[27050] in resnet
Re: Windows 7 Labs in AD
daemon@ATHENA.MIT.EDU (Brian Gibson)
Tue Nov 22 11:42:01 2011
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------050809020307090004090406"
Message-ID: <4ECBD02C.5030607@wheatoncollege.edu>
Date: Tue, 22 Nov 2011 11:39:08 -0500
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: Brian Gibson <gibson_brian@wheatoncollege.edu>
To: RESNET-L@listserv.nd.edu
In-Reply-To: <20111122111426014.00000006764@CID5664>
This is a multi-part message in MIME format.
--------------050809020307090004090406
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
I'm not 100% sure but I think you might need to scrap DeepFreeze on
those machines because the Windows 7 desktops need to change it's
computer account password in the domain periodically (every 30 or 45
days I think). If you put a machine back to a previous state the
passwords might no longer match and the computer will need to be
rejoined to the domain (again, not 100% sure of this). I do not know if
a way to redirect a user's domain account to a local account, the two
are totally separate. What we have found works well for us (after a lot
of headache to set up) is VMware View set up in a Linked Clone floating
(non-persistent) desktop pool. You get the same benefit as DeepFreeze in
that when you logout the virtual desktop is nuked and put back to an
original state.
I think you have two options (again, thinking off of the top of my
head... could be wrong).
1. Switch over your network and print shares to AD which will make
printing and file share access seemless.
2. Maybe there is a connector to 'join' your Novell setup to AD?
On 11/22/2011 11:14 AM, Jenni Piper wrote:
>
> We are in the process of moving our Windows lab machines to
> Microsoft's AD environment and have run into some bumps. Our current
> environment is eDir, which consists of a Novell client running on
> Windows 7, where a user logs in with their network credentials for
> network resources ( network drives, printer access - iPrint). We are
> using Autoadminlogon to redirect all logins to a local account with
> the user profile configured for the various applications installed on
> the lab image. However, now that these machines are joining Microsoft
> AD, we are running into a problem where users are not being prompted
> for their network credentials if Autoadminlogon is enabled.
>
> We would like our windows 7 computers that are joined to a domain have
> domain users login with their credentials but instead of creating a
> new local account that matches that domain account we want it to login
> to a pre-configured local account. We have Deep Freeze installed on
> these computers meaning newly created profiles get wiped out at reboot
> resulting in long logins every time.
>
> How is your institution handling computer labs joined to a domain and
> user profiles?
>
> Jenni Piper
>
> Associate Director of Technology Services
>
> Eastern Mennonite University
>
> ___________________________________________________ You are subscribed
> to the ResNet-L mailing list.
>
> To subscribe, unsubscribe or search the archives, go to
> http://LISTSERV.ND.EDU/archives/resnet-l.html
> ___________________________________________________
>
--
++++++++++++++++++++++++++++
Brian Gibson
Systems Administrator
Wheaton College
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--------------050809020307090004090406
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
I'm not 100% sure but I think you might need to scrap DeepFreeze on
those machines because the Windows 7 desktops need to change it's
computer account password in the domain periodically (every 30 or 45
days I think). If you put a machine back to a previous state the
passwords might no longer match and the computer will need to be
rejoined to the domain (again, not 100% sure of this). I do not know
if a way to redirect a user's domain account to a local account, the
two are totally separate. What we have found works well for us
(after a lot of headache to set up) is VMware View set up in a
Linked Clone floating (non-persistent) desktop pool. You get the
same benefit as DeepFreeze in that when you logout the virtual
desktop is nuked and put back to an original state.<br>
<br>
I think you have two options (again, thinking off of the top of my
head... could be wrong).<br>
<br>
1. Switch over your network and print shares to AD which will make
printing and file share access seemless. <br>
<br>
2. Maybe there is a connector to 'join' your Novell setup to AD? <br>
<br>
On 11/22/2011 11:14 AM, Jenni Piper wrote:
<blockquote cite="mid:20111122111426014.00000006764@CID5664"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 12 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.5pt;
font-family:Consolas;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:Consolas;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoPlainText"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">We
are in the process of moving our Windows lab machines to
Microsoft's AD environment and have run into some bumps. Our
current environment is eDir, which consists of a Novell
client running on Windows 7, where a user logs in with their
network credentials for network resources ( network drives,
printer access - iPrint). We are using Autoadminlogon to
redirect all logins to a local account with the user profile
configured for the various applications installed on the lab
image. However, now that these machines are joining
Microsoft AD, we are running into a problem where users are
not being prompted for their network credentials if
Autoadminlogon is enabled.<o:p></o:p></span></p>
<p class="MsoPlainText"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoPlainText"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">We
would like our windows 7 computers that are joined to a
domain have domain users login with their credentials but
instead of creating a new local account that matches that
domain account we want it to login to a pre-configured local
account. We have Deep Freeze installed on these computers
meaning newly created profiles get wiped out at reboot
resulting in long logins every time. <o:p></o:p></span></p>
<p class="MsoPlainText"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoPlainText"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">How
is your institution handling computer labs joined to a
domain and user profiles?<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Jenni Piper<o:p></o:p></p>
<p class="MsoNormal">Associate Director of Technology Services<o:p></o:p></p>
<p class="MsoNormal">Eastern Mennonite University<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a class="moz-txt-link-freetext" href="http://LISTSERV.ND.EDU/archives/resnet-l.html">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
</p>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<br>
++++++++++++++++++++++++++++<br>
Brian Gibson<br>
Systems Administrator<br>
Wheaton College<br>
<br>
</div>
</body>
</html>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--------------050809020307090004090406--
