this is my first admin job, i know how to "maintain etc" a network, but this one is a disaster, and they are asking me to fix it. for 6 years they had random people working on it and now apparently its my job to straighten things out. there are many many users with multiple share points, no access to folders for the admin, files "disappearing"... you name it.... to compound that, we're upgrading from nt to 2k. does anyone know of a strategy i can take to systematically restore this and be able to organize rights, permissions, ownership etc?

  1. I would start by fixing the problems which threaten the company's sales/profits, move onto security, then departmentally (by priority) fix each problem at a time.

    Perhaps some weekend/evening or even nightshift work will be in order to avoid disrupting the company's output.

    If you're after an assistant, I'm up for grabs. :smile:

  2. how large is the network? personally, i'd start over if poss, note in great detail the shares etc that are required, what permissions/rights the users need and then do a total wipeoput,upgrade to 2k, zap all the users and recreate them along with any restrictions etc in active directory. With regards to the dissapearing files, probably caused by some idiot who thinks its fun :) if the appropriate user rights are given, this shouldnt happen, of course you could set up auditing to find the culprit.
    The above is onlt really feasable on a small (ish)network, not really an option if you have a couple of hundred thousand users....but starting over is IMO the best option- at least you then know the basic setup

  3. lol..... i wish i could hire and asst... two heads are certainly better than my half in this case. and yes, send the invoice to the usual address and i'll have my assistant get back to you.... oh wait, i dont have one...

  4. oh hello again calv..... well, the network is at a school. ~500 students and 150 staff. i think (hope) the worst is behind me. i did an "x copy" on the student directory and thats when i noticed "access denied" over and over, so i stopped the copy and took ownership of the whole directory and restarted the copy. then, they all had roaming profiles, so i deleted the history, desktop, recent etc folders. i guess i'll just do the same with the staff. the permissions are sooooo screwed up it makes me more and more confused everytime i look at it.

  5. not best practice to just copy all the users that way.
    the 500 accounts for the students, are these individual names, i.e. joe bloggs, fred smith, or are they student1, student2? anyway, if you can get a list of users in a csv file, you can import these into active directory, tho what I'd do is use setupmgr to create an unattend install disk for the 2k server and the workstations and have it generate users such as student1,2,3,4,5 etc. likewise with the staff, easier iff they are called staff1,staff2 etc
    with that many users but not impossible, if not, make ONE user in active dir, set this up using %username% for the profile etc and then copy it. I'd create new ou's for studants/staff with different amount of security/rights then apply group policy (active dir gp not local) to these ou's. I'd also use gp for logon scripts.
    where do u live? I could use some overtime lol

  6. well, the active directory was setup when i reinstalled the 2k server with nt and promoted it, then upgraded to 2k. i did it that way b/c the old server is a pentium 200mhz and i didnt think it was a good idea to try to install 2k on it. the student directory is setup as ex: 03deant. so far no problems there..... i like your idea of different ou's for faculty and students. i will look into that. i DO have a problem no one has been able to figure out yet if youd like to try..... i replaced all the workstations with 2k pro and office 2k... from 95 and ofice 97. now, on many of the machines, we still get errors when we logon that say "the shortcut that refers to microsoft office.lnk is not avail..." etc. any idea how to get rid of that? oh yeah, im in massachusetts, where are you?

  7. hey calv.... quick question about ou's. (let me say upfront that i havent used them before) i created one for the students, now would there be a problem since i already have the students moved to the new server etc, or can i just start adding them to the new ou and administer the group from there? do you know what i mean?

  8. Im a bit far from you, im in uk lolI just read my last post and soinds a bit confusing even to me lol but it sounds like you got the basic setup going ok now though.
    The office problem is fairly easy, its trying to launch the stupid office startup, it will probably be in the startup folder, if not look in the reg under run, you will see it.

    Not sure what you mean by the students being "moved to the server" ? but you can add any users to an ou, its probably the best way to admin them, as you only nood to do things once, i.e. create a group policy, you can do it for that ou and that ou only.

  9. i'll check that office problem. i thought it might be a registry setting, but i didnt know which one.

    ok, my turn to clarify.... i moved the students folders onto the new 2k server. right now they are in the "users" folder in ad. i created the student ou, but cant figure out how to add them all at once. do i have to add them individually or can i just "somehow" get all them added through the console. there are 500 students. i am reading up on group policy right now.

  10. ok, to move the user, highlight themn all (click on 1st one, hold shift down and click on last one), RIGHT click on the selection, choose MOVE, you will then get a popup allowing you to choose where to move them to.
    Have a "play" with group policy, make a new ou called test, and add a user to it, right click the test ou, go to properties and then group policy, change only the USERS part of the group policy (otherwise it will affect the workstation regardless of who logs on), start by say admin templates and enable the remove run from the start menu, logon to a workstation as the test user and be sure it works (should do...)You can of course appply the group policy tp the entire domain, and seperate policis to individual ou's depending on your needs

    Note: it takes a while for group policy to take effect, to make it happen immediately, on the server, start/run, put
    secedit /refreshpolicy user_policy
    secedit /refreshpolicy machine_policy

  11. wow calv.... you are a fountain of knowledge!!! thank you very much for your help. i am going to give this a shot over the next couple days and i will let you know. thanks again!!!

  12. no probs, glad to be of assistance, I'm normally around from about 9am to 6 pm UK time (at work) but if Im watching a thread I'll try and check in at home also - bit busy around the house just now so cant get on too much in the evenings. Any major probs just post here and I'll do my best to help out, pity I live so far away lol believe it or not I LIKE doing this sort of stuff, I'd have nipped round to give you a hand one weekend if you were local, unfortunately my job doesnt pay enough to be able to fly half way accross the world when I feel like it :)

  13. hey again calv.... im glad you like helpin, b/c i need it. anyway, just a random question about drive mapping and logon scripts. i know you said you prefer gpo for file direction, and im working up to that, but right now id like to be able to map 2 drives at startup. is that possible? i have one working now. heres what i've done. 1)created script reading: net use u: /home
    2)called it "map home directory.bat"
    3)added to netlogon folder.
    4)added path etc to local and domain profiles

    it maps to their network share just fine, but i'd also like to map a "p" drive to a folder called "apps". can i do that with one script?

  14. yep, as I said before, probably better to use ou group policy for the scripts, but you can have either several scripts, or just one, for eg mine is something like:

    net use g: \\server\apps
    net use h: \\server\general
    net use i: \\server\music
    (my server is called server lol most original)

    save the bat file(s) somewhere, I have a few folders on the server canned profiles,scripts,desktops,mydocs - easier to keep track of, so on mine, if I wanted a new logon script, I'd go to the group policy of the ou I wanted a new script for, then user settings/windows settings/scripts, dbl click on logon, then click ADD, then browse to the scripts folder and select the required script.

    Just a sidenote in case you didnt know/forgot, when doing anything on the server i.e. scripts,folder redirection etc be sure to use \\servername\sharename, NOT C:\sharename or whatever, otherwise the workstations will look on THEIR C:
    hope this helps

