RE: [ActiveDir] Enhancement Question
Hi Charles We had a similar question once and our answer was: We can use group policy to provide better help desk support through application upgrades, blocking of bad applications (ie. known spyware exe), and remote administration. For the end user this will mean help desk calls will reduce, and no longer involve a 4 hour drive across town and up to 3 weeks to see somebody - they can now generally be handled either via. chat or over the phone using remote administration. Albeit, very little of this requires AD but without AD at some locations, patching, updating software, and turning on remote desktop / turning off the firewall to allow remote desktop and assistance take weeks to set up - which to the user means weeks that he is unable to get something fixed, get help, get support, or even get the latest software update. The explanation - highlighting reduced time to support - seems to have made the users in that location very happy. Regards; James R. Day Active Directory Core Team Office of the Chief Information Officer National Park Service (202) 354-1464 (direct) (202) 371-1549 (fax) [EMAIL PROTECTED] |-+--> | | "joe" | | | <[EMAIL PROTECTED]> | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org| | | | | | | | | 06/01/2005 09:06 AM AST| | | Please respond to | | | ActiveDir | |-+--> >--| | | | To: | | cc: (bcc: James Day/Contractor/NPS) | | Subject: RE: [ActiveDir] Enhancement Question | >--| I would be a bit concerned about the manager's approach. Playing up to the end users is not the proper way to run the infrastructure. If the users gripe about what is being done, the answer is simply we are doing these upgrades to be in a position to better support the environment with increased security, stability, and availability. End users should be concerned with their end user job, not what IT is doing. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, Charles Sent: Wednesday, June 01, 2005 8:54 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] Enhancement Question Neil, We deployed AD based on a very serious and well defined business case. However, when we argued for this it was indicated that the end-user would not feel any effects and all of the enhancements would be on the management and stability side. Since then, however, we have a new network manager who would like us to show the end-user what the new benefits are from the upgrade. However, telling an end-user we can not manage your PC more effectively, well, they just don't care about that. So now I'm stuck looking for a way to show them how great AD is. I would like to thank everyone for their responses. Thanks, Charlie -Original Message- From: Ruston, Neil [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 01, 2005 4:21 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] Enhancement Question It's funny how people approach AD this way - i.e. deploy and look to justify its existence thereafter :) When AD was designed and a business case was created, what were the perceived benefits back then? Why not try to create additional benefit along those lines? We all have different reasons for deploying AD - to some it's simply an upgrade, to others it's seen as a way to simplify / improve the Windows environment in many different ways. Identify your initial reasons for deploying AD and then build from there. For the record, I would argue that the end user need not see real, tangible benefits in order that AD be seen to benefit the business itself. The real benefits are normally less tangible. neil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, Charles Sent: 31 May 2005 16:05 To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] Enhancement Question This is an odd question. We have just about
RE: [ActiveDir] Enhancement Question
I would be a bit concerned about the manager's approach. Playing up to the end users is not the proper way to run the infrastructure. If the users gripe about what is being done, the answer is simply we are doing these upgrades to be in a position to better support the environment with increased security, stability, and availability. End users should be concerned with their end user job, not what IT is doing. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, Charles Sent: Wednesday, June 01, 2005 8:54 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] Enhancement Question Neil, We deployed AD based on a very serious and well defined business case. However, when we argued for this it was indicated that the end-user would not feel any effects and all of the enhancements would be on the management and stability side. Since then, however, we have a new network manager who would like us to show the end-user what the new benefits are from the upgrade. However, telling an end-user we can not manage your PC more effectively, well, they just don't care about that. So now I'm stuck looking for a way to show them how great AD is. I would like to thank everyone for their responses. Thanks, Charlie -Original Message- From: Ruston, Neil [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 01, 2005 4:21 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] Enhancement Question It's funny how people approach AD this way - i.e. deploy and look to justify its existence thereafter :) When AD was designed and a business case was created, what were the perceived benefits back then? Why not try to create additional benefit along those lines? We all have different reasons for deploying AD - to some it's simply an upgrade, to others it's seen as a way to simplify / improve the Windows environment in many different ways. Identify your initial reasons for deploying AD and then build from there. For the record, I would argue that the end user need not see real, tangible benefits in order that AD be seen to benefit the business itself. The real benefits are normally less tangible. neil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, Charles Sent: 31 May 2005 16:05 To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] Enhancement Question This is an odd question. We have just about finished up rolling out AD 2003 (from an NT domain) and I have been charged with finding "several ways to utilize