by creating a managed workstation environment. LT3 hasn't had a consistent desktop backup scheme. In an environment where some staff (like co-ops) are transient and projects are constantly changing, we need to know that data is backed up.

In looking at a solution to these problems we consider adopting the following options:

1. IST support model, based on Active Directory System and Windows 2000.
2. DeepFreeze on all workstation to prevent additional software from being installed; a backup system strategy in place and understood by the owner.
3. No change, which is not really an option.

Description of the IST ADS/Win2K Model

The IST project objective is to create a stable and supportable Windows 2000 environment. The full scope and objectives are found in the project final report. The following project activities impact the department.

• IST and the department meet to discuss the migration. The department representative receives a checklist to guide the process. Part of this is a computer inventory. A tool called mvPCinfo is provided that helps collect the necessary data.
• An image containing the OS and base software is put on the machine.
  • Windows 2000 and also Windows 95/98 are both supported.
  • IST provides a base image (OS, and standard apps like Office XP, Synchronize, Netscape, etc.).
    • When new PCs are purchased, they can be imaged by IST. This will make the PC look like other PCs in the department, and be configured properly to work with the computing infrastructure at UW.
  • Department provides and installs the additional software, though IST may offer assistance if needed.
  • Creation of additional images beyond the standard one is not encouraged, and must be negotiated with IST support personnel.
• The machine is added to the Active Directory.
• The user is added to the Active Directory (though most already exist).
• Department (LT3) assigns a local technical support person(s) as the primary contact to and by IST (most already have one).
• Department is assigned to an IST support person; requests go through local support, who calls upon IST as required.

Advantages of the ADS/Win2K Support Model

• Machine in AD
  • As part of the supported structure the system receives services for that group policy.
    E.g., automatic distribution of critical service updates for OS and core services such as Office Suite, Outlook and Internet Explorer. Service Pack 3 is an example.
• User in AD
  • As part of the supported structure the user has access to their NetApps space, and access to things defined by the group policy.
    • Data on the Netapps is scanned every night for viruses. Viruses are either cleaned or deleted.
    • Backups (snapshots) are easily accessible.
• AD Security Groups
  • LT3 would be an Organizational Unit (OU). A security group is a collection of people or groups that have access to a resource, not all of whom need be from the same OU.
• Support from IST
  • IST typically installs the image on the systems.
  • Local departmental support takes first calls and first attempts at resolution. Would then request support from a designated IST support person (or to the Hardware or Network groups via request, as appropriate).
    • Support requests sometimes through direct call or email, or via IST request system.
    • Requested support items are prioritized by the IST support person into their other workload.
  • IST typically does not have a devoted time slot for the support of a department. (DE is an exception because they are off-campus. LT3 co-ops and staff at Gage would have the same support model.)
  • If a system needed to be rebuilt, IST would do this.
• Removal of old NT servers.
  This project will allow groups to eventually remove these servers, and free up people resources that have had to support them in the past.
• Printer control can be managed by local computing support reps.
  Computer support reps can clear printer problems without have to call IST.

Possible Future Advantages/Changes

• Being part of an Organizational Unit
  • Software distribution will be more popular. At this time IST doesn't have enough experience with this to give OU admins permissions to do this.
  • Policies may be applied to an OU (e.g restrictions on password complexity) but IST doesn't anticipate a huge demand for this.
  • Management of departmental security groups by the local support person (via a web page) is now in pilot and may be available later.
    E.g., create and administer network shares. Manage all group spaces, such as co-op areas.
• Once the process is better known, local support staff might image their systems (or rebuilds).
• Laptop support
  • A project has started to investigate how laptops fit into this environment.
  • Currently the laptop client is moved to the Active Directory and their data is put on the NetApps. Laptop operating systems are not managed, meaning the latest patches and updates are not pushed to them. The deployment project does not re-image laptops.

Created by Andrea Chappell
Last updated 5 November 2002 by Andrea Chappell