Logon to computer vs logon to domain

[aspenjim]

We are having a big pow-wow with all of the powers to be on Tuesday. I'm just not used to thinking on such a large scale, but I guess this is the government w/ a $15M budget and they do have $24k for this particular project. They spend as a whole about $15k a month for the software support for the inmate database and the ACS software to run the county.

One more side question. the database is an access db about 75meg in size. What does SQL have to do with this. All I know about SQL is it is searchable (as opposed to MSDE). I am a MS registered partner and I subscribe to their actionpak and have all of the software that comes with that. I've installed SQL2005 on my server and don't even have a clue about how to configure it. In other instances, I've installed a trial version of Webroot Enterprise trial and couldn't figure out how it works. So in a nutshell, What exactly does SQL do when the db is in Access? (I don't have to worry about configuring this on the real server, because the company that does the support will dial in and do the configuration. However I should have a clue going into this. Incidently, 2 of the engineers of this software will be at the meeting on Tuesday.

Again, I am an indepent contractor for this account and get paid $1400/ month to support about 80 county owned or leased PC's. We will probably renew the contract soon and I should get $1600/mo. I want to keep my time fairly minimal and when I talk about downtime, I mean just getting it installed and getting the kinks worked out and all of the XP Home's upgraded to XP Pro.

One other thing I haven't thought about until your last 2 posts is the idea of keeping the old server as a BDC. How does that work for the database. I know how PDC's and BDC's work, but is the db kept mirrored on both servers in case the BDC has to be promoted. These are questions that they will have. An offsite backup is something that they really want.

I know this would be just a walk in the park for most all of you, but it is keeping me up at night trying to think of all that needs to be considered. This is the first time in 7 years I've felt the need for some formal training. I've worked with the John Deere dealerships and have had to do a BDC promo (with JDIS's help), but they had a UNIX server that ran the business system and their NT servers just acted as a parts catalog server and connected to the unix server for pricing and inventory, so the temporary downtime (HDD failure) was minimal. This was in 2001. This my chance to raise my competency to the next level. I've complained about the Sheriff's server since day one and they just keep buying XP home from their previous HW vendor, just p***ing $$ away. I can appreciate that kind of loyalty, but the guy doesn't have a clue about the real world networks (even in a town of 2000 people).

[nmX.Memnoch]

One more side question. the database is an access db about 75meg in size. What does SQL have to do with this. All I know about SQL is it is searchable (as opposed to MSDE). I am a MS registered partner and I subscribe to their actionpak and have all of the software that comes with that. I've installed SQL2005 on my server and don't even have a clue about how to configure it. In other instances, I've installed a trial version of Webroot Enterprise trial and couldn't figure out how it works. So in a nutshell, What exactly does SQL do when the db is in Access? (I don't have to worry about configuring this on the real server, because the company that does the support will dial in and do the configuration. However I should have a clue going into this. Incidently, 2 of the engineers of this software will be at the meeting on Tuesday.

Access and SQL are two different database engines. If there are going to be a lot of users using the database at the same time then it should definitely be in SQL. Access databases aren't designed to handle a lot of users (more than about 5-8) accessing a single database at one time. This is going to be dependent on the other company migrating everything though. Access can still be used as a front end for a SQL database.

Something else you should give some serious thought to is a server to handle SQL Server. I would not install SQL Server on your DCs. Since you're not talking about a lot of users then you don't need something as powerful as we've configured for your DC. You can probably get away with a PE1800. They'll need something though...

when I talk about downtime, I mean just getting it installed and getting the kinks worked out and all of the XP Home's upgraded to XP Pro.

That XP Home to XP Pro upgrades shouldn't take very long. This is going to be one nice feature of Windows Vista...you can purchase an upgrade without reinstalling. Just plug in the key and it'll add the necessary bits and bytes so you don't have to reinstall (at least that's the way I keep reading it's supposed to work). There will be a transition and adjustment period for them though with moving from local logons to domain logons. Since there isn't currently a domain there shouldn't be any downtime regarding that side of things. All you'll have to do is create the domain, create the users, join the workstations and give them their new logons. You'll probably have to go through profile migrations and such, but that's incidentals. There'd be a lot more work if it were a bunch of existing domains you were attempting to migrate into one.