Active Directory to optimize the management of our applications and infrastructure. At least one of the solutions should enhance functionality directly for the user community." I'm having problems of finding ways to enhance functionally for the end-users. Besides tying the AD into a one of our outsourced web based applications to reduce their password count I'm stretching. I know of a number of management and infrastructure enhancements that could be made but none enhance the functionality of our end-users to a point where they will notice it and say "Wow, now that's cool". Does anyone know of a location where I can get ideas on this topic? Increased security, stability, management. These core things are not seen by the end-user even though they directly affect them. I need to find something that the end-users will like to see and something that benefits them. I'm just coming up blank on this. In the past, I have always been instructions to use AD in ways that the end-user doesn't notice but increases the functionality. Thanks, Charlie List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ == This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, Credit Suisse, its subsidiaries and affiliates (CS) do not waive any confidentiality or privilege. CS retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CS until they are confirmed by us. Message transmission is not guaranteed to be secure. == List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Enhancement Question
At the widget company that I converted from NT4 to 2K the reason was simply self-preservation. The NT4 architecture was ready to blow at any second due to size, we were running with 80k users in a single domain, 75k users in another, 60k in yet another. Obviously the domain structures were ready to collapse at any time. However once done, the automatic benefits of additional stability and delegation were well worth the move on their own even if the users didn't have anything to point at besides a possibly perceived stability increase[1]. Basically I am saying I agree with Neal. Users shouldn't even be aware of the underlying infrastructure let alone being sold on the benefits. In infrastructure ops positions I tend to say that the better things run, the less people know you and the things you work on exist. It isn't usually necessary to "invent" ways to use AD, things will crop up. Some ideas though: The first thing I would do is start ripping away native permissions from everyone but a couple of Ent Admins (say 3 or 4 tops) and everyone else gets by with delegated permissions, much easier to start that way versus trying to clean it up later. Goal, better security and enterprise stability. A strong step towards change control The next thing would be to start populating AD with object lifecycle management information. This includes object owners, review dates on when the owner has to say the object is still in use, expiration dates on when objects should be removed, etc. Again much easier to start that early versus later. Goal, a cleaner happier NOS Directory without baggage. Populate the organizational managament structures, location info, contact info, etc and set up a web site to allow creation of org charts and display user info. Don't store the pics in the directory, store them in a SQL Server or someplace else. Alternatively, stick all this info into AD/AM and leverage AD Auth to access the info. Check to see if the Polyarchy stuff ever made into a production setup in MIIS, that is an amazing way to display that info. If you have multiple platforms look to start using kerberos on them so you can have single sign on. Users should really notice this if they don't have it. Look at how or even if GPOs should be used for controlling machines and user experience. Publish printer and shared folder information. Set up a web based self password reset unlock system. See MIIS functionality or MTEC's PSYNCH. This could be done under NT4 as well but more secure I think under AD due to giving out delegated rights to do the work. Deploy Exchange 2003. joe [1] It couldn't be anything but perceived on the users side unless they were monitoring availability and performance which would be a stretch for those users. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Neil Sent: Wednesday, June 01, 2005 5:21 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] Enhancement Question It's funny how people approach AD this way - i.e. deploy and look to justify its existence thereafter :) When AD was designed and a business case was created, what were the perceived benefits back then? Why not try to create additional benefit along those lines? We all have different reasons for deploying AD - to some it's simply an upgrade, to others it's seen as a way to simplify / improve the Windows environment in many different ways. Identify your initial reasons for deploying AD and then build from there. For the record, I would argue that the end user need not see real, tangible benefits in order that AD be seen to benefit the business itself. The real benefits are normally less tangible. neil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, Charles Sent: 31 May 2005 16:05 To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] Enhancement Question This is an odd question. We have just about finished up rolling out AD 2003 (from an NT domain) and I have been charged with finding "several ways to utilize Active Directory to optimize the management of our applications and infrastructure. At least one of the solutions should enhance functionality directly for the user community." I'm having problems of finding ways to enhance functionally for the end-users. Besides tying the AD into a one of our outsourced web based applications to reduce their password count I'm stretching. I know of a number of management and infrastructure enhancements that could be made but none enhance the functionality of our end-users to a point where they will notice it and say "Wow, now that's cool". Does anyone know of a location where I can get ideas on this topic? Increased security, stability, management. These core things are not seen by the end-user even though they directly affect them. I need t
