+ Post New Thread
Results 1 to 8 of 8
Windows Server 2000/2003 Thread, Redesigning a Primary School Network in Technical; Hello everyone, First of all I'd like to say how useful I've found many of your threads on this forum; ...
  1. #1
    WSF
    WSF is offline

    Join Date
    May 2010
    Posts
    5
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Redesigning a Primary School Network

    Hello everyone,

    First of all I'd like to say how useful I've found many of your threads on this forum; I've been a long time lurker!

    Down to the problem:

    I've recently taken on the role of Network Manager at a Primary School and the first task I've given myself is to redesign the entire Domain - it is an absolute mess.

    Please could you post a brief explanation of your OU structure so that I can get a good idea of where to start. I'm thinking a seperate OU for Office Staff, Teaching Staff, Non-Teaching Staff, SEN and Pupils, and then apply GPO's restricting each one differently.

    Also, what shares and network drives do you all have in place?

    Many thanks for any advice you can give.

    WSF

  2. #2


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,692
    Thank Post
    352
    Thanked 797 Times in 716 Posts
    Rep Power
    347
    Hi there,

    Welcome to Edugeek.

    First of all I would take stock of your situation and identify the short comings of the system if any exist beyond it being a mess; consult your colleagues and identify whether they have particular needs/issues which require addressing.

    My personal preference is to keep it simple and have a top level OU for computers & another for users under which in other OUs under these two you can break them up by their location/type/user type etc.

    I'd keep the shares and network drives to an absolute minimum again based upon what is currently in place and my liking of keeping stuff simple probably a shared drive for student shared and a separate for staff shared under which you can use permissions to restrict access should certain aspects only be available to particular types of users.

    I think you need to identify where you're at and what's currently available and get your new colleagues support in orchestrating a change like this, I'm sure those who are interested will thank you for involving their needs/wishes.

    Good luck.

  3. Thanks to kmount from:

    SimpleSi (16th May 2010)

  4. #3
    nicholab's Avatar
    Join Date
    Nov 2006
    Location
    Birmingham
    Posts
    1,507
    Thank Post
    4
    Thanked 98 Times in 94 Posts
    Blog Entries
    1
    Rep Power
    52
    You need to create a user gpo and addition under that for each user group.

  5. #4
    speckytecky's Avatar
    Join Date
    May 2006
    Location
    UK
    Posts
    2,531
    Thank Post
    3,415
    Thanked 261 Times in 213 Posts
    Blog Entries
    3
    Rep Power
    110
    Presuming by your Post that it's a pretty big Primary, it would be useful to have a bit more background - number on role, number of classes, number of teachers, Admin System in use - SIMS etc, (how many use the Admin system)

  6. #5


    Join Date
    May 2009
    Location
    UK
    Posts
    2,105
    Thank Post
    256
    Thanked 450 Times in 251 Posts
    Rep Power
    141
    I've posted elsewhere that I am looking at doing similar to this.

    My 'plan' for OU structuring would be to have 2 top level OU's, one for computers, and one for users, and then break down within them as follows.

    -Computer - Admin PC, Staff PC, Staff Laptop, Student PC, Student Laptop.

    -User -- Staff - Admin Staff, Teacher, Enhanced Teacher (enhanced teacher for ICT teachers or similar, who require some administrative access over staff and/or student areas that a normal teacher may not require.)
    --Student - Year 1/2/3/4/5/6 + Generic login for reception class (mostly for easy management of students joining and leaving, unlikely to be different policies applied here)

    You could go into heavy grouping of computers and their uses, but in the end, most teachers will use the same software, and access the same items. Anything more granular than this, you are most likely better off installing items individually, or relying on security permissions on the shares.

    On the topic of shares, I would do the following:
    -Student Shared (For shared resources amongst students)
    -Staff Shared (For shared resources amongst Staff
    -Multimedia (For storage of seperate video/audio or other items. Suggest seperate location to other shares, as this is an expanding area, and you are likely to need to expand on this in the future, so account for it now!)
    -Software (Some networked software requires mapped drives for them to work)
    -Hidden secret share (for you to store required but restricted items that you don't want most staff getting access to, but might need to access from other machines occasionally! Especially good for storing license-restricted software, the admin toolbar, and other useful apps, installers and documents)

  7. #6
    WSF
    WSF is offline

    Join Date
    May 2010
    Posts
    5
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks for all responses so far.

    @Kim - I've spoken to a few members of staff today - all of which agree that 'something needs to be done' as when they move between machines, their data isn't always accessible and the current shared drives are rather hit and miss. The roaming profile structure in place just doesn't work.

    @Speckytecky - We currently have around 35 members of staff and 450 pupils. SIMS is used for all the admin side of things - which I'm not particularly familiar with. In the last school I worked at, they used a bespoke package developed for them. All members of staff use SIMS however they all have differing levels of access from what I can see.

    @Neil - That looks like the exact soft of thing I'm after. That sort of structure would make Group Policies a lot more effective I think. The file shares look good too. I think I'm going to get a VM installed and play around with some ideas and report back to you!

    One thing that I'm contemplating is developing a bespoke system to sit on top of Active Directory - similar to RM I suppose - that will allow me to delegate permissions to Teaching Staff for resetting just their pupils' passwords. I've got quite a few other ideas in mind for it too, but I'll see what I can put together. Slightly off topic, but if I managed to build such a system, would anyone be interested in testing it?

  8. #7
    WSF
    WSF is offline

    Join Date
    May 2010
    Posts
    5
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Right, I've set up a VM and installed and configured AD following the structure suggested above and it seems to be working quite well.

    One thing I've also tried out is delegating password management to Teachers on the test domain and asked a member of staff to test this, however, although resetting a password in ADUC is extremely simple, the member of staff in question seemed to have real trouble and would prefer a dumbed down version! Perhaps the bespoke software would be a good idea...

    By the way, how stringent are you guys with setting GPOs for Staff? I generally completely lock down the desktop for Pupils, however I'm not really sure how strict I should be with staff.

  9. #8


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,692
    Thank Post
    352
    Thanked 797 Times in 716 Posts
    Rep Power
    347
    For your password delegation perhaps this would work quite well?

    I think writing bespoke password reset software would be quite far down my list of priorities if there are profile / network access problems at the moment.

    For staff if the computer is shared I would keep the security just as tight (until/if this becomes a problem) but I was much less restrictive on personal laptops so they could install software etc without burdering my team to do this for them. (We simply did this by granting them local admin rights on their device only)

    It's good that you're listening and responding to everyone, a great trait for working in edu IT!

  10. Thanks to kmount from:

    stariq (20th May 2010)

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 16
    Last Post: 30th April 2013, 10:00 AM
  2. Help - Primary School Solution - Managed Network
    By RobFuller in forum Network and Classroom Management
    Replies: 21
    Last Post: 16th June 2012, 11:24 AM
  3. Replies: 22
    Last Post: 14th November 2010, 08:19 PM
  4. Replies: 38
    Last Post: 8th February 2010, 12:14 PM
  5. Redesigning Template
    By HodgeHi in forum EduGeek Joomla 1.0 Package
    Replies: 4
    Last Post: 4th May 2008, 01:55 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •