Procedures for the Management of Notebooks by IST Liaisons
1. Preparation in Advance of Migration (at least 1 day prior to migration)
- If client has been using notebook, review usage with client to identify any files that need to be backed up. These include:
- email files (messages, address lists, ...)
- browser favorites
- application data files.
- If the notebook does not have a current set of system recovery disks, complete the process of taking an image of the harddrive. You will require the bootable CD (from Peter) and the Client Services USB backup device. Configure notebook to boot from CD and follow instructions on screen.
- Verify that client has license for Office and determine which version of Office is required.
- Determine client's requirements for roaming profiles. If client uses another computer, recommend that roaming profiles be turned off for client. Discuss implications with client.
- Consider the clients preference for email client. A number of difficulties have been experienced with the use of Eudora. An issue has been reported with Eudora failing to accept offline files as well as other issues when configured for POP.
Migration to another email client such as Outlook Express or Outlook configured for IMAP is recommended. If moving away from Eudora, please assist client with this migration before migrating the notebook to a managed environment.
- Send request to hostmaster for changes to ADS, DNS and DHCP:
On completion of hostmaster request, submit request to ntmaint. Identify:
- for new notebooks, pre-stage in the appropriate managed OU in ADS; register in DNS and DHCP; add to the Standard Applications Security Group.
- for notebooks already in ADS, request move to managed OU; verify DNS and DHCP settings. In Control Panel -> Local Area Network Connection, set (TCP/IP) Properties to obtain IP address and DNS Server addresses automatically.
- which version of Office is required for notebook. If running Office 2003 it must be added to the Office 2003 security group.
- if roaming profiles are to be turned off for client
2. Preparing Notebook for Migration
With the notebook unplugged from the campus network:
- login as administrator
- Check that the latest service pack has been installed; if necessary install using the Home and Security CD.
- Stop Windows Services that pose a security risk:
(My Computer -> Manage -> Services & Applications -> Services).
Double-click on the following services; click Stop if service is running and set Startup Type to Manual.)
- Computer Browser
- SSDP Discovery
- Universal Plug & Play Device Host
- Terminal Services should also be stopped.
In order to do this you must first change the Terminal Services Startup Type to disabled and then restart the computer.
Logon again as local Administrator. The Service Status will now show the service as stopped. Change the Startup Type to Manual.
(Please note: Remote Desk Top users require Service Status set to started and Startup Type set to manual.)
- In the Control Panel Network Connections, open Properties on LAN and wireless connections and disable the Quality of Service (QoS) packet scheduler.
- Security policy changes:
(Start -> Settings -> Control Panel -> Administrative Tools -> Local Security Policy):
Disable guest account (Properties - uncheck box).
Disable remote assistance.
- User Rights Assignment -> Change system time, add Everyone.
(Control Panel -> System -> Remote -> Advanced. Uncheck "Allow this computer to be controlled remotely") OK.
Check that the Windows Firewall is turned on and configure the wireless setting for ICMP to allow "remote echo request".
Plug the notebook into the network
- Check to make sure that notebook is configured for DHCP.
(Start -> Run, type: cmd. In the command window type: ipconfig /all. Look for DHCP enabled = Yes.)
- Run Microsoft Baseline Security Analyser (MBSA). It's on the IST Home and Security CD in the Security Tools folder.
- Run Windows Update and install all critical updates.
- Discuss Local Area Network settings with the client or local computing rep.
Set the LAN connection speed to match the local switch settings.
Contact the IST Communications group if you require confirmation of local switch settings.
Many campus network switches are now being configured for Auto-detect,
and this is the current default setting on IST imaged computers.
If local switch is connected to a repeater, set to 10 mbs/half duplex. Start -> My Network Places -> View network connections.
Right-click on Local Area Network Connection -> Properties -> Configure -> Advanced -> set Link Speed and Duplex or Media Type.
- Test for network connectivity. Start -> Run, ping IST.
- Install the most recent supported version of Symantec Antivirus.
If Notebook is running an older version of SAV you must first uninstall it from Control Panel -> Add/Remove Programs.
Also uninstall Live Update. Restart computer. Logon as local administrator.
Install SAV (managed) from the Beech server. Map a network drive to \\beech\vphome.
Connect using a different user name: Supply your ADS Acsup-Computing Support credentials.
Browse to the CLT-INST\Win32 folder. Run Symantec Antivirus.msi.
Select Complete installation. Restart computer.
3. The Migration Process
- Join computer to the ADS domain. Right-click on My Computer -> Properties ->
Computer name -> Change -> Member of -> Domain, enter ads.uwaterloo.ca, OK.
When prompted for the name and password of an account with permission to join
the domain, supply your ADS\Acsup-Computer Support credentials, OK. Close all open windows and restart machine.
- Login using the local administrator account.
- Create any local administrator accounts that are required such as !userid for the client.
If present, ask the client to enter their local administrator account password.
If client is not present enter a default password and set it to expire at first login.
Add the client's local administrator account and the ADS\OU-Administrator security
group to the Administrators group. Right-click on My Computer -> Manage -> Local Users and Groups ->
Groups -> Administrators -> Add. Supply
your ADS\Acsup-Computer Support credentials. The Power Users group should have no members.
- Add all Departmental printers using the addprint.bat file using a floppy disk or USB thumb drive. Start ->
Run -> Browse -> a: -> addprint.bat. Add the machine name to command line. For
example: addprint.bat istpc93. A blank black window will briefly appear on the
screen. Remove floppy disk or thumb drive when drive light turns off. The departmental printers list will not
appear until after the machine has been restarted.
- Restart machine and verify the implementation of ADS managed group policies.
Open a command line window and enter: the gpresult command.
Check for Academic Support Software distribution within the Applied Group Policy Objects list.
Check for the Standard Applications security group within The Computer is a part of the following security groups list.
Note: Group policy updates will normally occur within 90 minutes after completion of Hostmaster and ntmaint requests.
This may sometimes require a few reboots. Check the Add\Remove programs list for the most recent versions of
standard software such as Acrobat Reader and Eudora to indicate that managed software deployment has taken place.
4. Post Migration
- Have client login using their General ADS Account.
- Assist client with selecting their default printer, reinstallation of non-standard software,
creation of shortcuts, testing
and configuration of email program, importing favourites, mapping network drives, etc.
- Alert client to the fact that group policies turn on the Windows Firewall with a particular
- Apply the following local configuration changes; with the approval of the client:
- Task bar and Start Menu Properties: unlock taskbar; Show Quick Launch
- Add a shortcut to Notepad in the SendTo folder in the Administrator profile
(copy the existing shortcuts from the Start -> Programs -> Accessories folder to c:\Documents and Settings\Administrator\SendTo)
- Show client how to set a screen saver and hybernation password (Right-click on desktop, Properties -> Screen Saver)
- Discuss folder redirection of 'My Documents' to their network drive, N:.
- Discuss use of offline files:
- As Administrator, enable offline files (My Computer -> Tools -> Folder Options) but disable automatic synchronization.
- As ADS/user account, configure synchronization:
- My Computer -> Tools -> Synchronize; suggest synchronization on logon and logoff and "Ask before synchronization". Then
- My Computer -> Tools -> Folder Options -> Offline Files; uncheck "Synchronize ... when logging on" (this will result in quick synchronization of changed files) and check "Synchronize ... when logging off" (will result in a full synchronization).
Last updated by Phil Knipe (pknipe at uwaterloo.ca) November 25, 2005