RE: [ActiveDir] Enhancement Question
Neil, We deployed AD based on a very serious and well defined business case. However, when we argued for this it was indicated that the end-user would not feel any effects and all of the enhancements would be on the management and stability side. Since then, however, we have a new network manager who would like us to show the end-user what the new benefits are from the upgrade. However, telling an end-user we can not manage your PC more effectively, well, they just don't care about that. So now I'm stuck looking for a way to show them how great AD is. I would like to thank everyone for their responses. Thanks, Charlie -Original Message- From: Ruston, Neil [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 01, 2005 4:21 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] Enhancement Question It's funny how people approach AD this way - i.e. deploy and look to justify its existence thereafter :) When AD was designed and a business case was created, what were the perceived benefits back then? Why not try to create additional benefit along those lines? We all have different reasons for deploying AD - to some it's simply an upgrade, to others it's seen as a way to simplify / improve the Windows environment in many different ways. Identify your initial reasons for deploying AD and then build from there. For the record, I would argue that the end user need not see real, tangible benefits in order that AD be seen to benefit the business itself. The real benefits are normally less tangible. neil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, Charles Sent: 31 May 2005 16:05 To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] Enhancement Question This is an odd question. We have just about finished up rolling out AD 2003 (from an NT domain) and I have been charged with finding "several ways to utilize Active Directory to optimize the management of our applications and infrastructure. At least one of the solutions should enhance functionality directly for the user community." I'm having problems of finding ways to enhance functionally for the end-users. Besides tying the AD into a one of our outsourced web based applications to reduce their password count I'm stretching. I know of a number of management and infrastructure enhancements that could be made but none enhance the functionality of our end-users to a point where they will notice it and say "Wow, now that's cool". Does anyone know of a location where I can get ideas on this topic? Increased security, stability, management. These core things are not seen by the end-user even though they directly affect them. I need to find something that the end-users will like to see and something that benefits them. I'm just coming up blank on this. In the past, I have always been instructions to use AD in ways that the end-user doesn't notice but increases the functionality. Thanks, Charlie List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ == This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, Credit Suisse, its subsidiaries and affiliates (CS) do not waive any confidentiality or privilege. CS retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CS until they are confirmed by us. Message transmission is not guaranteed to be secure. == List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Enhancement Question
It's funny how people approach AD this way - i.e. deploy and look to justify its existence thereafter :) When AD was designed and a business case was created, what were the perceived benefits back then? Why not try to create additional benefit along those lines? We all have different reasons for deploying AD - to some it's simply an upgrade, to others it's seen as a way to simplify / improve the Windows environment in many different ways. Identify your initial reasons for deploying AD and then build from there. For the record, I would argue that the end user need not see real, tangible benefits in order that AD be seen to benefit the business itself. The real benefits are normally less tangible. neil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, Charles Sent: 31 May 2005 16:05 To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] Enhancement Question This is an odd question. We have just about finished up rolling out AD 2003 (from an NT domain) and I have been charged with finding "several ways to utilize Active Directory to optimize the management of our applications and infrastructure. At least one of the solutions should enhance functionality directly for the user community." I'm having problems of finding ways to enhance functionally for the end-users. Besides tying the AD into a one of our outsourced web based applications to reduce their password count I'm stretching. I know of a number of management and infrastructure enhancements that could be made but none enhance the functionality of our end-users to a point where they will notice it and say "Wow, now that's cool". Does anyone know of a location where I can get ideas on this topic? Increased security, stability, management. These core things are not seen by the end-user even though they directly affect them. I need to find something that the end-users will like to see and something that benefits them. I'm just coming up blank on this. In the past, I have always been instructions to use AD in ways that the end-user doesn't notice but increases the functionality. Thanks, Charlie List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ == This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, Credit Suisse, its subsidiaries and affiliates (CS) do not waive any confidentiality or privilege. CS retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CS until they are confirmed by us. Message transmission is not guaranteed to be secure. == List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Enhancement Question
