Difference between revisions of "Domain Server"

From wiki.IPBRICK.COM
Jump to: navigation, search
(Is it possible to join Windows 10 to an IPBRICK v6.x domain?)
 
(12 intermediate revisions by 3 users not shown)
Line 1: Line 1:
F.A.Q.
+
== F.A.Q. ==
  
== Is it possible to run a script at the moment that a user logs in? ==
+
== Is it possible to run a script when the user logs in the domain, at a windows workstation? ==
  
 +
Yes. it is possible to run a script when the user logs in the domain at a windows workstation. These scripts are called netlogon scripts, and are to be published at the domain controller shared folder called '''netlogon'''.
  
Yes, when a user logs in the domain IPBrick will search for a batch file to run.
+
In an IPBRICK setup all users are, by default, setup to look for netlogon script called '''[user's login].bat''' (ex.: for a user with the login ''johndoe'' the file should be named ''johndoe.bat'').
  
This file should be placed in the shared folder '''//[server's name]/netlogon/''' (ex.: //ipbrick/netlogon). If in that folder exists a file named '''[user's login].bat''' (ex.: for a user with the login jdoe the file should be named jdoe.bat) IPBrick will run it at the moment the user logs in.
+
The netlogon shared folder is located at '''//[server's name]/netlogon/''' (ex.: //ipbrick/netlogon). On the server's file system you may find this folder located at '''/home1/_netlogon'''.
  
On the server's file system you may find this folder located at '''/home1/netlogon'''.
+
NOTE:
 +
* share/file permissions: users members of "Domain Admins" group have read-write permissions, all other users have read-only permissions in the netlogon shared folder. So, only "Domain Admins" user's are authorized to create/edit/delete netlogon files (scripts).
 +
* file/script creation: by default the logon script files do not exist, they are not created automatically. Domain users are automatically (by default) defined to look for '''[user's login].bat''', meanwhile this file is not automatically instantiated, so when you access for the first time to netlogon share you will find it empty.
  
Note that the users which are members of the "Domain Admins" group have read and write permission on this folder, while the other users have only permission to read it's contents.
+
 
 +
 
 +
== '''Is it possible to join Windows 10 to an IPBRICK v6.x domain?''' ==
 +
 
 +
Yes, it is. Proceed as follows:
 +
<ol>
 +
<li>Create an account for the IPBrick.I machine - Machines Management;
 +
<li>Perform the modification of the register:
 +
<pre>
 +
Windows Registry Editor Version 5.00
 +
 
 +
; Win7_Samba3DomainMember
 +
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters]
 +
"DNSNameResolutionRequired"=dword:00000000
 +
"DomainCompatibilityMode"=dword:00000001
 +
 +
; Error code 0x80090345 launching Windows Credential Manager
 +
; https://support.microsoft.com/en-us/kb/3000850
 +
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb]
 +
"ProtectionPolicy"=dword:00000001
 +
</pre>
 +
<li> Validate the configurations of the machine's name and network;
 +
<ol>
 +
<li> Computer's properties - define name according to the register in IPBrick.I » Machines Management;
 +
<li> Computer's properties - define the name - plus - define the DNS suffix according to IPBrick's DNS domain, select NO, modify the DNS suffix when modifying the domain;
 +
<li> After modifying the DNS name/suffix, reset the machine;
 +
<li> Confirm that the station is using the IP of IPBrick's server as a DNS and WIN server;
 +
</li>
 +
</ol>
 +
<li> Modify configurations from "Work Group" to "Domain" and indicate the name of IPBrick's domain (as in IPBrick.I . Domain Server):
 +
<ol>
 +
<li> Indicate credentials of domain administrator;
 +
<li> Welcome to the new domain;
 +
<li> Reset;
 +
</ol>
 +
<li> You may iniciate your session in the domain.
 +
</li>
 +
</li>
 +
</ol>
 +
 
 +
[[File:Screenshot_tmp-win10_2016-01-21_15_18_19.png]]
 +
 
 +
[[File:Screenshot_tmp-win10_2016-01-21_15_19_45.png]]
 +
 
 +
== '''How to join Windows 8/Windows 2012 to an IPBRICK v6.x domain''' ==
 +
 
 +
''' ***CONSTRUCTION IN PROGRESS*** '''
 +
 
 +
To join Windows 8/Windows 2012 perform the following procedure:
 +
# Create the register on IPBrick in Machines Management;
 +
# Apply changes on the registry according to the attached zip (double click on the ''reg'' and intersperse on the registry), and reboot the station/server;
 +
# These machines have no specific/functional terminal to join themselves to a windows domain on an IPBrick level, so it is used a profile "migration tool" (Note: At this time, the windows station/server is configured in workgroup "workgroup".);
 +
#* http://www.forensit.com/downloads.html
 +
#* Create a temporary user in IPBrick - migra2012 - and apply configurations;
 +
#* Create a local user in the Windows station/server with the same login (migra2012), log in locally with this login and then log out;
 +
#* Log in with the local administrator of the station, confirm network configurations (use DNS and WINS pointing to the IPBrick server);
 +
#* Execute the application "profwiz.exe" to migrate the profile "migra2012" and, simultaneous, perform "join to the domain" of IPBrick (indicate windows domain served through IPBrick);
 +
#* The station/server reboots, and it becomes possible to log in with any login of the domain, and the profile "migra 2012" can be removed.
 +
 
