CC4 TEN: Pre-installation instructions for Windows Server networks



Similar documents
Create, Link, or Edit a GPO with Active Directory Users and Computers

Using Group Policies to Install AutoCAD. CMMU 5405 Nate Bartley 9/22/2005

+27O.557+! RM Auditor Additions - Web Monitor. Contents

Lab A: Deploying and Managing Software by Using Group Policy Answer Key

Group Policy for Beginners

Chapter. Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:

Administering Group Policy with Group Policy Management Console

Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

Active Directory Change Notifier Quick Start Guide

safend a w a v e s y s t e m s c o m p a n y

DigitalPersona Pro Server for Active Directory v4.x Quick Start Installation Guide

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Administration Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

SARANGSoft WinBackup Business v2.5 Client Installation Guide

Installing Windows Server Update Services (WSUS) on Windows Server 2012 R2 Essentials

Windows Domain Network Configuration Guide

Installing Active Directory

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

Active Directory Integration Guide

EventTracker: Support to Non English Systems

Application Note 116: Gauntlet System High Availability Using Replication

Appendix B Lab Setup Guide

2. Using Notepad, create a file called c:\demote.txt containing the following information:

Welcome to the QuickStart Guide

SCCM Client Checklist for Windows 7

Installation Guide: Delta Module Manager Launcher

Restructuring Active Directory Domains Within a Forest

Release Note RM Unify CSV Extraction Tool

ms-help://ms.technet.2005mar.1033/security/tnoffline/security/smbiz/winxp/fwgrppol...

Autograph 3.3 Network Installation

VERITAS Backup Exec TM 10.0 for Windows Servers

Password Policy Enforcer

Installation Guide. Novell Storage Manager for Active Directory. Novell Storage Manager for Active Directory Installation Guide

Test Note Phone Manager Deployment Windows Group Policy Sever 2003 and XP SPII Clients

Agency Pre Migration Tasks

These guidelines can dramatically improve logon and startup performance.

Ultimus and Microsoft Active Directory

Lesson Plans LabSim for Microsoft s Implementing a Server 2003 Active Directory Infrastructure

Stellar Active Directory Manager

Changing Passwords in Cisco Unity 8.x

Mobility Services Platform Software Installation Guide

MS-50255: Managing, Maintaining, and Securing Your Networks Through Group Policy. Course Objectives. Required Exam(s) Price.

The Windows Server 2003 Environment. Introduction. Computer Roles. Introduction to Administering Accounts and Resources. Lab 2

How to monitor AD security with MOM

Release Note Windows 7 SP1 64-bit for Community Connect 4

LAB 1: Installing Active Directory Federation Services

Modular Messaging. Release 3.0 / 3.1. Diminished Permissions for Exchange.

Module 8: Implementing Group Policy

12 NETWORK MANAGEMENT

VERITAS Backup Exec 9.1 for Windows Servers Quick Installation Guide

Group Policy 21/05/2013

Using Logon Agent for Transparent User Identification

Microsoft Corporation. Project Server 2010 Installation Guide

Server Installation: ServerTools

Exchange Mailbox Protection Whitepaper

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

How To Install And Configure Windows Server 2003 On A Student Computer

User Document. Adobe Acrobat 7.0 for Microsoft Windows Group Policy Objects and Active Directory

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment

Installation of MicroSoft Active Directory

Windows Clients and GoPrint Print Queues

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

SWCS 4.2 Client Configuration Users Guide Revision /26/2012 Solatech, Inc.

Chapter 1 Scenario 1: Acme Corporation

Moving the Web Security Log Database

Administering Active Directory. Administering Active Directory. Reading. Review: Organizational Units. Review: Domains. Review: Domain Trees

Objectives. At the end of this chapter students should be able to:

Netwrix Auditor. Administrator's Guide. Version: /30/2015

Table of Contents SQL Server Option

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

Web Deployment on Windows 2012 Server. Updated: August 28, 2013

NETWRIX WINDOWS SERVER CHANGE REPORTER

DriveLock Quick Start Guide

Erado Archiving & Setup Instruction Microsoft Exchange 2010 Push Journaling

Deploying System Center 2012 R2 Configuration Manager

STIDistrict Server Replacement

DeviceLock Management via Group Policy

Managing Windows Environments with Group Policy

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

4cast Client Specification and Installation

There are only a couple of things that need to happen once you've ordered the product from our Service Manager.

