Windows Server 2000/2003 Thread, Redesigning a Primary School Network in Technical; Hello everyone,
First of all I'd like to say how useful I've found many of your threads on this forum; ...
16th May 2010, 04:52 PM #1
- Rep Power
Redesigning a Primary School Network
First of all I'd like to say how useful I've found many of your threads on this forum; I've been a long time lurker!
Down to the problem:
I've recently taken on the role of Network Manager at a Primary School and the first task I've given myself is to redesign the entire Domain - it is an absolute mess.
Please could you post a brief explanation of your OU structure so that I can get a good idea of where to start. I'm thinking a seperate OU for Office Staff, Teaching Staff, Non-Teaching Staff, SEN and Pupils, and then apply GPO's restricting each one differently.
Also, what shares and network drives do you all have in place?
Many thanks for any advice you can give.
16th May 2010, 05:08 PM #2
Welcome to Edugeek.
First of all I would take stock of your situation and identify the short comings of the system if any exist beyond it being a mess; consult your colleagues and identify whether they have particular needs/issues which require addressing.
My personal preference is to keep it simple and have a top level OU for computers & another for users under which in other OUs under these two you can break them up by their location/type/user type etc.
I'd keep the shares and network drives to an absolute minimum again based upon what is currently in place and my liking of keeping stuff simple probably a shared drive for student shared and a separate for staff shared under which you can use permissions to restrict access should certain aspects only be available to particular types of users.
I think you need to identify where you're at and what's currently available and get your new colleagues support in orchestrating a change like this, I'm sure those who are interested will thank you for involving their needs/wishes.
16th May 2010, 05:12 PM #3
You need to create a user gpo and addition under that for each user group.
16th May 2010, 07:34 PM #4
Presuming by your Post that it's a pretty big Primary, it would be useful to have a bit more background - number on role, number of classes, number of teachers, Admin System in use - SIMS etc, (how many use the Admin system)
17th May 2010, 11:18 AM #5
I've posted elsewhere that I am looking at doing similar to this.
My 'plan' for OU structuring would be to have 2 top level OU's, one for computers, and one for users, and then break down within them as follows.
-Computer - Admin PC, Staff PC, Staff Laptop, Student PC, Student Laptop.
-User -- Staff - Admin Staff, Teacher, Enhanced Teacher (enhanced teacher for ICT teachers or similar, who require some administrative access over staff and/or student areas that a normal teacher may not require.)
--Student - Year 1/2/3/4/5/6 + Generic login for reception class (mostly for easy management of students joining and leaving, unlikely to be different policies applied here)
You could go into heavy grouping of computers and their uses, but in the end, most teachers will use the same software, and access the same items. Anything more granular than this, you are most likely better off installing items individually, or relying on security permissions on the shares.
On the topic of shares, I would do the following:
-Student Shared (For shared resources amongst students)
-Staff Shared (For shared resources amongst Staff
-Multimedia (For storage of seperate video/audio or other items. Suggest seperate location to other shares, as this is an expanding area, and you are likely to need to expand on this in the future, so account for it now!)
-Software (Some networked software requires mapped drives for them to work)
-Hidden secret share (for you to store required but restricted items that you don't want most staff getting access to, but might need to access from other machines occasionally! Especially good for storing license-restricted software, the admin toolbar, and other useful apps, installers and documents)
17th May 2010, 04:09 PM #6
- Rep Power
Thanks for all responses so far.
@Kim - I've spoken to a few members of staff today - all of which agree that 'something needs to be done' as when they move between machines, their data isn't always accessible and the current shared drives are rather hit and miss. The roaming profile structure in place just doesn't work.
@Speckytecky - We currently have around 35 members of staff and 450 pupils. SIMS is used for all the admin side of things - which I'm not particularly familiar with. In the last school I worked at, they used a bespoke package developed for them. All members of staff use SIMS however they all have differing levels of access from what I can see.
@Neil - That looks like the exact soft of thing I'm after. That sort of structure would make Group Policies a lot more effective I think. The file shares look good too. I think I'm going to get a VM installed and play around with some ideas and report back to you!
One thing that I'm contemplating is developing a bespoke system to sit on top of Active Directory - similar to RM I suppose - that will allow me to delegate permissions to Teaching Staff for resetting just their pupils' passwords. I've got quite a few other ideas in mind for it too, but I'll see what I can put together. Slightly off topic, but if I managed to build such a system, would anyone be interested in testing it?
20th May 2010, 01:30 AM #7
- Rep Power
Right, I've set up a VM and installed and configured AD following the structure suggested above and it seems to be working quite well.
One thing I've also tried out is delegating password management to Teachers on the test domain and asked a member of staff to test this, however, although resetting a password in ADUC is extremely simple, the member of staff in question seemed to have real trouble and would prefer a dumbed down version! Perhaps the bespoke software would be a good idea...
By the way, how stringent are you guys with setting GPOs for Staff? I generally completely lock down the desktop for Pupils, however I'm not really sure how strict I should be with staff.
20th May 2010, 08:38 AM #8
For your password delegation perhaps this would work quite well?
I think writing bespoke password reset software would be quite far down my list of priorities if there are profile / network access problems at the moment.
For staff if the computer is shared I would keep the security just as tight (until/if this becomes a problem) but I was much less restrictive on personal laptops so they could install software etc without burdering my team to do this for them. (We simply did this by granting them local admin rights on their device only)
It's good that you're listening and responding to everyone, a great trait for working in edu IT!
By SteveR in forum General Chat
Last Post: 30th April 2013, 11:00 AM
By RobFuller in forum Network and Classroom Management
Last Post: 16th June 2012, 12:24 PM
By contink in forum General Chat
Last Post: 14th November 2010, 09:19 PM
By DaveP in forum Educational IT Jobs
Last Post: 8th February 2010, 01:14 PM
By HodgeHi in forum EduGeek Joomla 1.0 Package
Last Post: 4th May 2008, 02:55 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)