“Zen” Workstation Environment Status Report

John Klein

Debbie Carraway

Information Technology, Systems

Current Status & Timetable

• 63 PC’s in ITD Laundry lab moved Friday• So far, students seem happy

– Norton Antivirus has some minor issues– No data yet from Helpdesk re: Remote Control

• Other ITD labs to be converted during break between Summer II and Fall 2000

Schedule Review

Event Review

• Deploy Summer I delayed so for improved communication & documentation

• Summer II suffered two major disasters:– NDS “Obituaries” and mixed replica rings– Concurrent RAID failures on 2 of the 3 replica

holders for .Users

• Moving now to test at scale before Fall

How do things work?

Review changes from traditional setup• Novell Client-32 rather than NCSU GINA• kAuth for access to AFS on NT4

workstations• No additional restrictions on HKLM• Apps in Netware filespace for access from

non-NT4 clients (Win2k, Win9X)• Profiles in Netware file space

Application Assignment

iMacProfileA Physical PC(with a physical Registry)

UserObjects

Application

Associatedwith

DisplayOnly if RegistryKey is set

“Show” Application

Associated “force run”with

WorkstationObjects

Registry Gets set

Where do settings come from?

User

Workstation

LoginScript

UserPolicy

WSPolicy

Depends on OU=Zenlab env var to runSets L:, M: and a temporary K:Enables Proquota for each userAny other “Run at Login” type tasks

Sets up Dynamic Local UserDisables RegeditAny other “User” policies (see NT Resource Kit)

Disables Peer to Peer NetworkingRuns kAuthInstalls printer driversAny other workstation restrictions

Details of WS Policies

• Global Policies are assigned to the container, and impact all WS in that container

• Specific Policies are assigned to WS groups (for particular printers, etc)

OrganizationalUnit

..WS Group

..WS Group

GlobalPolicy

SpecificPolicy

Imaging to restore OS

• We use “Boot Control” (part of Free DOS project), installed on Master Boot Record.

• First partition: 1250 MB FAT16 with DOS, Ghost, and an AUTOEXEC to control restores

• Integrates with our ‘unattended’ NT install

• Initial admin touch to create ghost image including workstation’s identity

Resources

• On the webhttp://www.ncsu.edu/mtip/zen/labs

• E-Mailmtip@chaos.cc.ncsu.edu

nag@chaos.cc.ncsu.edunt-discuss@listserv.ncsu.edu

What we’ve achieved

• “Simpler” (not trivial) Application creation– Most apps can run without security changes– NTFS permissions still “majic”

• Quicker restores of damaged lab seats– “Self healing” applications replace individual

files and settings on apps that won’t run– “Rebuild this PC” can be done by end users to

restore to pristine installed condition, quickly

What we’ve achieved (2)

• Secure, Policy based Remote Control for improved help desk

• Complete workstation inventory in Sybase

• Policy based platform for managing PC’s, using standard tools

• A more “open” platform to support OS’s besides NT4

Where to go from here?

• You tell us!• Address any “Anti-features” discovered in

labs• Improve documentation• Develop and Publish Policies and Procedures

for new applications in the open labs• Prepare for Windows 2000 and Zen for

Desktops v3

“Zen” Workstation Environment Status Report

John_Klein@ncsu.edu

Debbie_Carraway@ncsu.edu

Information Technology, Systems