Distributing SMS v2.0

ACTIVE DIRECTORY DEPLOYMENT

Moving the TRITON Reporting Databases

Installing Exchange and Extending the Active Directory Schema for Cisco Unity 8.x

TECHNICAL DOCUMENTATION SPECOPS DEPLOY / APP 4.7 DOCUMENTATION

Juris Installation / Upgrade Guide

Secrets of Event Viewer for Active Directory Security Auditing Lepide Software

DeviceLock Management via Group Policy

Active Directory Software Deployment

Installing Client GPO Software

Quick Start guide to. Microsoft Business Solutions CRM 1.2. on a Microsoft Windows Small Business Server 2003 Premium Edition.

Operating System Installation Guide

Sophos Anti-Virus for NetApp Storage Systems startup guide

Alpha High Level Description

R4: Configuring Windows Server 2008 Active Directory

Deploying Windows Streaming Media Servers NLB Cluster and metasan

Adobe Acrobat 9 Deployment on Microsoft Windows Group Policy and the Active Directory service

Transcription:

CC4 TEN: Pre-installation instructions for Windows Server networks Contents Introduction to CC4 TEN... 1 How the transition works... 3 Your pre-installation tasks... 5 Back up your servers... 5 Ensure you have no Enforced GPOs at the root of the domain... 5 Check group locations in the Active Directory... 7 Create the RMInstall user... 7 Resolve any pre-installation Health Check issues... 8 Record locations for third-party applications... 8 Further information... 9 Appendix A: Checklist of pre-installation tasks... 11 Introduction to CC4 TEN This guide is written for administrators of Microsoft Windows Server networks, in preparation for an installation of CC4 Tools for Existing Networks (TEN). You must read it carefully to understand what s involved and the preparation tasks you ll need to complete. CC4 TEN delivers a CC4 Matrix solution, which allows you to manage your network using the Community Connect 4 system designed for educational establishments. This document first gives a brief overview of CC4 Matrix and the transition process, and then presents the preinstallation instructions. The CC4 TEN transition process for Windows Server networks is a joint project between the customer and RM: 1. First, you must complete all the pre-installation tasks (see page 5). 2. Next, an RM-trained installation engineer makes a site visit to install a CC4 First server, and optionally one or more CC4 User Storage servers. 3. You then complete the transition at a schedule that suits your establishment, following the instructions in the CC4 TEN: Transition Guide for Windows Server networks. Keep both documents and read them together, along with the Reference Manual for CC4.3 networks. Important We have designed TEN to minimise the down-time for your network. However, as with any network installation, you will need to allow time in your planning to address any issues that may arise during the transition. RM Education 2013 1YJ-486 v1.0 1

CC4 Tools for Existing Networks Comparing CC4 Matrix with a standard CC4 network CC4 Tools for Existing Networks (TEN) provides a full set of CC4 network management tools for use on an existing Windows Server network. TEN delivers the CC4 Matrix network architecture, which differs from that of a standard CC4 network: In a standard CC4 network, the CC4 First server (i.e. the server hosting the CC4 database) is the Forest Root domain controller. In a CC4 Matrix environment, the CC4 First server is a member server, thus keeping Active Directory and CC4 functions separate. CC4 Matrix is more flexible and can be installed at any time of the year. It is quicker and cheaper to install, with minimal down-time for the network and more customer control over the transition process. The CC4 Matrix network architecture conforms to Microsoft s best practice recommendations. Compatibility of CC4 features with CC4 Matrix Most CC4 features are compatible with CC4 Matrix; a few are not. CC4 feature CC4 CC4 Matrix RM Auditor RM App Wizard RM Connector RM Easylink RM Explorer RM Hardware Configuration Manager RM Internet Access Manager (XP) RM Learning Resources RM Local Tools Support RM Mobile Tools RM Tutor RM Type Manager Virtual CD 2 Vanilla and CC4 networks For convenience and clarity, we will refer throughout this guide to vanilla networks, servers, workstations and users, as an informal way of describing Windows Server networks where Community Connect management tools are not used.