 +
 
 +
[[File:1.png]]
 +
 
 +
[[File:2.png]]
 +
 
 +
[[File:3.png]]
 +
 
 +
[[File:4.png]]
 +
 
 +
[[File:5.png]]
 +
 
 +
[[File:6.png]]
 +
 
 +
[[File:7.png]]
 +
 
 +
[[File:8.png]]
 +
 
 +
[[File:9.png]]
 +
 
 +
[[File:10.png]]
 +
 
 +
[[File:11.png]]
 +
 
 +
[[File:12.png]]

Latest revision as of 11:51, 28 January 2016

F.A.Q.

Is it possible to run a script when the user logs in the domain, at a windows workstation?

Yes. it is possible to run a script when the user logs in the domain at a windows workstation. These scripts are called netlogon scripts, and are to be published at the domain controller shared folder called netlogon.

In an IPBRICK setup all users are, by default, setup to look for netlogon script called [user's login].bat (ex.: for a user with the login johndoe the file should be named johndoe.bat).

The netlogon shared folder is located at //[server's name]/netlogon/ (ex.: //ipbrick/netlogon). On the server's file system you may find this folder located at /home1/_netlogon.

NOTE:

  • share/file permissions: users members of "Domain Admins" group have read-write permissions, all other users have read-only permissions in the netlogon shared folder. So, only "Domain Admins" user's are authorized to create/edit/delete netlogon files (scripts).
  • file/script creation: by default the logon script files do not exist, they are not created automatically. Domain users are automatically (by default) defined to look for [user's login].bat, meanwhile this file is not automatically instantiated, so when you access for the first time to netlogon share you will find it empty.


Is it possible to join Windows 10 to an IPBRICK v6.x domain?

Yes, it is. Proceed as follows:

  1. Create an account for the IPBrick.I machine - Machines Management;
  2. Perform the modification of the register:
    Windows Registry Editor Version 5.00
    
    ; Win7_Samba3DomainMember 
    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters] 
    "DNSNameResolutionRequired"=dword:00000000 
    "DomainCompatibilityMode"=dword:00000001 
     
    ; Error code 0x80090345 launching Windows Credential Manager
    ; https://support.microsoft.com/en-us/kb/3000850
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb]
    "ProtectionPolicy"=dword:00000001
    
  3. Validate the configurations of the machine's name and network;
    1. Computer's properties - define name according to the register in IPBrick.I » Machines Management;
    2. Computer's properties - define the name - plus - define the DNS suffix according to IPBrick's DNS domain, select NO, modify the DNS suffix when modifying the domain;
    3. After modifying the DNS name/suffix, reset the machine;
    4. Confirm that the station is using the IP of IPBrick's server as a DNS and WIN server;
  4. Modify configurations from "Work Group" to "Domain" and indicate the name of IPBrick's domain (as in IPBrick.I . Domain Server):
    1. Indicate credentials of domain administrator;
    2. Welcome to the new domain;
    3. Reset;
  5. You may iniciate your session in the domain.

Screenshot tmp-win10 2016-01-21 15 18 19.png

Screenshot tmp-win10 2016-01-21 15 19 45.png

How to join Windows 8/Windows 2012 to an IPBRICK v6.x domain

***CONSTRUCTION IN PROGRESS***

To join Windows 8/Windows 2012 perform the following procedure:

  1. Create the register on IPBrick in Machines Management;
  2. Apply changes on the registry according to the attached zip (double click on the reg and intersperse on the registry), and reboot the station/server;
  3. These machines have no specific/functional terminal to join themselves to a windows domain on an IPBrick level, so it is used a profile "migration tool" (Note: At this time, the windows station/server is configured in workgroup "workgroup".);
    • http://www.forensit.com/downloads.html
    • Create a temporary user in IPBrick - migra2012 - and apply configurations;
    • Create a local user in the Windows station/server with the same login (migra2012), log in locally with this login and then log out;
    • Log in with the local administrator of the station, confirm network configurations (use DNS and WINS pointing to the IPBrick server);
    • Execute the application "profwiz.exe" to migrate the profile "migra2012" and, simultaneous, perform "join to the domain" of IPBrick (indicate windows domain served through IPBrick);
    • The station/server reboots, and it becomes possible to log in with any login of the domain, and the profile "migra 2012" can be removed.


1.png

2.png

3.png

4.png

5.png

6.png

7.png

8.png

9.png

10.png

11.png

12.png