One other thing I haven't thought about until your last 2 posts is the idea of keeping the old server as a BDC. How does that work for the database. I know how PDC's and BDC's work, but is the db kept mirrored on both servers in case the BDC has to be promoted. These are questions that they will have. An offsite backup is something that they really want.

I wouldn't make the old box a domain controller at all (BTW, with Active Directory there is no such thing as PDCs and BDCs anymore). I would just make it a member server and use it for serving files, printers, backups and such. You may be able to get away with using it for SQL Server just to get things started. They can purchase a better server later (SQL databases aren't that hard to move).

[aspenjim]

Just out of curiosity, if I were to search for a file extension for a SQL db, what would it be? *.mdb is for access and I know there are 2 *.mdb files there (on the server). They talk about cutting "ADE's" on everyones workstation every several months and one of the files may just be a backup file. Also on everyone's workstation, there is a directory with 2 *.mdb files in it around the 75 megs I mentioned earlier. That is where the shortcut from the desktop goes to. From there, I don't how it gets to the server.

I want to do clean installs on all of the XP homes as opposed to upgrades, although just to regain some of the performance as most were upgraded from Win 98.

I didn't know about the PDC and BDC change. Did that happen when 2000 came out? AD doesn't seem too difficult yet for me on local networks. (Problem I have is mentioned in the first post giving the user domain admin rights. I will have to correct that soon as they want pw's to be changed every several months to comply with HIPPA laws. Some people have passwords to the pc and others have pws for server access and I don't quite know an easy way to get everyone on the same page. I figured I would have a much better idea after this Sherriff dept install.) I just add a user and computer here and there and give them appropriate rights and pw's. I know that's a completely different scenario with bigger networks and multiple domains (as I've seen at some colleges).

Edited March 27, 2006 by aspenjim

[nmX.Memnoch]

Just out of curiosity, if I were to search for a file extension for a SQL db, what would it be? *.mdb is for access and I know there are 2 *.mdb files there (on the server). They talk about cutting "ADE's" on everyones workstation every several months and one of the files may just be a backup file. Also on everyone's workstation, there is a directory with 2 *.mdb files in it around the 75 megs I mentioned earlier. That is where the shortcut from the desktop goes to. From there, I don't how it gets to the server.

The SQL Server data file extension is MDF and the log file extension is LDF. You won't find these files on any clients though. Honestly, if the other company is going to set everything up then I would let them do that and worry about it later. You've got enough to deal with in getting the domain up and running.

I want to do clean installs on all of the XP homes as opposed to upgrades, although just to regain some of the performance as most were upgraded from Win 98.

Definitely. I wasn't suggesting to do an upgrade install...that's something I would never suggest. Especially do clean installs of they were already upgraded once without a fresh install.

I didn't know about the PDC and BDC change. Did that happen when 2000 came out?

Yep, that's when the change came about. People still use the terms, but they don't really apply with Active Directory. There are a few other terms you should familiarize yourself with though (examples: Operations Master, Global Catalog Servers, etc).

AD doesn't seem too difficult yet for me on local networks.

AD isn't difficult at all. It works very nice when you take the time to set it up properly.

(Problem I have is mentioned in the first post giving the user domain admin rights. I will have to correct that soon as they want pw's to be changed every several months to comply with HIPPA laws. Some people have passwords to the pc and others have pws for server access and I don't quite know an easy way to get everyone on the same page. I figured I would have a much better idea after this Sherriff dept install.) I just add a user and computer here and there and give them appropriate rights and pw's. I know that's a completely different scenario with bigger networks and multiple domains (as I've seen at some colleges).