Pre-installation instructions for Windows Server networks How the transition works Note It is essential that you complete all the preparation tasks before the CC4 First server installation. After that, the flexibility of CC4 TEN will allow you to plan your own convenient schedule for moving users, workstations and user servers to CC4. To prepare for the installation: i. You complete the network pre-installation tasks and checks (see Preparing for the installation on page 5). ii. iii. RM performs a remote health check of your existing vanilla network, to verify that it is ready for the CC4 First server installation. If necessary, you resolve any issues identified by the remote health check. The transition stages are as follows: I. An RM-trained engineer installs a CC4 First server to the existing network. This is a member server running Windows Server 2008 R2. II. You can then build CC4 workstations and laptops, and use the RM Management Console (RMMC) to manage them. Once a CC4 workstation is built, packages can be deployed to it, CC4 users can log on to it and locations can be managed. 3

CC4 Tools for Existing Networks III. At this point you can create either CC4 or vanilla users. If you set up hybrid policies in CC4, your vanilla users can work at either vanilla or CC4 computers. A hybrid network may look something like this: IV. The final stage is for you to migrate the vanilla user accounts into CC4, so that all users are managed by CC4. Existing account data for vanilla users will also need to be moved to CC4 server(s) for full functionality. (Alternatively, you could maintain a hybrid network indefinitely.) If existing vanilla user servers need to be recommissioned as CC4 User Storage servers, this is done by an RM-trained engineer. The final network may look something like this: 4

Pre-installation instructions for Windows Server networks Planning your transition This is our general recommendation: Maintain your vanilla user accounts during the transition. When you need to add new accounts, create vanilla users for people who will need access to vanilla (as well as CC4) workstations. Create CC4 users for people who will only need access to CC4 (and not vanilla) workstations. Once you have moved all your workstations to CC4, move all your vanilla users to CC4 and create only new CC4 users. This is discussed in more detail in the CC4 TEN: Transition Guide for Windows Server networks. Know your network! As with any network installation, planning and organisation will pay dividends. The better you prepare, the easier you will find it to make changes and diagnose any issues that could arise. Your pre-installation tasks Please ensure that all the following tasks are completed before the installation engineer s visit to install the CC4 First server. We suggest that you use the checklist in Appendix A to keep track of progress. Back up your servers Ensure that you have recent, valid backups of your domain controllers System State and data, and test that the servers can be restored from the backups (see Appendix A: Checklist of pre-installation tasks ). Ensure you have no Enforced GPOs at the root of the domain We strongly recommend that you do not have 'Enforced' GPOs at the root of the domain. This is because settings in those GPOs will apply to objects in CC4 s isolated area of the Active Directory, the Establishments OU, once that is created. If you have Enforced GPOs in locations other than the root of the domain, this will not cause any issues. To check for Enforced GPOs at the root of the domain 1. From the Start menu, choose Administrative Tools, Group Policy Management. 2. In the left-hand pane, expand Forest: <forestname>, Domains, and select the node for the domain. 3. In the right-hand pane, check for any GPOs with a padlock symbol. GPOs with a padlock symbol are Enforced. If any GPOs in the root of the domain are Enforced, you have two options to resolve this: 5

