+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 31
Learning Network Manager Thread, New School, New Network in Technical; Hi all, Long time lurker, first time poster! I recently got a Network manager gig, after 7 years as a ...
  1. #1

    Join Date
    Apr 2012
    Posts
    413
    Thank Post
    39
    Thanked 35 Times in 28 Posts
    Rep Power
    15

    New School, New Network

    Hi all,

    Long time lurker, first time poster!

    I recently got a Network manager gig, after 7 years as a technician.

    I know how networks 'work' and I have been able to understand why we have done what we have done etc.

    I am now faced with an alien network. Im not sure if it is just me - but the way it is set up does not reflect what I have done before, it does not seem to lock down Windows at all. RDC/CMD are available to all. Im not sure how profiles are set up, and it seems to be running very slowly.

    I have been given a large pot of money. Enough (more then!) to build the school a better network. I need to replace PCs around rooms to the tune of 50 odd, an IT room of 36 as well. As that is pretty much the large majority of machines (exc laptops which Im leaving for the moment) I thought about getting some new servers and starting from scratch. Reading some other threads, people generally say if you can do it - its the best option.

    So this is my plan:

    Server 2008 R2 servers running hyper V - hosting a couple of DCs (on different hosts) exchange, SIMs and a print server
    1 file storage server

    Windows 7 SP1 clients throughout the school with office 2010 and have WSUS inplace to do windows update.

    I want to use just GP to lock things down (trial and error I think?) and use GP to send out software. We do have impero, which is a nice bit of kit for wider management.

    Does that sound like a plan? Any thoughts on specs for the servers?

    Also - Im thinking of rolling out mandatory profiles across the school and using folder redirection to link back to a standard staff/student start menu/desktop.

    Can someone explain if this is the right way to do it? And if so what do I lose by not having roaming profiles?

    Thanks in advance!

  2. Thanks to mattianuk from:

    russdev (20th April 2012)

  3. #2

    Join Date
    Nov 2009
    Location
    Manchester
    Posts
    1,051
    Thank Post
    6
    Thanked 200 Times in 180 Posts
    Rep Power
    52
    You don't actually mention what you already have.

    What are the servers running, what are the clients running etc. No point starting fresh if you are for example already on Windows 7 clients and Server 2008 (as logn as it is 64bit) or R2 unless there is an obvious problem that exists.

    Don't chaneg things to fast you will upset everyone, basically take between now and half term to work out what you have and how it is working, then form a plan for the summer and take it to your line manager.

  4. #3


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by Achandler View Post

    Don't chaneg things to fast you will upset everyone, basically take between now and half term to work out what you have and how it is working, then form a plan for the summer and take it to your line manager.
    very good advice here. Take it slow.
    When I started doing school ITSupport I was convinced that everything should be locked down as tight as possible on the clients. After several years my attitude to this has relaxed considerably - it is much more important to have the network (switches/firewall etc) and the servers secure. Security through GPO on the clients is important, but don't go ovekkill on it because it can introduce a lot of problems an annoy users. GPO to install software is worth concentrating on, as is mandatory profiles - try and keep things consistent.

  5. #4

    Join Date
    Apr 2012
    Posts
    413
    Thank Post
    39
    Thanked 35 Times in 28 Posts
    Rep Power
    15
    We have a mixed XP/Win7 (one room, some laptops) environment here. 4 servers, 2 2003 (one that appears to do everything including file storage) + 2 DCs (2003) which are about 8 years old. There is a nice new 2008R2 brought in by the guy before me, but he did'nt stay long enough to crack on.

    The school is ready for change - the SMT/HoD brought me in under a new headteacher with the knowledge that things were going to happen quickly and that they were funding the changes because they want it to happen, as long as I justify what I am doing in an educational context they are happy, and as I say - I am not new to this, I have been senior tech at last 2 high schools since before there were network managers... and in comparison this network is tiny...

    These plans are for the summer btw, Im having 3 weeks of paternity at June ht, so need to get started now

  6. #5

    Join Date
    Apr 2012
    Posts
    413
    Thank Post
    39
    Thanked 35 Times in 28 Posts
    Rep Power
    15
    Quote Originally Posted by CyberNerd View Post
    very good advice here. Take it slow.
    When I started doing school ITSupport I was convinced that everything should be locked down as tight as possible on the clients. After several years my attitude to this has relaxed considerably - it is much more important to have the network (switches/firewall etc) and the servers secure. Security through GPO on the clients is important, but don't go ovekkill on it because it can introduce a lot of problems an annoy users. GPO to install software is worth concentrating on, as is mandatory profiles - try and keep things consistent.
    Any advice on mandatory profiles?

    Not going on full lock down, but staff and students can currently access local drives, browse network shares of user files, run CMD connect to servers via RDC and that is just for starters!!!

