I work as a technician in an education environment and are looking to change the network considerably in the next 6 months.

At present we have a windows 2000 server, which basically just provides storage for domain users. Each user logins in via a windows xp machine and has access to their home directory and all locally installed applications (only the applications installed on this machine).

As the establishment gets bigger, the likely hood in me being able to manage each individual machine is impossible!

So what I am looking at is being able to achieve the following: -

1. Central application storage, without the need for me having to install applications on each and every machine. Can an install be carried out on a number of machines at a click of a button?

2. Each user logging in has specific access to certain applications, BUT not all. This needs to be restricted.

3. Some users may have disabilities, so being able to create a profile for students with visual impairment (contrast etc).

4. Printing Quotas.

Is this all possible via windows 2003 R2 server or will I need specific software. Please recommend.


0 Comments   [ - ] Hide Comments


Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
Answer this question or Comment on this question for clarity


Hey Robert,

Some of the things you are talking about can be handled through Active Directory policies and group membership or OU structuring. I am assuming you guys will be using AD correct? Just about anything can be done through some kind of slick login scripts but if you are looking for out of the box solutions here are some suggestions.

1. Central Application Storage? = I think what you are refering to here is a software deployment solution. How do you make sure the correct systems have the latest version of software etc? You can use AD for deploying software or use another solution like Microsoft SMS or any of the others mentioned in the forum. The goal would be to find the best set it and forget it approach so that when new systems come online they get the software they need with little administrative effort from yourself. The only requirement would be that they are in the correct OU or group. This alone can be pretty challenging as it requires you to do silent application installations and learning the deployment tool. Both have some learning curve.
2. Application restrictions? = There are 2 common approaches to this. One is to use file security, or a group policy where you specify which applications can be launched by certain groups. The other, and probably the easiest is to simply control the icons on the desktop and start menu for the users. There isn't an out of the box solution to this that I am aware of except for using MSI's and AD Administrative deployment. But I have used something in login scripts that does something similar.
3. Disability Profiles? = Once again this would probably be a combination of AD GPO's and some login script stuff. Place the users in a certain group or OU in AD and based on that apply a GPO or run certain scripts to change desktop settings.
4. Printing Quotas? = Not sure about this one. I know Server 2003 R2 has some advanced printing capabilities but I haven't played with it in detail. Here is a site that talks about it though http://www.printlogger.com/related/Managing%20Printers%20with%20Windows%20Server%202003%20R2.php.

Server 2003 would be the server OS of choice. Once you start planning out how you are going to manage the systems you may find that you need other tools to meet all of your needs, like SMS or something similar. If you need details on how to do these specific items most of them have been done before and googling will get you on the right track.
Answered 02/06/2007 by: yarborg
Blue Belt

Please log in to comment