Windows Desktops

Download Report

Transcript Windows Desktops

PPD Windows update 2009
Christmas lecture (16/12/2009)
By Kevin Dunford
Contents
•
•
•
•
•
•
•
Windows 7 64 bit – Hyper-V & BitLocker
Hardware – Desktops & Laptops
Going Green
Coffee
Web services
Windows Security
Windows 2008 Servers - Printing, DHCP,
Active Directory
• Work in progress & plans for 2010
Windows 7 64 bit
•
IT Service Delivery Committee – Windows 7 Working Group (RAL, DL,
UKATC (Edinburgh), RCUK (Swindon))
•
One Windows 7 Enterprise image* file for both desktops and laptops with
common applications (Office 2007, Exceed 2008…)
•
•
Each department IT team customise: additional applications & settings
Windows 7 – big improvement over Vista (All the little nagging problems
fixed, or improved)
–
Slide 1
Issue with Vista - User Access Control, CPU going 90~100% when operating system is idle
Temporally stopped deploying Windows 7 to desktops
Waiting on ITSOC (Information Strategy and Oversight Committee) Jan 2010
Will Windows 7 be added to Campus Agreement (Funding)????
If not.... PPD purchase licenses - Enterprise (laptops) Professional (desktops)
* Two images \ have to re-clone desktops
Virtual computing
Slide 2
•Hyper-V replaces Virtual Machine - Windows XP - non compatible
applications – installed on case by case basis.
•Only install 32bit Operating Systems
•Host system inherits Hyper-V applications – runs Hyper–V in background
BitLocker
•Windows 7 Bitlocker is still to be reviewed for FIPS140-2 certification, uses
same technology as that in Vista, which is FIPS120-2 certified.
•BitLocker (Full disk Encryption) PIN can now use numbers, letters and
symbols
•Integrated STFC new password policy: Length (10) and complexity
•BitLocker To Go - USB drives - Compatible with Windows XP, Vista and
Windows 7 but doesn’t work on Mac or Linux
• BitLocker restricted symbols due to US keyboard remapping
at boot: @ “ £ # ~ ¬ ¦
UK keyboard
US keyboard
Desktops & Laptops - Hardware
•
•
•
Slide 3
PPD purchase around 20 new Dell OptiPlex desktops every year for business computing.
Hardware specification - Desktop & Laptops: Core 2 Duo Processors, 4GB’s RAM &
160GB’s HDD
Desktop monitor - AGP\DVI dual graphics card (Advanced Graphics Port \Digital Video
Input) 1 * Dell 20” TFT (Thin Film Transistor) monitor
Laptop Latitude range
E 4300 starting weight 3.3lb £1000 (very popular)
E 6400 starting weight 4.3lb £900
Laptop desktop replacement
Computer group will contribute £400 towards total cost (MUST include docking station)
PPD laptop loan pool – 4 * E4300 solid state HDD and battery slate (7 hours) with Windows 7
Enterprise
Going green
Slide 4
• Dell desktops Optiplex 960
– Energy Smart power management - 90% efficient
• EPEAT-Gold, TCO 05, and Blue Angel certification
– “Built with post-consumer recycled content” – 10%
• Small print - available on systems ordered after December 2008
– “Dell's ultra-silent QuietKit noise-reduction solution”
• Dell servers R610 - Energy smart PSU’s & QUIET!!!
• Since 2006 - Friday 10pm desktops remote shutdown
• Mon ~ Thurs - Lock your accounts and turn off monitors when going
home.
• Windows 7 & Vista – Configure Power Options from control panel
(Sleep: display\computer)
• Unnecessary printing \ printing to wrong device
Tea and biscuits anyone?
Back in 15 minutes
No peeking!!!
New services – Alan Doo
Slide 5
• WebDAV (Web-based Distributed Authoring and Versioning)
– Access DFS T:\ppdfiles – via internet
– Authenticated with CLRC accounts & monitor who has access
– Restricted access (DNS) Only available from RAL, ILL (France) and JPARC
(Japan)
• Remote Wake on LAN (Power on office\lab computers while offsite)
– Hosted on the secure external PPD home page
– Authenticated with CLRC accounts
Windows Security
• Alan Doo has built a new Windows 2008 server
managing Sophos and Windows Updating Server
(WUS) visible externally.
• All laptops owned by PPD has to be….
– Encrypted (FDE) Windows XP PointSec, Vista & Windows 7
BitLocker
– Report to our Sophos server
– Report to our WUS
– Running Windows Firewall
• PPD laptops off site Sophos messages
• Sophos for home: \\hepwin2003f\packages
• Local admin accounts (laptops & lab computers)
Slide 6
Windows 2008 - (DHCP) Dynamic Host Configuration Slide 7
Protocol & printing
• Disabled open DHCP addresses
• All desktops and laptops get IP addresses from DHCP server
• Visitors laptops wishing to access the PPD network has to be
registered on the DHCP server.
– Prerequisites: laptops will require an inspection by a member of the PPD
computer group (Anti Virus, Windows updates and Firewall) and a ‘PPD
LAN connection request‘ form completed.
• Visitors network in your office
• Printers now hosted on HEPWIN2008A (Windows, Mac & Linux)
• Automatically deployed to Windows 7 and Vista desktops
• Opened ports from visitors network to PPD network (LPD & IPP)*
*This service may be removed! Networking investigating alternatives
Windows 2008 Active Directory
Slid8 8
• Migrated from Windows 2003 Active directory to Windows 2008 (lots
more Group Polices to play with).
Things you see
• Logon screen security policy message (which you all read!!!)
• Default logon domain CLRC
• Drive mappings H:\, S:\ and T:\ and profile redirections
• Default Internet Explorer bookmarks: PPD home page, SSC…
• Microsoft Office configuration
• Printers (Vista & Windows 7)
Things you don’t see
• Laptops – Firewall and BitLocker configuration
• Laptops – Wait for network now only 10 seconds (Windows 7)
• Restricting your access to the terminal server and Virtual machines
• Windows update configuration
• Event logging configuration
• Admin accounts
Slide 9
Windows 2008 – Veritas
Backup Exec 13
Proposed backup schedule
• Daily – H:\, Experiments, Group’s, HEPWIN2003F O/S, web sites,
HEPWIN2003G O/S, Active Directory servers and HEPLNX163
(Keep in robot library - 4 weeks)
• Weekly – all of the above + Windows servers O/S, user profiles,
HEPLNX165 (PPD fire safe - 8 weeks)
• Monthly – all of the above + kits$, images$, Packages, Old_Users,
users-archive (Space Science fire safe – 1 year)
Shadow Copy: H:\, groups, Experiments
Right click on file or folder and select ‘Previous Versions’ tab
Slide 10
Windows 2008 – SCCM
Alan Doo – building a ‘System Centre Configuration
Manager’ Server
• Monitor the Windows servers
• Deploy and update third party applications like: Adobe,
FireFox, Java, Exceed and OpenAFS.
• Generates reports: software & hardware
• Investigating – Off site remote management - laptops
Plans for 2010 (funding permitted)
Slide 11
• Continue with deploying Windows 7 to department.
Windows 7 workgroup – additional Group Policies (Firewall)
• Investing PPD file storage \ web server requirements for the
next 5 years (PPD IT forum)
– Build new file server \ web server
• Email – New Exchange 2003 server in testing hardware
(Dell R710)
Thank you