Geology & Math Computer Lab Documentation
Labs Involved
GeoLab, MathLab222 and AlgLab225 17 machines in GeoLab, 25 in MathLab222 and 44 in AlgLab225
Building the base image
There are 2 main types of computer in these 3 labs Dell Optiplex GX240 with a mini-tower case and Dell Optiplex GX260 with a slimline desktop case. There are also 2 Dell Precision 530 Workstations with dual ZEON processors in the GeoLab. I have found that if I build a base image on the GX1 platform and supply all Optiplex drivers in a folder structure, use sysprep version 2 then the image can be used on all Optiplex and Precision platforms; this results in a considerable time saving. Effectively only images for the respective labs are then needed. A NAU Windows XP Professional CD with slipstreamed SP1 is used for the initial build with all default settings accepted. All service packs and updated software are installed from the Windows Update site.
Common Software
| Anti-Virus | Adobe Acrobat 6 | Easy CD Creator 5 | Java VM 1.4.1.6 |
| Macromedia Flash | Macromedia Shockwave | MS Office 2003 Pro | MS FrontPage 2003 |
| MS Visual Studio .Net | MyMatlab Plug-Ins | PowerDVD | PSShutDown |
| QuickTime | SSH | WebMail Client | Z-Drive Quota Checker |
Geology Software
| Adobe Illustrator | Adobe Photoshop Elements | APLWin35 | GeoPLot |
| Grapher 4 | GroundWater Vistas 3 | PrintQuotas | RockWorks 2002 |
| Surfer 7 | |||
| Tasa Graphics: | |||
| Earth Science Dictionary | Explore the Planets | Minerals | Rocks and Minerals |
| Plate Tectonics | |||
Math Software
| Crimson Editor | DPGraph | Dynamics Solver | Groups and Graphs |
| Geometers Sketchpad | JMP | GhostScript | GhostView |
| MathCad | Mathematica | MathProb | MathProg |
| MatLab | MikTeX | PascalGT | SAS v8 |
| SPSS 12 | TI-Interactive |
Programs Requiring Special Installs or Configurations
Overview
For specific details see the Software details page.
Common
Outlook Express is “uninstalled”, as far as it could be. Netscape was not installed. All Microsoft “mail clients” were disabled by deleting all keys in the following path: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\ A custom key for NAU WebMail was installed and configured to enable the use of WebMail when a user clicked a mail link. In the future it would nice to provide a script or dll that processed the users UserName and PassWord and then entered the mail URL and subject line automatically. See the WebMail page for the details
Geology
Adobe Illustrator 10 and Photoshop Elements have sometimes required to be installed in “SAFE MODE” Photoshop Elements has a problem if the Registry Editors are disabled, which they are. The program pulls up an error dialog informing the user that registry tools are disabled. The application seems to work fine subsequently. APLWin35 – I specified a larger amount of memory for its working environment in C:\Windows\aplwin.ini RockWorks 2002 has run command script which effectively informs the user that they need to point the application to a folder “ROCKWORKS” on their Z:Drive. Also application log files in the programs root directory need write permissions
Math
Crimson Editor needs Macros set up for MikTeX, TeX, DVI viewing and making a .pdf. Also log files in the applications root directory need write permissions. MikTeX requires fixing and modifications to permissions. Read permissions are not set to some files and modify is needed to subfolders and files of C:\localtexmf\miktex and C:\ \localtexmf\fonts. This seems to have been recently fixed, but the permissions are now too lax in that the "Everyone" group is given "Full control" to the root folder. SAS v8 sometimes doesn’t install properly; a further install of the Enhanced Editor setup is required after initial installation.
Post Setup Configuration
Setting Up the Default User
After I install all applications and check their operation using the Administrator account, I LogOn as a test user and pick up the default, default profile. I then check all applications for their operation with a user without administrative permissions. I then arrange their Desktop and StartMenu with all required Icons placed in the appropriate All Users sub-folders. Once this has been completed I Log back On as Administrator and use Regedit to load the “Default User” NTUSER.DAT into the USERS key under the sub-key “def”. I then export the following keys: Shell Folders and User Shell Folders from HKEY_USERS\def\Software\Microsoft\Windows\CurrentVersion\Explorer\. I then unload the hive (THE STEP DETAILED HERE CAN BE AVOIDED BY USING PRECONFIGURED .reg FILES). I copy the previously setup test user’s NTUSER.DAT into the Default User folder and then remove the account using the system tool. I reload this new Default User NTUSER.DAT into Regedit, again using "def". I delete any user specific keys or values by doing a find on the setup user’s username. I then Import the keys I exported to reset the default values for Shell Folders and User Shell Folders. A REG_SZ value name called FirstLogOn and value of FirstLogOn.vbs is added to the following key: HKEY_USERS\def\Software\Microsoft\Windows\CurrentVersion\RunOnce. This runs the script – FirstLogOn.vbs that informs the user that this is a local profile and that they can save data locally to the “Local Documents” ShortCut on the Desktop. Once this is complete I reset permissions on the loaded hive to that of a default user: Delete any permissions for the specific user and the group “RESTRICTED” add the groups: CREATOR OWNER and USERS, giving users read permission. These permissions are then reset on all child keys and values. The final step is to delete all values from the 4 sub-keys of: HKEY_USERS\def\Software\Microsoft\Windows\CurrentVersion\Policies. Once this is done the hive is unloaded and the Default User profile is setup. A final check is made by logging back on with a student account to check the setup.
