 |
|
|
Container ManagementIntroductionIn WIN, the win.mit.edu Domain, a computer container,
or organizational unit, membership is defined within the
MIT Moira system. A container defined by Moira may be
either Private or Public. To add a machine to a Private
container you must be a container administrator or
ownership administrator for that computer container. In
the case of a Public container, virtually anyone at MIT
can add their machine to the container.
Before reading this document, you should first familiarize yourself with machine-naming warnings and learn how to request a container. Add or Remove a Machine from a ContainerThere are several tools you can use to add a machine to a container. They include stella, Moira and AD Container Management. They are available on many OSs, so use the most convenient - if you are closer to a UNIX Athena command line, use stella or moira. If you are closer to a WIN machine, use stella, moira or AD Container Manager, adcontmgr. Stella (available
on UNIX Athena and WIN machines)
Note that you must include the top level container name "Machines" in addition to the common container name "test." The container hierarchy is delimited by a forward slash "/." Also note that the container names are case-sensitive. To confirm the container assignment you may use stella to list the container information as well:
See more stella examples in the Joining Clients document. Moira
(available on UNIX Athena and WIN machines) AD
Container Management (available on WIN
machines) If you have container administrative privileges, you run AD Container Management and do the following:
ResourcesDetails on
the AD Container Management Snap-In Interface Quickstation Logon
Script This WIN program is meant run as a user logon script. It sits in the background and automatically logs off the calling user under certain circumstances. This can prevent users from tying up workstations for excessive amounts of time, useful in a multiuser environment like a cluster. The usage info is fairly detailed, but here is a typical example: quickstation /run /idle:120 /sess:1440 /warn:5 /clock This logs off the user if the user is idle (no keyboard or mouse input) for two hours (120 minutes). Also, the user will be logged off after being logged on for 24 hours (1440 minutes), regardless of idle time. Five minutes before this 24-hour mark, a warning message will display telling the user that there are five minutes left, and to use this time to save data. Finally, a countdown window will tell the user how much time is left; this window can be minimized but not closed. In getting this to run as a logon script keep in mind: An easy way to run a logon script in your container is to use group policy, and enable Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon... and add a line like quickstation.exe /run /idle:120 /sess:1440 /warn:5 /clock. Keep in mind that group policy takes a few hours to propagate to machines, unless the machines are rebooted or you manually refresh GP. The real caveat here is that you should use only one Group Policy Object to enable this setting. If you use two, only the logon scripts specified in the one which takes precedence will run. You cannot concatenate the two script lists. Alternatively, one can place a batch file in the AllUsers' Startup folder on each machine in your container... for instance, a file named "quick.cmd" which contains the line start quickstation.exe /run /idle:120 /sess:1440 /warn:5 /clock. It is important to include "start" so that the batch file will exit while quickstation runs in the background. The caveat here is that you have to do this to each computer in your container, either manually, or through some other automatic process (like a machine startup script). Description
of the OS Groups Service
Note: These are not Moira groups. They exist only in the Active Directory When a new machine enters the domain or an existing machine upgrades its OS, it is automatically added to the proper group. These groups can therefore be placed on access control lists in Active Directory. This is especially useful for GPO application and MSI software installation, and it eliminates the need for separate containers for XP Professional, 2000 Professional, and 2000 Server machines. As examples in win.mit.edu:
Using these examples means that Windows XP machines no longer download (and fail to install) Win2KSP3, and that Windows 2000 machines will never download (and fail to install) WinXPSP1. Scripting
Some Common Operations Using wscript Much information on Microsoft scripting can be found at Windows 2000: Script Heaven. The following script demonstrates the use of wscript to create some drive and shortcut mappings. Sample mylogin.bat: REM This script calls some .vbs (Visual Basic) scripts to REM 1- create a shortcut to M:\My files the desktop REM 2- create a shortcut to the MIT library home page on the desktop REM 3- create a shortcut to L:\My links in Internet explorer favorites. REM ------------------------------------------ REM call the .vbs script: H:\WinData\MyScripts\CreateShortCuts.vbs Sample CreateShortCuts.vbs:
|