CC4 Tools for Existing Networks Leave the GPO at the root of the domain, but convert it to be non-enforced. Move the GPO to a lower level (for example, into an OU called MySchool) where its Enforced setting will not affect the rest of the domain. To convert an Enforced GPO to be non-enforced 1. From the Start menu, choose Administrative Tools, Group Policy Management. 2. In the left-hand pane, expand Forest: <forestname>, Domains, and select the node for the domain. In the right-hand pane, click the Group Policy Inheritance tab and note the precedence of the enforced GPO in the list. 3. Now select each sub-ou in turn, noting the precedence of the enforced GPO in each list. 4. In the left-hand pane, select the domain node again and click the Linked Group Policy Objects tab. 5. In the right-hand pane, right-click the GPO and un-tick the Enforced option. 6. At the domain node, and any sub-ous in turn: If the previously enforced GPO is not present: i. In the left-hand pane, right-click the domain node or OU and choose Link an Existing GPO... ii. From the list, choose the previously Enforced GPO and click OK. If the previously enforced GPO is present, check that its ordering is still appropriate on the Group Policy Inheritance tab. If its ordering needs changing: i. Click the Linked Group Policy Objects tab. ii. Select the previously enforced GPO and reorder it, using the up and down arrows. iii. Check the results on the Group Policy Inheritance tab. To move an enforced GPO to a lower level 1. From the Start menu, choose Administrative Tools, Group Policy Management. 2. In the left-hand pane of the Group Policy Management window, expand the domain node and select the target OU where you want to move the enforced GPO. Right-click and choose Link an Existing GPO... 3. In the Select GPO window, choose the enforced GPO from the list and click OK. 6

Pre-installation instructions for Windows Server networks 4. In the left-hand pane, select the domain node, and in the right-hand pane click the Linked Group Policy Objects tab. In the list of GPOs, right-click the enforced GPO and choose Delete. Click OK to confirm. This deletes the GPO link rather than the GPO itself. Check group locations in the Active Directory CC4 requires that the built-in Domain Admins and Domain Users groups are both in the Users OU, which is their default location. To check the location of the groups 1. From the Start menu, choose Administrative Tools, Active Directory Users and Computers. 2. In the left-hand pane select Users. 3. In the right-hand pane, verify that the groups Domain Admins and Domain Users are both listed. If either group is not in the Users OU, you will need to find and move it, as follows: To find and move the groups 1. Right-click the Domain name and choose Find. 2. Enter the Name of the group and click Find Now. 3. If you find the group, right-click it and choose Move; then select the Users OU and click OK. If you cannot find the group, it must have been renamed. You will need to find the group, rename it to its original name, and move it to the Users OU. Create the RMInstall user You need to create a special user to commission the CC4 First server. The user s name must be RMInstall, and it must be a member of the Domain Admins, Schema Admins, Enterprise Admins groups. It should be created in a new OU, itself named RMInstall, which has GPO inheritance blocked. To create the RMInstall OU 1. From the Start menu, choose Administrative Tools, Active Directory Users and Computers. 2. In the left-hand pane, right-click the Domain name and choose New, Organizational Unit. 3. Enter the name RMInstall and click OK. 4. From the Start menu, choose Administrative Tools, Group Policy Management. 5. In the left-hand pane, expand Forest <forestname>, Domains, <domainname>. 7

CC4 Tools for Existing Networks 6. Right-click RMInstall and tick Block Inheritance. To create the RMInstall user 1. In Active Directory Users and Computers, right-click RMInstall and choose New, User. 2. Enter RMInstall as the First name and also as the User logon name. Click Next. 3. Complete the password details as follows: Enter a Password for the user. This password must be provided to RM via your installation coordinator and made available to the installation engineer on the day of the installation; we suggest you use Change_Me. Untick User must change password at next logon. Tick Password never expires. 4. Click Next. Check the details and click Finish. 5. Click the RMInstall OU. The RMInstall user is displayed in the right-hand pane. 6. Double-click the RMInstall user to display the Properties window. 7. On the Member Of tab, verify that RMInstall is already a member of the Domain Users group. 8. Click Add. 9. Enter Domain Admins;Schema Admins; Enterprise Admins and click Check Names. Verify that all three names are resolved to accounts. 10. Click OK, OK. Note Once your CC4 installation has been completed successfully, you may disable the RMInstall user account, or remove it from your network entirely. Resolve any pre-installation Health Check issues We will dial in to your site at an agreed time, to check that these preinstallation tasks have been completed. The check will also check for reserved names, identifying any users, groups or Group Policy Objects that have the same name as items we will create during the installation of CC4. Support calls will be raised for any items of concern, giving you the opportunity to resolve issues before the day of the installation. Record locations for third-party applications Ensure that you know the locations where third-party applications look for information, so that these can be reset promptly following migration to new servers. 8

