Windows 2008 GPO's
Currently on a CC3 network and looking forward a couple of years to the next step up. CC4 is logically the best next step bearing in mind we're only 2 full time members of IT support + our digital media technician/moodle expert.
However it's folly to go diving in without properly exploring alternatives. I'm extremely well versed in CC4 so it's a known quantity for me, so it's left for us to play with some alternatives.
I've managed 2008 networks in the past with no issue - it's nice and easy as far as I'm concerned, but they were nice and simple, no restrictions in place to speak of, single servers and one or two printers.
I'd like to investigate and prove/disprove that a vanilla system is doable and more importantly manageable by 2.5 members of full time staff. It will be 2008 and 7 all round. I've set up a working 2008r2 x64 server and 7 station on the domain, virtually. School is a split site with circa 500 stations and 1500 pupils.
Does anyone have a set of GPO's I can "borrow" (well, use!) for testing purposes that would be typical for a school setup? For the sake of R&D I'd rather concentrate on an ideal setup with multiple DC's and load balancing than the nit-picking of GPO creation!
When/if the time comes, we'll cook those up from scratch to suit our needs.
Much appreciated :)
vanilla system is very doable with 1 member of staff (if you know what you are doing) (i wouldn't recommend it with 1 member of staff though)
2.5 is what we roll with here
it really depends on your skill set(s)
what you want out of the system
whether you feel restricted by CC4.
personally I would not work on a CC4/Viglen/<add additional flavour here> type of network, as I come from a vanilla background and find "managed" systems too restrictive with certain procedures such as provisioning new pcs/rebuilds locked to a particular methodology, and while the method is generally okay it has problems with specific applications, whereas with a vanilla system I can pick and choose different methods for the appropriate situation, the cost of these "managed" systems seem to me to be excessive. I can also change my method as and when I choose when suits me and the school, not when the "provider" deems appropriate.
also with a vanilla system, you can pick and choose different components for different tasks, such as print billing from one company, os deployment from another, os virtualization from another, app virtualization from another, classroom monitoring from another. etc etc. often as less cost that the "managed" system, also with the managed system they also can often blame third party components such as an easy scapegoat not to provide support (thinking viglen more there than RM)
vanilla systems are also more configurable in areas such as where you place your users home areas / profiles / etc. allowing a better load balanced / performing system.
having said that, these systems do have there place, especially with a lack of staff or skills (in the particular area of vanilla windows, I'm not saying people who operate RM networks are unskilled) and as another member posted on this forum in a different thread, it can free up time to work on other projects, such as sharepoint or moodle development.
just make them, its not that hard,
I'm not exporting our schools GPO's for you as a lot of it would not work without being in our network, and you would have more work finding the problems than it would be to setup some from scratch.
when I did our complete rebuild a few years ago, I setup the basic GPO's in less than an hour. if your not prepared to setup GPO's as part of your testing then I think you've answered your own question. CC4 it is
Thanks - I wasn't after being particularly lazy with asking for an export of GPOs (after all that might be a security risk in itself!). I just didn't want to sit doing something for testing purposes when there's plenty of other things to be doing. It's something I'll probably do properly in half term (and let's face it, it's not like April's going to be a particularly school-heavy month!).
We already split a few services away from the RM provided ones such as printer management and what not and certainly agree about the load balancing. We intend to consolidate as well as improve and performance could do with that extra little increase.
i didn't think you were being lazy, i was just trying to explain that there probably not much use outside of our environment.
out of interest do RM support server virtualization?
I know, don't worry :)
They don't support it officially (the last time I checked, anyway) although there's plenty of folks who do it. RM have training VMware images of CC4 servers which work rather well.
I think what I'd most like to stay clear of is too much boomph on the client machines. Also investigating AD GUI software (similar to and including Ranger) to keep the management side of things down. RM are now "admitting" their relationship with Ranger openly so I wonder if anything will change in the future.
Have you made the W2K8R2 server a DC?
Originally Posted by synaesthesia
We are moving away from CC3 to W2K8 Vanilla with possibly Burconix Management Tools.
Due to the amount of things internally hosted on the domain (email, sharepoint, SLG, wireless, etc) we are keeping the same domain and have created a new OU outside of "Establishments" and blocked inheritance etc.
The next step will be to create a new W2K8R2 DC but when we dcpromo it it'll want to upgrade schema etc and we need to keep CC3 working until the summer :(
We're not sure how the handover will work - this is still early testing stages and all entirely virtual. We're looking to move within the next couple of years.
I have kept the same domain name and roughly the same AD structure as CC3; our intention to for a smooth a transition as possible. I hope we'll be able to pretty much start from scratch to allow us to consolidate sites/OUs within AD - this will leave us able to import users as they are without problem.
We host a fair bit internally too - currently (but not for long, possibly!) SLG, Moodle etc but that shouldn't be a major issue - it's just the resetting up of permissions that might be a nightmare.
Thankfully I've gotten the GPO's pretty much straightened out as to how we want them. This is still proof of concept that we can manage a vanilla system between the 2 of us hence things like Burconix or Ranger on top are also things we're thinking about. So far it's looking good though - even without management tools on top that side of 2K8R2 seems that much more simple than 2003 was. With a few home-made ADSI tools for profile/password resets and common GPO tweaks, it could be very simple and a huge cost saving.
If you want to put heads together at any point please feel free to get in touch - my NM is keen to see examples of other systems and plans too.
I'm running a valillia network her and it's fine, for most of the reason's above.
You do kind of need to go though all of the GP settings yourself to work out what you can and can't do (I've had my 2k8 R2 DC's for a year and I found something 2 weeks ago that I didn't realise was there and probably was in 2003!).
My personal feeling are that why should you pay for something you can do with windows.
Our Prep school is currently looking at what I do with a possible view to getting rid of Ranger.
I had working test domain here , but because I needed desperately space on SAN I had to remove it :(, so starting again from scratch. On virtual environment we have CC3 domain and test domain. RM did not said anything when I told them we are virtual and don't need hardware support for servers, they still support software side of it and whole system works better than ever now.
Of course few problems here and there with domain, but there are so many forums etc. So I would say changing to vanilla is good thing and you learn on the way, you gain additional skills etc.
Only small problem I have now is kind of small management console for some IT teachers. They would like to be able to change passwords, allocate more space for students etc. With vanilla you don't get anything like RM management console, I hope i will be able to find something on the net.
Good luck to us all who want to free them self from RM :)
@kycmer - what functionality do you need for the teachers?