CalNetAD Documentation: Planning Committee Meeting, March 13, 2003


	Welcome • Services • Getting Started • Support and Tools • Documentation

	CalNetAD Planning Committee June 12, 2003 Room 60, Barrows Hall, 2-3:30 PM Updated: 06/25/2003 Agenda Follow-up from Economics (see Graham's Notes) Status of Server 2003 testing Status of IIS 6 testing Group Policy Management Console (handout) Status of CalNetPKI Other Business Notes Follow-up from Economics Graham Patterson gave a follow-up report on the Department of Economics migration to Active Directory. The transition to Active Directory went fairly well, though there were some unexpected minor problems. Graham will be exploring some alternatives for deploying logon scripts with the Active Directory team. The full text of Graham's report is available here. Status of Server 2003 testing Arden reported on the status of the Server 2003 testing in the test environment. All of the Domain Controllers in test are running Server 2003 (2 DCs for each domain). New policies were created for Server 2003 for: member server baseline policy Domain Controller policy Security templates Server 2003 has been very stable. Most services are not installed or are turned off by default, for example, IIS. Remaining tasks are: Generate test cases for Server 2003 domains Update deployment plan for Server 2003 Move to Server 2003 functional mode Status of IIS 6 testing Eric reported that the default configuration of IIS 6 is more secure than IIS 5. The service does not run with System privileges. IIS 6 support proxy Kerberos authentication which means it could be used instead of the Authentication Web Service (AWS). There are security issues in that the proxy authentication needs SSL and it is possible that CalNet passphrases could be captured on the web server. This issue will need further research. Group Policy Management Console The new Group Policy Management Console (GPMC) is a new Microsoft Management Console (MMC) tool that offers an integrated, single console to manage group policy. The GPMC tool was released with Server 2003 and is a fully supported by Microsoft. While it can be used to manage GPOs in Windows 2000 domains, some features are available only for Server 2003 and XP machines. More detailed documentation is available here on the CalNetAD web site. Status of CalNetPKI The PKI infrastructure has been deployed in the CalNetAD production forest. Eric is currently working on an issue with Microsoft, where the UPN for the external Kerberos realm corrupts the logon process. The Smart Card driver software is installed on the CalNetAD servers. Other Business There was a short discussion of the new VPN pilot project by CNS. The Planning Committee would like to track the progress of the pilot.

	Contact Us