Pre-installation instructions for Windows Server networks Further information Licensing requirements As with any Community Connect network, a CC4 licence is needed for each CC4 server and a CC4 computer licence for each CC4 computer built. You will also need to ensure you have enough Windows Server 2008 R2 server licences for the CC4 servers. You also require Customer Access Licences (CALs) for the workstations. Other required purchases? During the transition to a CC4 network, you may need extra servers. You may be able to minimise the extra kit required by using external storage to store shared data from an existing server so that it can be rebuilt as a CC4 User Server. If you have a virtual environment you will find this process more straightforward, as you may be able to create extra Windows servers and avoid having to invest in more physical servers. Any CC4 servers will need to be installed by RM. Please make sure you have considered what your transition path looks like, and that you are comfortable about the steps you will need to take and the possible hardware requirements that go with them. Your RM Account Manager will be happy to discuss this with you and advise on the best options for your establishment. Legacy Windows 2000 servers Windows 2000 Server (W2000S) is no longer supported on Community Connect networks. If any legacy W2000S servers are still on your network, this will be identified as an issue by RM s remote TEN readiness check. You will need to purchase a decommissioning service, to take place during the CC4 First server. You must transfer any data that you need from these servers before the, or it will be lost. Coordinating your installation We will assign a project coordinator to your establishment to help organise the installation date and check your progress with the pre-installation tasks. Training Customers who purchase TEN will receive expert training. The level of training will depend on the experience of the people managing the network. Support Make sure that your CC4 TEN support contract extends for at least the full duration of your transition to CC4 Matrix. Note that RM can also provide support for your vanilla Windows Server network. Integrating your support could simplify your arrangements and allow us to support you more effectively. 9

CC4 Tools for Existing Networks Further documentation For guidance and instructions for the CC4 TEN transition tasks, see CC4 TEN: Transition guide for Windows Server networks. This and other reference articles are available in the Knowledge Library at the RM Education Support website. 10

Pre-installation instructions for Windows Server networks Appendix A: Checklist of pre-installation tasks Use the checklist below to record your completed actions and estimate the time needed: Test server backup and restore When to do Approx. time to allow Done 1 System State backed up to local hard drive on all servers. 30 min/ server 2 Full server backup taken of all servers. 1 day 3 Test restore from all backups successfully carried out. 1 day Other tasks When to do Approx. time to allow Done 4 Ensure you have no Enforced GPOs at the root of the domain (see page 5). 30 min 5 Verify the location of Domain Admins and Domain Users groups (see page 7). 5 min 6 Create the RMInstall user (see page 7). 15 min 7 Resolve all issues raised by the RM remote pre-installation Health Check. Before Varies 8 Record locations for third-party applications (see page 8) Before 15 min Checklist key: When to do Approx. time to allow Done Our recommendation for when you should carry out the task. Ideally, starting one month before your initial installation date should give you plenty of time to address any issues that may arise. How long it may take you to carry out this task if no issues arise and the network is not changed. The actual time required will depend on factors such as the amount of data to be backed up. Tick this box when you ve completed the task, to keep a progress record. Note Bear in mind that RM Support s remote TEN readiness check may uncover further issues with your network that you will need to resolve before the date of your CC4 First server. 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information