Ah, so you can allow teachers on Admin to see shares or other things on curriculum, but stop curriculum from seeing anything on admin.
Because some school had totally seperate admin and curric networks inc naming structure. It is a victory in itself to bring both into the same namespace. The seperate networks were done under the name of security (fair point) and also under the name of 'paying lots for a support contract which was hardly used' from a third party.Originally Posted by mark_wood
It is much better with a single LAN which is configured whichever way suites your purposes.
On applying a policy to screensaver after x minutes... do other folk have these same machines in use for the IWBs?
Ok, so if both of my servers are domain controllers on seperate physical networks and I want to keep the two domains but have admin as forest root domain, and curriculum as second domain with a trust relationship, what is the step by step process? Can anyone point me to some documentation to do this or even record the steps here for me?
Thanks in advance!
You would have to migrate your Curriculum domain into the admin domains forest. 2003 supports some kind of inter forest trusts as well I think.... but problably best having both domains in the same forest.
Ours is set up like that, well, curriculum is forest root and admin a sub domain. It WAS our intention to have the trusts set up as discussed here. There's some linking going on between the root domain and the sub domain - so the consultant that set it up couldn't break the trust between them. Bit pointless really. I think there was an old teacher group left on the DC that was still active on a policy. Must try and get that fixed!Originally Posted by mark_wood
We used to have our seperate but we have everthing on one domain now. As long as the securty is set up correctly you should have no problems.
That is what I mean, have both domains in the same forest. Where can I find documentation to do this?
If your reply was to me i think you misunderstood me. We only have one domain, the Sims box is just a server in a multiple server domain. We set up a security group called SIMS USERS and if the staff who use Sims are not a member of this group then they have no access to the server at all.
No, was replying to ChrisH
I think main issues are staff leaving stations logged on etc and giving password to students. Also another differance is that schools who utilise curriculum network which are on RM CC3 Networks tends to have a seperate network for admin. We thought about migrating and its a pain to have all the services that we can offer the admin staff to be migrated to the curriculum and have one big network.
For people who have normal networks (without RM) congratulations!!! all the way, you can probably merge the two without many problems but for people who have RM network there are other things to consider ie. technical work required, training staff and getting them to used to the new network etc.
Someone mentioned the AUP - we have that and to be honest the SMT makes mistakes as well and don't follow it either so is there any hope about the rest of the teachers following it. However i do agree to having a AUP of somekind because it takes us out of the equation and cover us if any incidents happen.
We have seperate networks are present most viruses are on the curriculum network and not admin. Also stuff like WSUS and other tools like Microsoft SBA (security baseline analyser) helps keep the admin secure and patched consitently.
I'm with Russ on this if you have to give some access to the other network use software like ISA 2004 (great software!) which allow you to set restrictive access to and from both networks.
The microsoft tool for this is the active directory migration tool or ADMTOriginally Posted by mark_wood
Look up the docs for that. Most info will be on about NT 4 to 2003 but in the description is does say:
restructure Windows Server Active Directory domains between forests or within a forest
The horror, the horror.RM CC3 Networks tends to have a seperate network for admin.
I'm in the process of merging the 2 networks. I'm only allowing access from curriculum to admin via the staff laptops. I've given them all static IP addresses outside the dhcp scope and organised for the ISP (RM trading as South West Grid For Learning) to allow that range of addresses to go through the firewall. As you say, the hardest part is getting them to lock the laptops when they leave the room. How hard is it to press Ctrl Alt Del followed by Rtn for goodness sake!!!! You'd think I was asking them to teach ICT as well!!
There are currently 1 users browsing this thread. (0 members and 1 guests)