Minutes Waterloo Polaris Advisory Group February 14, 2001

Attendees:

Regrets:

Submitted items:

WPAG 2 topics to discuss

1. Colin asked for SIMUL8 to be installed. This requires some addition of files to E: Drive. I expect this to go out tonight. (Ray) I have been deleting unnecessary files, so we are ahead a little bit on the disk space
issue.

2. IST, see the two url's I posted in my last email to you for content. AD design meeting for feb.5th

Some of the documentation is an explanation of a forest for UCIST and an idea of how to go forward at IST. The proposal is for IST to set up a forest for all of us to live in. This forest is set up with a root domain that is empty. This first domain determines the PDC emulator and the master schema. Any domain joining must be broken down and recreated to join.
The AD group bot together last Monday (February 5) to discuss things that have come up like changing the schema (who can do what) and domains. It seems the proposed plan has control from IST and only those people in IST.

What is going to UCIST this week is can others do this? If not, what do we do about this situation? Can we live with this?

Discussion of the pros and cons of AD and single forest/domain.

Sisp could be a forest issue, but is more for the back end. Although if students are to come link in from home, the domain should not be an issue. The Ad is more about who controls what. If it is my job, why are you hampering my abilities to do my job?

We need a rep from every faculty with privileges themselves at the AD level. It should not be lopsided, and seems number of machines could dictate number of reps.

Delays are not good. It is still our responsibility to get things done.

We need a place where we can all do our jobs.

One of the problems is the MS product does not allow for the ability of a merge or a separation without losing everything that has been built up (for the Domain entering or exiting).

We all need to install software and make changes to the schema. We as system admins, sometimes need to do this quickly. Where ever you draw the line, you need to be able to do your job. This is a big decision now, and one which we will have to live with for years.

Note: Math has a stipulation that requires them to seek an AD environment this is no more restrictive than their current local domain, something that does not limit their current capabilities.

Only one Caveat, that there is some rules or a test environment before putting in.

If agree, we want to not hamper the person from doing their work, and this must be presented to UCIST.

Make Recommendations to UCIST:
People who install software need to install software unimpeded. There should be a protocol for people to follow. How ever that gets done, the current capabilities must be kept. This must be done in a timely manner. Sometimes not having the full system capability can slow down troubleshooting.

Information items:

Recommendation:

Microsoft Windows 2000 is only starting to allow centralized administration and as such is awkward for granting privileges. In view of the current design proposal from the IST Systems Group for a campus active directory environment, we, WPAG, recommend the following to UCIST:

To ensure the same level of service to our clients which include students, staff and faculty, local system administrators should not be restricted by the the University of Waterloo active directory Environment when administering their computing resources in a quick and effective manner.

In order to add, remove or alter resources (e.g. software installation, etc.) local system administrators will need to make changes to the forest and schema which will require Enterprise Administrative Privileges. This need will only increase, as more resources will utilize the Active Directory. Of course this peer level privilege will require a mutually agreed upon protocol.

Created by: sempson@sciborg.uwaterloo.ca 2001/02/14
Revised by: sempson@sciborg.uwaterloo.ca 2001/04/05