[58] in Kakapo Windows Team
Re: WIN policies
daemon@ATHENA.MIT.EDU (Stephen Dowdy)
Thu Aug 7 18:01:36 2003
Message-Id: <5.1.0.14.2.20030807174443.01d6a6e8@hesiod>
Date: Thu, 07 Aug 2003 18:01:32 -0400
To: "Thomas L. Thornton" <tomt@mit.edu>, kakapo@mit.edu
From: Stephen Dowdy <sdowdy@MIT.EDU>
Cc: pismere-team@mit.edu, contact-container-admins@mit.edu
In-Reply-To: <200307312242.h6VMgDlN029663@the-rim.mit.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Tom... as you know, documentation is hard to keep up.... minor correction
on the managing quota page, it indicates that the user quota is initially
set at 100MB.... I believe it is actually now set at 500MB.
on the logon page... in the Q&A section... it says that you can not know
your win.mit.edu password. That isn't technically correct, is it? Maybe
you don't want to broadcast this unless there is some need.
At 06:42 PM 7/31/2003 -0400, Thomas L. Thornton wrote:
>As IS Windows staff compile a list of Windows services, we begin to
>consider the set of policies in this line. Participants in the MIT
>win.mit.edu, or WIN, Windows Domain encounter several categories of IS
>policy. First of all, some general infrastructure rules that have
>evolved under other infrastructures apply to users of the Domain.
>Second, we apply minimal machine policies Domain-wide. Finally, in
>implementing the Domain, frequent activities of users and container
>administrators are now automated to use web-based forms with specific
>required privileges. Here are some doc pointers and current states -
>please send along any comment.
>
>-Tom
>
>
>User Policies
> ------------
>
>There are no Domain-assigned WIN user policies. However, due to the
>architecture of this system, the user should be aware of the
>implications of the roaming profile. See:
> http://mit.edu/pismere/draft-documents/managing-your-profile.html
>
>Further, we accumulate several hints or rules of thumb for the user:
> http://mit.edu/pismere/draft-documents/logon
> http://mit.edu/pismere/draft-documents/dosanddonts.html
>
>
>Machine Policies
> ---------------
>
>WIN applies three policies to every machine, including software
>settings, windows setttings and administrative templates. Of course,
>container administrators may apply additional policies to machine
>containers. For a snapshot of current Domain-wide group policies,
>see:
> http://mit.edu/pismere/support/for-cont-admins/gpsnap
>
>For an introduction to win.mit.edu group policy, see:
> http://mit.edu/pismere/support/for-cont-admins/wingpintro.html
>
>For an explanation of win.mit.edu extensions to GP, see:
> http://mit.edu/pismere/support/for-cont-admins/winathena-extensions.html
>
>For the Windows Hotfixes we deploy Domain-wide, see:
> http://mit.edu/pismere/support/for-cont-admins/autohotfixer.html
>
>
>WIN Activity Policies
> --------------------
>
>The following Domain support activities are available through web
>pages down from http://mit.edu/pismere/support/web-interfaces.html and
>limited to users with privileges as specified.
>
>Request a container
> Must have an Athena account, must have at least one Athena container
> admin.
> Request approval comes from members of the list container-request
> Upon container approval,
> The list container-admin-[name] is set to be the container admin
> list for it, and includes a few other Domain-wide container admins.
> The Domain delegates only group policy control to the container.
>
>Set your WIN domain password
> Must have an Athena account.
>
>Delete a machine account from the WIN domain
> Must own the machine or be a container admin for the machine
> container.
>
>Container Maintenance Request
> Must have an Athena account (this may further restrict to require a
> container admin for the machine container).
>
>Join a machine to the Domain
> Must have an Athena account.
>
>Send a suggestion or comment about win.mit.edu
> Anyone.
>
>Report a win.mit.edu bug
> Anyone.
>
>Request PXE support on an MIT subnet
> Anyone.
>
>Request a win.mit.edu Dorm or Classroom cluster
> Anyone.
> Request approval comes from members of the list ac-proposals.
> Upon container approval, process copies "Request a container," above.