Charlie: This is a question I'm getting from a LOT of my clients these days. I'd be happy to chat through some ideas with you, but it's too much to type out. Give me a shout and I'll spend a bit of time talking you through some "ooh-ahh-wow" things you can do with AD. 888.381.6956. Dan Holme Intelliem -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Tuesday, May 31, 2005 1:10 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Enhancement Question You could look at pre-populating the location field for printer searches. This is quite a nice feature that uses the IP subnet of the workstation the user is logged on to to locate the nearest printer. There's a few tasks you need to do to enable this, but it can be worth the effort, especially in distributed organisations. See the following whitepaper for more information on this. http://www.microsoft.com/windows2000/technologies/fileandprint/print/add eplo y.asp As you suggest, there are not a huge number of benefits that are directly visible to the end user. Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, Charles Sent: Wednesday, 1 June 2005 3:05 a.m. To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] Enhancement Question This is an odd question. We have just about finished up rolling out AD 2003 (from an NT domain) and I have been charged with finding "several ways to utilize Active Directory to optimize the management of our applications and infrastructure. At least one of the solutions should enhance functionality directly for the user community." I'm having problems of finding ways to enhance functionally for the end-users. Besides tying the AD into a one of our outsourced web based applications to reduce their password count I'm stretching. I know of a number of management and infrastructure enhancements that could be made but none enhance the functionality of our end-users to a point where they will notice it and say "Wow, now that's cool". Does anyone know of a location where I can get ideas on this topic? Increased security, stability, management. These core things are not seen by the end-user even though they directly affect them. I need to find something that the end-users will like to see and something that benefits them. I'm just coming up blank on this. In the past, I have always been instructions to use AD in ways that the end-user doesn't notice but increases the functionality. Thanks, Charlie List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Enhancement Question
You could look at pre-populating the location field for printer searches. This is quite a nice feature that uses the IP subnet of the workstation the user is logged on to to locate the nearest printer. There's a few tasks you need to do to enable this, but it can be worth the effort, especially in distributed organisations. See the following whitepaper for more information on this. http://www.microsoft.com/windows2000/technologies/fileandprint/print/addeplo y.asp As you suggest, there are not a huge number of benefits that are directly visible to the end user. Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, Charles Sent: Wednesday, 1 June 2005 3:05 a.m. To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] Enhancement Question This is an odd question. We have just about finished up rolling out AD 2003 (from an NT domain) and I have been charged with finding "several ways to utilize Active Directory to optimize the management of our applications and infrastructure. At least one of the solutions should enhance functionality directly for the user community." I'm having problems of finding ways to enhance functionally for the end-users. Besides tying the AD into a one of our outsourced web based applications to reduce their password count I'm stretching. I know of a number of management and infrastructure enhancements that could be made but none enhance the functionality of our end-users to a point where they will notice it and say "Wow, now that's cool". Does anyone know of a location where I can get ideas on this topic? Increased security, stability, management. These core things are not seen by the end-user even though they directly affect them. I need to find something that the end-users will like to see and something that benefits them. I'm just coming up blank on this. In the past, I have always been instructions to use AD in ways that the end-user doesn't notice but increases the functionality. Thanks, Charlie List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Enhancement Question
Do you have a new app you need to roll out that you can publish or assign through AD? Users get a kick out of being able to install new software themselves or seeing updated software install auto-magically... You could use LDAP and a little web page to make a simple phone number / email address lookup page that pulls the info from AD... You could re-configure their Internet Explorer home page to point to the corporate intranet (and prevent them from changing it)... :) Just some suggestions. FWIW, AD isn't about making users go "oh, that's cool" It's about making administrators go "damn, that's useful". Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, Charles Sent: Tuesday, May 31, 2005 11:05 AM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] Enhancement Question This is an odd question. We have just about finished up rolling out AD 2003 (from an NT domain) and I have been charged with finding "several ways to utilize Active Directory to optimize the management of our applications and infrastructure. At least one of the solutions should enhance functionality directly for the user community." I'm having problems of finding ways to enhance functionally for the end-users. Besides tying the AD into a one of our outsourced web based applications to reduce their password count I'm stretching. I know of a number of management and infrastructure enhancements that could be made but none enhance the functionality of our end-users to a point where they will notice it and say "Wow, now that's cool". Does anyone know of a location where I can get ideas on this topic? Increased security, stability, management. These core things are not seen by the end-user even though they directly affect them. I need to find something that the end-users will like to see and something that benefits them. I'm just coming up blank on this. In the past, I have always been instructions to use AD in ways that the end-user doesn't notice but increases the functionality. Thanks, Charlie List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/