+ Post New Thread
Page 2 of 4 FirstFirst 1234 LastLast
Results 16 to 30 of 50
Wireless Networks Thread, Admin and Curriculum networks seperate? in Technical; Capita are all for it ... They want more teachers logging into and using SIMS.net. They also really want people ...
  1. #16

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,992
    Thank Post
    1,359
    Thanked 1,828 Times in 1,135 Posts
    Blog Entries
    19
    Rep Power
    602

    Re: Admin and Curriculum networks seperate?

    Capita are all for it ... They want more teachers logging into and using SIMS.net.

    They also really want people to use their VLE too ... so that might have something to do with them wanting a single network.

  2. #17

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    24

    Re: Admin and Curriculum networks seperate?

    Yeah- it was .ICT who told us that we "would have to" merge the two networks...what's that song? "One way or another, we're gonna get ya"!

    Paul :-)

  3. #18
    woody's Avatar
    Join Date
    Jun 2005
    Location
    Carlisle, Cumbria
    Posts
    619
    Thank Post
    3
    Thanked 17 Times in 15 Posts
    Rep Power
    22

    Re: Admin and Curriculum networks seperate?

    One way to make staff security conscious is to tell them that if they leave themselves logged on, pupils will have access to all their personal details including bank A/C numbers! Of course, I wouldn't let this happen but teachers don't have to know that! It's only when it affects them personally that they MIGHT do something about it.

    At the end of the day, if SMT say they want it, I'll have to deliver. So here's another question:

    If my curriculum server is a domain controller and my admin server is a domain controller and they are running differently named domains, how do I bring the admin one onto the same domain as the curriculum one?

  4. #19

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,592
    Thank Post
    109
    Thanked 770 Times in 598 Posts
    Rep Power
    183

    Re: Admin and Curriculum networks seperate?

    Quote Originally Posted by mark_wood
    If my curriculum server is a domain controller and my admin server is a domain controller and they are running differently named domains, how do I bring the admin one onto the same domain as the curriculum one?
    Export your users onto the curriculum domain, demote the admin DC, join it to the curriculum network and promote it to a DC (assuming you want to use it as one). Easy as...

  5. #20

    Join Date
    Aug 2005
    Location
    Birmingham, UK
    Posts
    490
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Admin and Curriculum networks seperate?

    We run a merged network here, its been merged since the NT4 box dissapeared 4 years ago i believe, we never have any problems, ACLs are your best friend so far (touch wood) in the 2 1/2 years ive been here there has been no security breaches.

  6. #21
    OverWorked's Avatar
    Join Date
    Jul 2005
    Location
    N. Yorks
    Posts
    1,022
    Thank Post
    200
    Thanked 42 Times in 34 Posts
    Rep Power
    30

    Re: Admin and Curriculum networks seperate?

    I agree - go for it!

    When I came here three years ago, there were two separate networks. It was for purely historical reasons - originally (years ago) admin had a small network, and teachers and pupils had standalones. The standalones were joined to form the curriculum network.

    I asked our LEA if they had any objections - they hadn't.

    The way I do it is to allow admin staff access to shares that the teachers use. Only some teachers (those who need it) have access to admin shares.

    GPO's limit the desktop, and mapped drives pointing to the relevant shares. The admin staff have a very bland GPO, giving them almost free control over their desktops. Teachers have a much stricter GPO locking down their desktop do it's similar to the pupils.

    The shares are controlled with NTFS permissions.

    I did it by just doing a double backup of the old admin server, before blowing it away, reinstalling and joining it to the existing curriculum domain as another DC. Then just restore all the admin data and set up shares for the admin staff.

    It may be harder for you, but that approach was the easist for me. It took me five days in the holidays.

  7. #22

    Join Date
    Aug 2005
    Location
    Birmingham
    Posts
    171
    Thank Post
    55
    Thanked 19 Times in 18 Posts
    Rep Power
    22

    Re: Admin and Curriculum networks seperate?

    We had two networks.

    When we moved from "old sims" to Facility CMIS, I decided that rather than go through an upgrade/install of a Windows 2000 domain for our admin and continue with seperate networks, that it made sense to make our new CMIS box a member server of our existing curriculum windows 2000 AD setup and migrate our admin staff user details.

    It goes without saying that there were some people who objected. One through a complete lack of understanding of how network security works, and another because "we don't want that...". Would you be supprised to know that these two people were the head and second in the ICT department!!!

    I went ahead with the change because of various reasons, a few of which were:
    1) Staff would now be able to prep materials on the computers in their office, and have them available to use in the classroom.
    2) I didn't have to manage 2 separate networks. I know that you shouldn't make a decision on the basis of what is easier for you, but the less time I have to spend admining a system then the more time I can commit to helping students and staff.
    3) The one that all head teachers love, it saved money. We only had to buy one new server, for the MIS setup. If we had kept with the old way of doing things we would have needed a second new server because our existing NT4 box didn't have the specs to run server 2000.

