[47] in Kakapo Windows Team
WIN policies
daemon@ATHENA.MIT.EDU (Thomas L. Thornton)
Thu Jul 31 18:42:17 2003
Date: Thu, 31 Jul 2003 18:42:13 -0400 (EDT)
Message-Id: <200307312242.h6VMgDlN029663@the-rim.mit.edu>
From: "Thomas L. Thornton" <tomt@MIT.EDU>
To: kakapo@MIT.EDU
CC: pismere-team@MIT.EDU, contact-container-admins@MIT.EDU
As IS Windows staff compile a list of Windows services, we begin to
consider the set of policies in this line. Participants in the MIT
win.mit.edu, or WIN, Windows Domain encounter several categories of IS
policy. First of all, some general infrastructure rules that have
evolved under other infrastructures apply to users of the Domain.
Second, we apply minimal machine policies Domain-wide. Finally, in
implementing the Domain, frequent activities of users and container
administrators are now automated to use web-based forms with specific
required privileges. Here are some doc pointers and current states -
please send along any comment.
-Tom
User Policies
------------
There are no Domain-assigned WIN user policies. However, due to the
architecture of this system, the user should be aware of the
implications of the roaming profile. See:
http://mit.edu/pismere/draft-documents/managing-your-profile.html
Further, we accumulate several hints or rules of thumb for the user:
http://mit.edu/pismere/draft-documents/logon
http://mit.edu/pismere/draft-documents/dosanddonts.html
Machine Policies
---------------
WIN applies three policies to every machine, including software
settings, windows setttings and administrative templates. Of course,
container administrators may apply additional policies to machine
containers. For a snapshot of current Domain-wide group policies,
see:
http://mit.edu/pismere/support/for-cont-admins/gpsnap
For an introduction to win.mit.edu group policy, see:
http://mit.edu/pismere/support/for-cont-admins/wingpintro.html
For an explanation of win.mit.edu extensions to GP, see:
http://mit.edu/pismere/support/for-cont-admins/winathena-extensions.html
For the Windows Hotfixes we deploy Domain-wide, see:
http://mit.edu/pismere/support/for-cont-admins/autohotfixer.html
WIN Activity Policies
--------------------
The following Domain support activities are available through web
pages down from http://mit.edu/pismere/support/web-interfaces.html and
limited to users with privileges as specified.
Request a container
Must have an Athena account, must have at least one Athena container
admin.
Request approval comes from members of the list container-request
Upon container approval,
The list container-admin-[name] is set to be the container admin
list for it, and includes a few other Domain-wide container admins.
The Domain delegates only group policy control to the container.
Set your WIN domain password
Must have an Athena account.
Delete a machine account from the WIN domain
Must own the machine or be a container admin for the machine
container.
Container Maintenance Request
Must have an Athena account (this may further restrict to require a
container admin for the machine container).
Join a machine to the Domain
Must have an Athena account.
Send a suggestion or comment about win.mit.edu
Anyone.
Report a win.mit.edu bug
Anyone.
Request PXE support on an MIT subnet
Anyone.
Request a win.mit.edu Dorm or Classroom cluster
Anyone.
Request approval comes from members of the list ac-proposals.
Upon container approval, process copies "Request a container," above.