  7. #6
    maark's Avatar
    Join Date
    Feb 2006
    Location
    leicester
    Posts
    470
    Thank Post
    90
    Thanked 73 Times in 65 Posts
    Rep Power
    38
    Would look at getting rid of xp clients to make things easier to manage by having all on windows 7.
    If you have microsoft schools agreement that gives cheap licences - setup 2008R2 data center edition on your decent/new servers - this will allow you unlimited hyper v virtual servers - pretty straightforward to setup.
    Setup new virtual DCs on 2008 R2 - when they have replicated ok then you can move roles off your old DCs and retire them.
    Basically aim for 2008 R2 on servers - win 7 on clients and take it from there.
    Impero is useful for installing software/updates that don't have msi's by logging on to several machines at once and running mimic scripts.
    Also you get can rid of profiles altogether for students - will just setup a local profile when they logon first time to a machine - redirect desktop, start menu etc.
    Last edited by maark; 20th April 2012 at 11:49 AM.

  8. Thanks to maark from:

    russdev (22nd August 2012)

  9. #7

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,944
    Thank Post
    862
    Thanked 1,442 Times in 991 Posts
    Blog Entries
    47
    Rep Power
    616
    Sounds more or less like a good plan.

    Things to consider:
    * Switching - have you got a redundant core or is your core switch a SPOF?
    * Virtualization - best to keep one DC physical - doesn't need much in the way of spec, so can probably re-use an old server once it's decommissioned, but you can have problems with failover clusters without a DC up - and if all your DCs are virtual, you get into a bit of a chicken-and-egg situation. It can be gotten around, but easier to avoid it altogether - plus you don't want all your eggs in one basket. Bit heavy on the egg-metaphors, this advice, but I'm just trying to lay some groundwork advice down
    * Consider setting up two new admin accounts when you start - one so you're not using "administrator" as a log in (and oyu can rename guest to administrator to use it as a honey trap) and another one to give to programs wanting admin privileges to run services etc. Give this last one a long KeePass generated string of garbage. Having it separate from the domain admin account oyu use frees you up to change your domain admin password more easily.
    * Look at Microsoft EES if you haven't already, could be well worth it depending on circumstances
    * Also look at Live@edu for your email
    * Consider System Center stuff for software deployment etc. - quite indepth but also cheap for schools
    * And hell yes stop them installing software and using command - cannot believe that is still open.

    Most of all, write down what you're doing as you're doing it, for your own benefit - if you're doing a big job like this you will soon lose track of everything you've done even a fortnight before!

    Good luck, and enjoy

  10. #8

    Join Date
    Apr 2012
    Posts
    413
    Thank Post
    39
    Thanked 35 Times in 28 Posts
    Rep Power
    15
    Quote Originally Posted by maark View Post
    Would look at getting rid of xp clients to make things easier to manage by having all on windows 7.
    If you have microsoft schools agreement that gives cheap licences - setup 2008R2 data center edition on your decent/new servers - this will allow you unlimited hyper v virtual servers - pretty straightforward to setup.
    Setup new virtual DCs on 2008 R2 - when they have replicated ok then you can move roles off your old DCs and retire them.
    Basically aim for 2008 R2 on servers - win 7 on clients and take it from there.
    Impero is useful for installing software/updates that don't have msi's by logging on to several machines at once and running mimic scripts.
    Also you get can rid of profiles altogether for students - will just setup a local profile when they logon first time to a machine - redirect desktop, start menu etc.
    Yes, as Ill be replacing 40% of PCs, 10% are laptops, and the remaining are windows 7 already so will be going to Win 7 SP1 under the EES licensing.

    I was thinking about starting a new domain. As Im going to be rebuilding all bar 30 machines anyways, this means I can crack on with testing when I get new servers in, and means I cant mess up the current domain??

    Only problem I forsee is exisiting users with laptops. These wont be in over the summer, and Im loathed to require them to be in just to join them to new domain, any thoughts anyone? Also what is the best way laptops can be set up at the moment? Don't want to go down the sync route, I want their storage to be local only, but still want GP restrictions to secure them...

  11. #9

    Join Date
    Apr 2012
    Posts
    413
    Thank Post
    39
    Thanked 35 Times in 28 Posts
    Rep Power
    15
    Quote Originally Posted by sonofsanta View Post
    Sounds more or less like a good plan.

    Things to consider:
    * Switching - have you got a redundant core or is your core switch a SPOF?
    * Virtualization - best to keep one DC physical - doesn't need much in the way of spec, so can probably re-use an old server once it's decommissioned, but you can have problems with failover clusters without a DC up - and if all your DCs are virtual, you get into a bit of a chicken-and-egg situation. It can be gotten around, but easier to avoid it altogether - plus you don't want all your eggs in one basket. Bit heavy on the egg-metaphors, this advice, but I'm just trying to lay some groundwork advice down
    * Consider setting up two new admin accounts when you start - one so you're not using "administrator" as a log in (and oyu can rename guest to administrator to use it as a honey trap) and another one to give to programs wanting admin privileges to run services etc. Give this last one a long KeePass generated string of garbage. Having it separate from the domain admin account oyu use frees you up to change your domain admin password more easily.
    * Look at Microsoft EES if you haven't already, could be well worth it depending on circumstances
    * Also look at Live@edu for your email
    * Consider System Center stuff for software deployment etc. - quite indepth but also cheap for schools
    * And hell yes stop them installing software and using command - cannot believe that is still open.