Active Directory Group Policy
The student’s domain uses a monolithic OU structure for users. All users are in the USERS OU. In a standard AD environment this results in an inability to apply Group Policy for users at the OU. However, by setting the "User Group Policy loopback processing mode" to enabled and the method to "replace", I can have Group Policy applied exclusively from the location of the computer object rather that the users container. This particular setting is found in Computer Configuration\Administrative Templates\System\Group Policy Where possible files related to the LogOn/Off process have been placed in %systemroot%\system32 folder so that they are in the system path. It is not necessary to maintain any Local Policy since everything can be set within the GPO applied to the respective OU. Where possible files related to Group Policy are located within the GPO and replicated via AD replication; an example would be the logon/off scripts. The actual settings for Group Policy for the Domain, and OU can be viewed on the GPO pages. The permissions: “Deny Apply Group Policy to Administrators” is set on the GPO so that 'Administrators' with Domain accounts do not inherit the application of Group Policy via also been an "Authenticated User". This enables them to carry out all administrative duties without hindrance. The main functions of the OU Computer Group Policy Object (OU GPO) is to remove a users mandatory profile, improve logon, process logon scripts prior to loading of the shell and to modify or disable certain computer wide functions. These include Windows Update, Off-Line Files and the Desktop Cleanup Wizard. Similarly the User portion of the GPO is used to restrict what the user can do on the lab machines, for example, it lockdowns some Control Panel applets, disables the addition of printers and a user’s desktop.
Managing the Users
One of the main purposes of using Active Directory is to enable users to have a profile available at any workstation they logon to and to have access to a personalized environment. This purpose is stifled in the Students domain by an outdated domain management structure. I have therefore needed to strip-out the locked down mandatory profile provided to students and enable users to have a local profile, which can be configured to a certain extent and have them have access to data and settings kept on either dana or jan. To this affect the OU GPO is configured to allow logon scripts to process before the Windows Explorer shell loads. The script Maps connections to dana and jan providing a Z: Drive. The script then writes to HKEY_CURRENT_USER in the registry and setting their special folders to Z:. This must take place before Windows Explorer loads otherwise the initial location for their special folders will be the local machine rather than on dana or jan (See scripts). Currently all roaming profile data is kept on either dana or jan; UNIX machines running SAMBA. There are inherent connectivity problems linking Windows UNIX machines running SAMBA. Also dana in particular is extremely heavily loaded and connections often fail to be made at LogOn. Consequently a mechanism that was previously provided by the now defunct NAUGina which checked for a Z: Drive mapping had to be provided. The solution was to create a CheckDriveMap.vbs script which runs from the users StartMenu once Windows Explorer loads. This checks for the existence of the Z: Drive. If Z: has mapped the script quits, otherwise the user is informed that Z: has not mapped and provided with a choice to either try to remap or ignore it if they do not require access to Z: If they choose to try to remap, then 10 tries are made separated by 5 second intervals, with the script quitting if Z: gets mapped in the process. If Z: is still not available after 10 attempts then the user is informed and offered to be automatically Logged Off See CheckDriveMap.vbs and AutoReMapDrives.vbs.
Server Setups
The machines are set to shutdown during the evening by running scripts from: Geolaser for Geology and MathSrv1 for Math. These run PSShutDown an executable that is provided for the purpose. The user is not given the ability to cancel the shutdown but is told that a shutdown is imminent and informed they must save their work. A user could then manually restart a machine if they wanted to continue into the night. These users would have to have access to the door passcodes at that time of the night. On GeoLaser there is Print Management software which maintains a print quota and tracks a user’s print usage. A user is informed if there quota is getting low. Printing is disabled for the user if they exhaust their quota.
Using SetUpManager and SysPrep Version 2.2 to create an image
The version of SetUpManager and SysPrep shipping with Windows 2003 Server are the most recent. They include various improvements and modifications that enhance the creation of image-based deployment. A sysprep.inf file can be created with SetUpManager that will automate everything except entering the machines computer name. See the sysprep page – to examine a typical sysprep.inf