[unisog] Current use of Netware (OES), MS AD and Samba for delegated control

Bradley Ellis Bradley.Ellis at its.monash.edu.au
Fri Jun 10 00:25:02 GMT 2005

Hi All,

> I think that this can be acheived with just Samba and a bunch 
> of trusted domains, which will be a lot cheaper than the 
> alternatives of Novell Open Enterprise Server or MS Active 
> Directory.  

If you are _just_ using these systems for File and Printer 
sharing then you are possibly right.

However it is the extended uses of these systems MS AD/Novell
that  really brings in the benefits when you are managing a 
large fleet of desktops.

These systems offer a number of advantages that to my
knowledge aren't in Samba - 
	- Configuration Management via AD Group Policy,
	  SMS, Zenworks.
		You could possibly do this with 
	      registry files but its all a bit painful,
		and hard to find people with the knowledge
		to do this effectively.

	- Automated Software Installation ... Sure you
	  can do this out of a login script, but how do
		Check that the system have enough disk space,
		Install the software without giving the user
	 	administrative rights, etc ?

	- Software and Hardware Inventory ... 

		The Prescott stepping issue with XP SP 2, 
		a report would tell you how many machines 
		your tech's needed to visit to upgrade the 

		Problems with Video Drivers, etc.

The automated installation of software can be extended to
	When MS-Blaster came out, how many of us where running
	around and manually patching 1000's of machines ?
	(SUS or other automated patching solutions didn't 
	exist at that time).
> What good and bad experiences have people had with these 
> setups, especially in the sense of security vs feature 
> comparisons between them?

Most of the bad experiences have been when people
_thought_ that they new enough to setup these systems,
but didn't really understand what was required.
	Eg. No WINS server in a routed NT 4.0 network, etc.

The good experiences have been when customers have had
a good organisational IT Policy that their staff where 
educated in, a hardware and software SOE, appropriate
remote control of workstations, resulting in:

	* A good level of support for remote sites from a
	  central IT Support using remote control, and
	  local it support suppliers where appropriate,
	  significantly reduced travel costs and increased
	  staff productivity and a less lost time due to
	  difficulties using IT Equipment.

	* 30 minute maximum turnarounds for problems 
	  with desktops - 15 minutes troubleshooting,
	  if it wasn't fixed then, 15 minutes to rebuild.

	* Happy customers supported at 20:1 tech ratio.

	* No lost files when upgrading pc's or reimaging
        as the customers saved their files onto servers,

Hopefully this helps,
Bradley Ellis
Senior IT Security Officer, Infrastructure Services
Information Technology Services, Monash University - Clayton

More information about the unisog mailing list