    Most of all, write down what you're doing as you're doing it, for your own benefit - if you're doing a big job like this you will soon lose track of everything you've done even a fortnight before!

    Good luck, and enjoy
    Ive heard of live@edu - but Im a fan of Exchange, do you use it? What has it got over exchange?
    Admin accounts - good idea thanks
    Got EES in pipeline
    Will keep one of the servers as a DC - thanks for that

  12. #10

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,944
    Thank Post
    862
    Thanked 1,442 Times in 991 Posts
    Blog Entries
    47
    Rep Power
    616
    Quote Originally Posted by mattianuk View Post
    Ive heard of live@edu - but Im a fan of Exchange, do you use it? What has it got over exchange?
    Admin accounts - good idea thanks
    Got EES in pipeline
    Will keep one of the servers as a DC - thanks for that
    I still use Exchange here - it was set up already so was easier to keep that running - but there's a good few folks round here use it. I think the chief advantage is Free and Not Your Problem Anymore - which wrt Exchange, can be quite the advantage!

  13. #11
    maark's Avatar
    Join Date
    Feb 2006
    Location
    leicester
    Posts
    470
    Thank Post
    90
    Thanked 73 Times in 65 Posts
    Rep Power
    38
    What email do you use now?
    Exchange is good but can be a pain to setup - i would look at google apps for mail - syncs with active directory better than live@edu and you won't have to worry about backups.

  14. #12

    Join Date
    Apr 2012
    Posts
    413
    Thank Post
    39
    Thanked 35 Times in 28 Posts
    Rep Power
    15
    Ive set up exchange in last 2 schools, this one uses the LA's software which is basically squirrel mail or IMAP.

    Still think Im going to go for exchange 2010 tbh but will look at google apps. I just like to be in control of our core services.

  15. #13
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,421
    Thank Post
    508
    Thanked 282 Times in 258 Posts
    Rep Power
    81
    Watch it with Exchange... Exchange 2010 can be a monster!

  16. #14

    teejay's Avatar
    Join Date
    Apr 2008
    Posts
    3,174
    Thank Post
    284
    Thanked 773 Times in 583 Posts
    Rep Power
    335
    Live@edu is being replaced by Office365 for edu and I understand should be available by the time you're looking at transferring. That has much better sync with ad and some other nice bits. I have to agree about Exchange 2010, it's a monster and can be a complete pita, much preferred our old Exchange 2003.

  17. #15

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,920
    Thank Post
    708
    Thanked 550 Times in 365 Posts
    Blog Entries
    3
    Rep Power
    204
    If in support you get unlimited remote technical and teacher training. So let us know we can remote session and get you up to speed on Impero side of things..

    Russell

    Quote Originally Posted by mattianuk View Post
    Hi all,

    Long time lurker, first time poster!

    I recently got a Network manager gig, after 7 years as a technician.

    I know how networks 'work' and I have been able to understand why we have done what we have done etc.

    I am now faced with an alien network. Im not sure if it is just me - but the way it is set up does not reflect what I have done before, it does not seem to lock down Windows at all. RDC/CMD are available to all. Im not sure how profiles are set up, and it seems to be running very slowly.

    I have been given a large pot of money. Enough (more then!) to build the school a better network. I need to replace PCs around rooms to the tune of 50 odd, an IT room of 36 as well. As that is pretty much the large majority of machines (exc laptops which Im leaving for the moment) I thought about getting some new servers and starting from scratch. Reading some other threads, people generally say if you can do it - its the best option.

    So this is my plan:

    Server 2008 R2 servers running hyper V - hosting a couple of DCs (on different hosts) exchange, SIMs and a print server
    1 file storage server

    Windows 7 SP1 clients throughout the school with office 2010 and have WSUS inplace to do windows update.

    I want to use just GP to lock things down (trial and error I think?) and use GP to send out software. We do have impero, which is a nice bit of kit for wider management.

    Does that sound like a plan? Any thoughts on specs for the servers?

    Also - Im thinking of rolling out mandatory profiles across the school and using folder redirection to link back to a standard staff/student start menu/desktop.

    Can someone explain if this is the right way to do it? And if so what do I lose by not having roaming profiles?

    Thanks in advance!

SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. How Would You Design A New School's Network
    By gopackgo in forum Wired Networks
    Replies: 12
    Last Post: 18th March 2012, 11:40 PM
  2. New Job. New School. New VLE?
    By Sam_Brown in forum Virtual Learning Platforms
    Replies: 9
    Last Post: 16th September 2009, 11:29 AM
  3. Replies: 7
    Last Post: 21st November 2008, 11:47 AM
  4. Brand new school - ICT suite desking options?
    By gcsouth in forum Recommended Suppliers
    Replies: 5
    Last Post: 9th December 2007, 03:08 PM
  5. New School. New subnets that just dont make sence to me.
    By sreiach in forum Network and Classroom Management
    Replies: 2
    Last Post: 4th September 2007, 06:26 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •