Management Tools for Computer Labs? 58
dorko72 asks: "I have been put in charge of setting up a small computer lab (30 workstations) for a local community. The benefactor is providing the hardware (dell workstations and one server) as well as the operating system for these systems (Windows XP Professional and Windows 2000 Advanced Server) All the equipment is used, but not too old. I would like to find out what some of you guys use to monitor and manage the lab usage (ie provide realtime stats of which station is in use, etc). I would plan to set these machines in a Windows domain using Win2k Advanced Server as the controller via Active Directory. There must be some way to access AD and find out who is logged in to what machine in the domain. Any suggestions or ideas would be much appreciated."
A bit off topic (Score:5, Interesting)
Re:A bit off topic (Score:4, Interesting)
The concept is very nice. We have used deep freeze from pre-schools to universities to make life a lot easier on everyone. Teachers simply start the machines in the morning. Next day, the machines are like a clean slate, waiting to be abused again.
Re:A bit off topic (Score:2)
HOWTO: Subvert Deep Freeze (Score:2)
I have no idea how difficult it is to get raw access using various versions of Windows, but in L
Re:HOWTO: Subvert Deep Freeze (Score:2)
Nor does manually whiping out the partition containing deep freeze.
Re:HOWTO: Subvert Deep Freeze (Score:2)
Does it modify the BIOS, then? It has to be stored somewhere and the only places that persist without power are partitions, the master boot record*, and firmware.
* Does `fdisk /mbr` wipe the entire MBR? Like what would happen if you installed LILO or GRUB on a Deep Frozen system?
Re:A bit off topic (Score:2)
An anecdote about deepfreeze: They have it installed in many of the labs at my university. It probably makes life a lot easier for the sysadmins and it's nice to not see kazaa, a bunch of spyware and other crap load up when I log in.
BUT there was one annoyi
Re:A bit off topic (Score:2)
I started shortly after they got Deep Freeze, so I missed the days of constantly fighting with virus infections, spyware infections, people saving passwords, and other borked up stuff.
The Pro v
Re:A bit off topic (Score:3, Informative)
Re:A bit off topic (Score:2)
Can updates to the images be pushed out over the network? Just curious, I have no reason to buy Centurion Guard. I run a compute cluster where if people screw it up, they just jeopardize their own research.
Re:A bit off topic (Score:2)
Unfortunately, we have no way of deploying updates
Re:A bit off topic (Score:1)
Re:A bit off topic (Score:2)
LTSP MRTG SMB (Score:1, Interesting)
Re:LTSP MRTG SMB (Score:2)
Three words: (Score:3, Insightful)
You're a community organisation - just ask Bill and Melinda [gatesfoundation.org] for a few licenses.
Re:Three words: (Score:3, Informative)
There are forums there you might ask about lab admin as well.
Lab management software (Score:5, Informative)
netusers.exe [jsiinc.com] and some perl or python thrown in to deal with the output of netusers. You can get all your user stats and stuff from this.
With those tools you can develop some scripts to track usage, avaiable comptures and throw it all up on a web site.
Remote Admin Tool (Score:1)
Windows 2000 Domain (Score:4, Informative)
You can include a script to run in the startup folder that does the following:
rem --
net use h: \\SERVERNAMEORIP\SHARE
echo [INSERTCOMPUTERNAMEHERE] had the following user login:>>H:\LOGINLOG.TXT
echo %USERNAME% >> H:\LOGINLOG.TXT
date
time
rem --
every user that logged into the domain would need write access to the share tho.
There are tons GPO+VB script ways to do this
next time (Score:1, Troll)
Short list (Score:4, Funny)
Re:Short list (Score:1)
Needed: One linux box (Score:5, Informative)
Bring up your favorite distro. The important bits of immediate concern are Squid and syslog. Prevent direct access to the net from the client machines and force them to go through the proxy using a GPO in ActiveDirectory. Configure Squid how you like, but best to at least add the capability to block certain sites and prevent certain file types from being downloaded:
acl hosts_deny dstdomain "/etc/squid/blocked_sites.txt"
acl filetypes urlpath_regex -i "/etc/squid/filetypes.txt"
http_access deny filetypes
http_access deny hosts_deny
List the domains to block in
Now run over to sourceforge and grab ntsyslog [sourceforge.net]. This handy tool exports your Event Viewer logs to a remote syslog server. It installs as a service and it's a cinche to setup. Stick is on your domain controller. On your Linux box add a line like the following to syslog.conf (for sysklogd):
user.alert -/var/log/domain.log
By default, ntsyslog uses user.alert, but you can change that to whatever you like. Also make sure your syslog is configured to receive messages from remote clients. Now, in your default domain policy on the domain controller configure it to audit logon events as well as account logon events, successes and failures for both.
