Re: Admin and Curriculum networks seperate?

**woody** · 16th September 2005, 08:37 AM

Ah, so you can allow teachers on Admin to see shares or other things on curriculum, but stop curriculum from seeing anything on admin.

Got it.

**Geoff** · 16th September 2005, 08:40 AM

Correct.

**Dos_Box** · 16th September 2005, 08:53 AM

Originally Posted by mark_wood

Thanks for all of your inputs. I can't see what the advantage of having two domains running in the same forest over just the single domain. (Taking into account I've never done this.) If a trust is setup between the two domains, then either is accessible anyway. Why not just have the one?

Because some school had totally seperate admin and curric networks inc naming structure. It is a victory in itself to bring both into the same namespace. The seperate networks were done under the name of security (fair point) and also under the name of 'paying lots for a support contract which was hardly used' from a third party.
It is much better with a single LAN which is configured whichever way suites your purposes.

**andy** · 16th September 2005, 02:20 PM

On applying a policy to screensaver after x minutes... do other folk have these same machines in use for the IWBs?

Andy.

**woody** · 20th September 2005, 09:39 PM

Ok, so if both of my servers are domain controllers on seperate physical networks and I want to keep the two domains but have admin as forest root domain, and curriculum as second domain with a trust relationship, what is the step by step process? Can anyone point me to some documentation to do this or even record the steps here for me?

Thanks in advance!

**ChrisH** · 20th September 2005, 10:16 PM

You would have to migrate your Curriculum domain into the admin domains forest. 2003 supports some kind of inter forest trusts as well I think.... but problably best having both domains in the same forest.

**mark** · 20th September 2005, 10:43 PM

Originally Posted by mark_wood

Ok, so if both of my servers are domain controllers on seperate physical networks and I want to keep the two domains but have admin as forest root domain, and curriculum as second domain with a trust relationship.

Ours is set up like that, well, curriculum is forest root and admin a sub domain. It WAS our intention to have the trusts set up as discussed here. There's some linking going on between the root domain and the sub domain - so the consultant that set it up couldn't break the trust between them. Bit pointless really. I think there was an old teacher group left on the DC that was still active on a policy. Must try and get that fixed!

**tosca925** · 20th September 2005, 10:58 PM

We used to have our seperate but we have everthing on one domain now. As long as the securty is set up correctly you should have no problems.

**woody** · 21st September 2005, 07:24 AM

That is what I mean, have both domains in the same forest. Where can I find documentation to do this?

**tosca925** · 21st September 2005, 08:50 AM

@mark_wood

If your reply was to me i think you misunderstood me. We only have one domain, the Sims box is just a server in a multiple server domain. We set up a security group called SIMS USERS and if the staff who use Sims are not a member of this group then they have no access to the server at all.

**woody** · 21st September 2005, 09:20 AM

No, was replying to ChrisH

**spc-rocket** · 16th November 2005, 07:33 PM

Hello all,

I think main issues are staff leaving stations logged on etc and giving password to students. Also another differance is that schools who utilise curriculum network which are on RM CC3 Networks tends to have a seperate network for admin. We thought about migrating and its a pain to have all the services that we can offer the admin staff to be migrated to the curriculum and have one big network.

For people who have normal networks (without RM) congratulations!!! all the way, you can probably merge the two without many problems but for people who have RM network there are other things to consider ie. technical work required, training staff and getting them to used to the new network etc.

Someone mentioned the AUP - we have that and to be honest the SMT makes mistakes as well and don't follow it either so is there any hope about the rest of the teachers following it. However i do agree to having a AUP of somekind because it takes us out of the equation and cover us if any incidents happen.

We have seperate networks are present most viruses are on the curriculum network and not admin. Also stuff like WSUS and other tools like Microsoft SBA (security baseline analyser) helps keep the admin secure and patched consitently.

I'm with Russ on this if you have to give some access to the other network use software like ISA 2004 (great software!) which allow you to set restrictive access to and from both networks.

Ashok.

**ChrisH** · 16th November 2005, 11:41 PM

Originally Posted by mark_wood

No, was replying to ChrisH

The microsoft tool for this is the active directory migration tool or ADMT
Look up the docs for that. Most info will be on about NT 4 to 2003 but in the description is does say:

restructure Windows Server Active Directory domains between forests or within a forest

**Dos_Box** · 17th November 2005, 08:30 AM

RM CC3 Networks tends to have a seperate network for admin.

The horror, the horror.

**Declan** · 2nd December 2005, 12:41 AM

I'm in the process of merging the 2 networks. I'm only allowing access from curriculum to admin via the staff laptops. I've given them all static IP addresses outside the dhcp scope and organised for the ISP (RM trading as South West Grid For Learning) to allow that range of addresses to go through the firewall. As you say, the hardest part is getting them to lock the laptops when they leave the room. How hard is it to press Ctrl Alt Del followed by Rtn for goodness sake!!!! You'd think I was asking them to teach ICT as well!!

LinkBack

Thread Tools

Search Thread