Clients and you! Or should I say Clients the Mimic IT way.
Ah yes the client server relationship. How often we overlook something so ubiquitous that we can fail to see how important it actually is. In the case of Windows, it can mean your network alive if its configured correctly, or dead, if it is ignored. Like many of you I have walked into an office to find their “server” consisted of a mid range Windows PC running some file shares. They were ,of course, not coming close to the potential a true centralized architecture could give them. It’s scary I know. But fear not, today I am going to talk in depth about how to configure a Windows XP pro client for Samba utilizing Roaming Profiles, the Mimic IT way.
Samba is a Windows server that runs on a Linux box. Not really the whole server mind you, that would be Vmware or Xen, I’ll talk about that in a later article, I use VM technology everyday. No, this is a way that you can have your Windows XP pro clients, and other variants of Windows, communicate with your Linux box like they were BFF (best friends forever! yeah!)
The idea is to store the most data that you can on a centralized server that is separate from your client. That way if there is some sort of problem with the client, you can swap it out and not lose data. Roaming profiles kick it up a notch, allowing you to use another machine, as if it were your own. The data follows you around because its all on the server. This means all your email, web sites, and documents are safe and sound, being backed up everyday by the server (you do backup right?).
A good scenario on how this will help you out. You have a user go down, they simply walk to another workstation and sign in as themselves. All their information will appear on the new machine. Magic, and now you have time to place another client on the network. No more freak outs over a hard drive or corrupted machine install.
Our installation method is Unattended and if you have it setup properly, it can make your life very simple. By binding the mac address of your clients NIC you can push the data necessary for the installation directly to the client , this is written to a file called unattended.txt that is read by Windows as it installs. The actual install is performed via PXE boot over the network. All I do to reload a machine is :
Get a new machine
Place new machine on network
I will cover Unattended in full in a later segment. For now I will assume that you have your Windows XP pro installed and ready to go.
Every business has a core of software they use everyday. Usually there is one proprietary piece of software for that particular business. So lets say we are installing for a Real Estate office today, and they are using ACI. There are a few other applications they need besides, so I’ll make a list.
They also connect to an informational website that uses ActiveX. This means Firefox is a nogo. Why not load Firefox as well. When in doubt, throw it out! I just made that up. Seriously, don’t complicate these machines, think fast and they will be fast, thats the plan.
First off lets install all the applications from the appropriate sources. Now that that is done its time to get some tools.
Now place these applications in the root of that client. Go ahead and log out of Administrator, and log back in as a user from the Samba server. I’ll skip some details and devote a few pages later just to Samba. Samba changed my life for sure. Here is a condensed version:
If you have not yet installed Samba and you running Debian:
xsamba:~# apt-get samba
Set up the config file in /etc/samba/smb.conf
add a machine like so:
xsamba:~# useradd machinename$
xsamba:~#smbpasswd -a -m machinename$
and add a user:
xsamba:~# useradd username
xsamba:~#smbpasswd -a username
At this point I would make the main group of the user users like so:
xsamba:~#usermod -g users username
make your profile directory and change the ownership to username:users like:
xsamba:~#chown username:users /mnt/winstore/profiles/username
Make sure you add an Administrative user, or throw caution to the wind and just add root as a user to samba. Just change the password when you are done. SAM is always watching. Add your new machine to the domain with:
My computer> right click>Properties>ComputerName>Change button.
Use the Domain Admin username/password (root if you were lazy), reboot. Login.
Once connected, go to the root of C and right click on regmon.exe, do a RunAs and RunAs Administrator. Or this away:
start>run>runas /user:administrator ‘c:\regmon.exe’
Now it should be running. Start by running your first application. In the case for us it was ACI.
Invariably your going to have a error as the program you are trying to run realizes your not an administrator or power user and fails giving you an error. Now when this occurs you should have some data in regmon to indicate where in the registry it failed. We could do this all day, sifting through data. You could even add a filter for just your program, but let me make it easy for you.
When ever I integrate a piece of software into a client I start with the registry, and end with the filesystem. Usually this does the trick. For ACI, I would launch regedt32 as administrator, use the runas command from the run command line.
runas /user:administrator regedt32
Enter the password and Back up the registry by saving it to the root of C.
Navigate to :
Now change the permission on this entire folder to : everyone.
Do this by right clicking on the key and selecting permission. Make sure you select the machine you are on and not the network for everyone.
Next do a Runas for IE .
runas /user:administrator “c:\Program Files\Internet Explorer\iexplore.exe”
Type c: in the address bar, and make your way to the ACI folder. Right-click on that folder and change the permissions to everyone.
Now launch the program and see what happens. The great part about this strategy is that it can be applied to any app. The toughest I have done is Quickbooks, and that usually takes me about 15 minutes. Here is the actual documentation I made while installing ACI:
3.Client workstation configure
a. Install ACI reports located in shared/apps.
ai.Map share to F: as acireports. Remap Database to template in F:/Redirect.now
b. Install Thunderbird Email Client in shared/apps
c. Install The calendar extension Lightning its in shared/apps, use the tools/extensions/install option in Thunderbird.
d. install shared/apps/microbase, copy the shortcut on the desktop to /Documents and Settings/all users
e. Right click the ACI folder in Program Files and select sharing and security.Select the security tab and click add. Add the (usernames) that will uses this machine, one at a time. Make sure you have selected HUDSONLAND1 as the source. The username is root, password is the admin password. After the users are added make sure each has full access to the ACI folder
f. Do the same procedure above for microbase which is located in / .
g.. Use Run: regedt32 Change the permissions of the ACI registry key in HKLM/Software/ACI so that everyone has full access.
h .Launch the Group policy object editor snap in under Run:mmc and change the following settings:
>Local policy/Computer Configuration/Administrative Templates/System/User Profiles
Delete cached copies of Roaming Profiles: enabled
Log off when Roaming Profile fails: enabled
Now I did add users one at a time here instead of everyone, its easier to do everyone. And the last part is changing the group policy, thats the second part of this article .
Its not a real science as every program is different, so experiment. Feel free to user regedt32 to save registry keys and move them around, you might have to in order to get some applications to have the right registry key in the right place. Don’t worry if you break something, you have that backup registry we made remember?
Tomorrow I will talk about making an Ntconfig.POL file that you can use for group policy changes across your domain. That will lead into how to redirect your Desktop and My Documents folder, and well as setting up a users email. I will talk about how to keep your profiles super small for super fast access , and login times. Hope to see you then.