Now you've got web access managed by a central proxy with full logging and minimal blocking abilities and all logon success/failures being reported to Event Viewer on the DC and forwarded to the syslog. If you want to see who is logged into a machine at any given time you can either quickly parse the logs or use something like NetUsers [jsiinc.com] or LoggedOn [jsiinc.com].
Popular local opinion says that you're likely to have more problems/attacks with/against your Windows server. Having your Event Viewer messages forwarded means you can diagnose problems in the event something happanes to that server. You'll probably want to at least MRTG the Linux box to get an idea of bandwidth usage too. Then enjoy whippin' up your own set of shell scripts to play with your logs (hint: real-time monitoring)!
Re:Needed: One linux box (Score:2)
There're plenty of free software proxy servers, firewalls on windows, no need to futz around with linux.
Re:Needed: One linux box (Score:2)
NetOp School (Score:2, Informative)
Learn from the master (Score:4, Funny)
psutils (Score:2)
I'll also recommend Microsoft Baseline Security Analy [microsoft.com]
Deepfreeze woes/woots (Score:1)
the BANE of us geeks, we can't fiddle and tweak with our boxen cuz the night classes have newbies *sigh*
Deepfreeze works at the MBR level, only way to circumvent it to blow the HD away (i.e. write zeros across it and sector zero.)
easy way around that is a password on the bios (also on these boxers) to prevent alt boot sources
A big honkin' Master lock on the covers keeps us from getting at the bios reflash jumpers, i.e these boxes are
Re:Deepfreeze woes/woots (Score:1)
I'll second DeepFreeze.
We use it here where I work, and I have a love/hate relationship with it.
It's great. It stops people pissing with the settings. It means that should Win98 hang (as it frequently does...)n you can just hit the power switch and DF brings the box back up in it's original state.
It's a bugger for trying to roll-out official minor updates though. (Like anitivirus signatures).
Automated updates get automatically undone.
I find it's greatest irritation is also it's greatest strength.
I
Re:Deepfreeze woes/woots (Score:1)
there is a guy in my net studies class who works a bit for the IT guys, and thus knows the password. But like any government drone, he remains mum about it. And whenever comfronting the sysadmin, he conviently skirts around any issues relationg to DF... gee, i wonder whats up with that.
Altiris (Score:1)
Re:Altiris (Score:1)
monitor and audit? (Score:1)
Sometimes the oldest managment tools are the best (Score:2, Funny)
ask yourself why.. (Score:2)
Re:ask yourself why.. (Score:2, Interesting)
tools (Score:1, Informative)
To initially install the OS and software for a full lab, we would use a program called Ghost. It works by taking an iso of an existing setup and writes it multiple machines at once over a hub. i'd set up a lan with 12 machines at a time and would write the image
What is Active Directory? (Score:1)
I just about get what COM is, ActiveX took me a while but I think I have the gist, I found out very recently that .NET is like Java (not just a new brand name like I thought!), but Active Directory and various others still elude me... anyone else have this problem?
Yes (Score:1)
These tools are built in. (Score:2)
For determining who is logging in where and when, you simply need to enable auditing at the domain level.
If you want performance or utilization information then use Performance Monitor. It can be used either locally or remotely to monitor a mind boggling(and possibly useless) number of performance counters.
For monitoring the activities of the users, file level auditing can be used. For internet activities you need additional hardware/software than you sa
Obiligatory Linux Response.... (Score:2)
Is there a reason they have to run Windows?
Take a look at the K12 Linux Terminal Server Project [k12ltsp.org]. With relatively new machines you can be up and going in 2 hours (not including plugging the machines in). I put this in our business lab at the high school and it's been a dream to run. I never have to worry about viruses, and updates/installations are done once. To install a new machine you plug it in, go to the BIOS and tell it to do a network boot. I don't have to worry about any license issues either. If y
Why? (Score:2)