This should be a thing of the past when you get done. As you add users/workstations to the domain you should be change the local admin password (and rename the admin account) on all of the workstations...and not giving them that password.

Getting everyone on the same page will be easy. The Active Directory structure will take care of that for you.

[aspenjim]

@nmX .Memnoch

Thanks for all of the information.

After our meeting Tuesday, I decided I wasn't at all qualified to do this. My server would have been better than my predecessors, but it would have been lame compared to a true server admin's. The company putting in the barcoding gear is going to do the server. They are going to put in a proliant w/ 2 - 3.6 xeons, and 2 - 15k scsi drives (as opposed to 2 sata drives in raid 1 originally proposed). He is going to show me what I've been asking about in this post and I'll have a much better clue for the future.

Moving on to today... I sold another PC to the nursing home that I originally asked about in the post (logon to the domain vs. logon to the PC. This time I had much quicker success than the previous 5 PC's I added. Still ran into a couple issues I like an quick answer to. Here's what I did differently. I installed all of the software first, before I joined the PC to the domain logged on as the administrator. This PC was for the accounting lady and there was all several new programs I had to install (business works, timeclock s/w and intuits online payroll services). It went nearly perfect. Here are the 2 issues... When I sat up the user account, when I gave her only user rights, Almost every program errored (I could tell it was a permissions problem). Whenever I gave her admin rights, it was okay, user rights, it errored. Logged on as a admin, I right clicked on the directories (which were all on the root of the HDD) and gave her full read/write privileges with no luck. I ended up just making her a member of administrators to get out of there tonight. The other issue was I could not get her login script to work. (it just mapped drives to shared, her user dir and apps). I studied 2 other PC's that someone else had setup and did the login script and I couldn't figure out what I was doing wrong. (Later, I thought I may look tommorrow to see if the batch file was in the startup dir). I ended up just mapping the drives and she was able to use the programs without any errors.

Back again to the original question... logon to the domain vs. logon to the PC... The first 2 PC's I added to this domain, I joined them to the domain very first and (not knowing any better) had them logon to the domain. However, after doing that, I studied all of the login bat files and was able to make their PC's do the login script thing you mentioned earlier in this post. I just decided to make all of the users logon to the PC from there on. When I get all of this figured out, I will make all of the logons the same. Then, I have to figure out a password scheme, as I mentioned before. After this Sheriff's install, I'll prolly be much more clear on this. BTW, this server at the nursing home is a w2k server.

I ran into one other thing new to me and need to do a quick crash course on... That is profiles. I'm embarassed, but I truly don't know exactly what a profile is, except something to do with user pref's (I'm guessing). I have never paid attention to the profiles tab on setting up a user on a pc. I did look at the working ones that someone else had set up and they had the logon script file name in there, but when I added "tbone.bat" (tbone is the user), it still didn't map the drives. There is a directory of logon scripts for the users on the server with tbone.bat in it.

Edited March 31, 2006 by aspenjim

[nmX.Memnoch]

Hehe...that last post needs to be split up into 3 or 4 new threads. There's just too much to try to answer at once.

[aspenjim]

I got to thinking after I made the last post... put the script in the startup directory... Or in the registry in the run key...

I also asked someone who works at a colorado university IT Dept and he told me profiles were for exchange clients. Are they used for anything else and where are they stored?

[nmX.Memnoch]

Your logon scripts should be in the NETLOGON share of the domain controller. Then you set it in the domain account options (go to account properties, Profile tab and enter just the name of the script in the Logon script block). That way, no matter what machine they logon to the correct logon script will run because it's being called from the domain controller instead of the local machine.

Profiles are used in Windows as well. Under a "standard" setup the user's profile is located at %SYSTEMDRIVE%\Documents and Settings\<user name>\.

[fizban2]

Every user have a profile on a PC, it is created the first time they logon, mike memnoch said, c:\documents and settings\<user profile> that profile is created and stored on the local machine unless roaming profiles are setup, which from the sounds of it you shouldn't worry about atm