  8. #23

    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    634
    Thank Post
    11
    Thanked 6 Times in 6 Posts
    Rep Power
    21

    Re: Admin and Curriculum networks seperate?

    We are on two networks. We have more and more teachers in offices which we are connecting to the curriculum network, operating SIMS through the trust. Having a network password AND a SIMS password is confusing enough without them having separate admin and curric passwords too!

    Andy.

  9. #24
    OverWorked's Avatar
    Join Date
    Jul 2005
    Location
    N. Yorks
    Posts
    1,022
    Thank Post
    200
    Thanked 42 Times in 34 Posts
    Rep Power
    30

    Re: Admin and Curriculum networks seperate?

    @ jcs808,

    Your story sounds familiar. We have a number of teachers who also do admin work, and were always walking the corridors looking for admin then curriculum computers.

    The head was always against it. I resorted to writing a 2 page essay on the benefits of joining them (teachers able to do their admin work on the same machine, less admin overhead for me, admin staff able to access teachers docs) and a description of how the security would work. He took one look at it and accepted it straight away, after a year of opposition.

  10. #25

    Join Date
    Sep 2005
    Posts
    143
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    19

    Re: Admin and Curriculum networks seperate?

    Seperate!
    For 'getting access from any room' we have sims.net and parsql (our registration system) accessible from any machine.
    The Sims database runs on the admin server which has a second network card linked to cirriculum. A trust relationship has been setup between the 2 domains and the only thing accessible on the admin server is the 'shared' folder which contains on the sims/pars stuff. Ofcourse this is only accessible to users that are part of the cirricdomain\staff group.

    As for staff leaving themselves logged in, idle time for locking + logout?

  11. #26
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Re: Admin and Curriculum networks seperate?

    My two cents...

    Single physical network (natch)

    Single/multiple subnets (as required) but not designated to either admin or curric

    VLAN (as required) to control traffic flow, but not particularly for security

    Single AD forest, admin domain is forest root, curric domain as additional domain in the same forest.

    Having both domains in the same forest means you can get away with a single Exchange server. Also, the trust relationship is implicit so cross domain permissions can easily be set up.

    Having seperate domains means you can think clearly about what links are required between admin and curriculum, then set them up specifically, rather than worrying about what security you need to put in place to prevent inappropriate access to admin work.

    Workstations are generally in the admin domain for office staff/smt and the rest are on the curric domain. Users can log into either domain from any workstation because of the implicit trust relationship however.

    SIMS.NET and FMS will both happily run from curric workstations, and the SQL server takes care of security

    Single AV & WSUS server can service the entire site

  12. #27
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,986
    Thank Post
    269
    Thanked 52 Times in 46 Posts
    Blog Entries
    2
    Rep Power
    47

    Re: Admin and Curriculum networks seperate?

    You still have the concern of Staff attitude or lack of it towards security ajb.

  13. #28

    Join Date
    Jun 2005
    Location
    Bristol
    Posts
    51
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Admin and Curriculum networks seperate?

    In reference to staff leaving themselves logged in, why not put a screensaver which times out after x minutes (for us 5) and locks the workstation, into the staff gpo?

    Works for us!

  14. #29
    woody's Avatar
    Join Date
    Jun 2005
    Location
    Carlisle, Cumbria
    Posts
    619
    Thank Post
    3
    Thanked 17 Times in 15 Posts
    Rep Power
    22

    Re: Admin and Curriculum networks seperate?

    Thanks for all of your inputs. I can't see what the advantage of having two domains running in the same forest over just the single domain. (Taking into account I've never done this.) If a trust is setup between the two domains, then either is accessible anyway. Why not just have the one?

  15. #30

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,819
    Thank Post
    110
    Thanked 588 Times in 509 Posts
    Blog Entries
    1
    Rep Power
    226

    Re: Admin and Curriculum networks seperate?

    because trusts can be one way.

SHARE:
+ Post New Thread
Page 2 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. Complience with the Data Protection Act on admin networks.
    By Dos_Box in forum School ICT Policies
    Replies: 9
    Last Post: 27th November 2007, 08:29 AM
  2. Admin & Curric networks -a different spin on the old problem
    By eean in forum How do you do....it?
    Replies: 26
    Last Post: 16th July 2007, 12:49 PM
  3. How do you seperate your networks. Subnet / Vlan
    By drjturner in forum Wireless Networks
    Replies: 16
    Last Post: 28th September 2006, 07:24 AM
  4. Admin and Curriculum separate or merged?
    By rusty155 in forum Wireless Networks
    Replies: 26
    Last Post: 18th July 2006, 03:11 PM
  5. Replies: 3
    Last Post: 7th July 2006, 02:21 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •