Roaming Computing System 1.0 - System Setup

This document is here for historical purposes. For an up-to-date version go to http://thegoldenear.org/rcs/.

Contents

0.1 Key

1.0 file server setup - operating system

• Shares and Drive Mappings

• User Accounts

  • Creating a Template User Account

  • Creating a User Account from a Template

    • Server side

    • User/workstation side

  • Creating a User Account Without a Template

    • Server side

    • User/workstation side

• User Settings

• System Policy

• Backup Strategy

• User Groups

• User accounts (for administration)

• Logon Script

2.0 file server setup - software applications

• Pegasus Mail

• Mercury Mail Transport System

• Microsoft Word and Excel

• Netscape Navigator / Communicator

• Adobe Photoshop 5.5

• Adobe Photoshop 7

• Adobe Page Maker

• RefsBase 2

• Adobe Acrobat Reader

• Macromedia Dreamweaver

3.0 Hardware

4.0 Workstation Setup

• Windows NT4 User interface

• Installed Software

• Windows 2000

• Application Configuration

  • Adobe Page Maker 6.52

  • Adobe Photoshop 5.5

  • Adobe Acrobat Reader

  • Microsoft Office 97 - Word and Excel

  • Macromedia Dreamweaver 4.01

  • Refsbase 2

  • RefsBase 3

  • WinZip

  • F-Prot anti-virus

  • QuickBooks 2001

5.0 Printing

6.0 Networking

• IP Address Assignments

• ISP

• BT ADSL Router

7.0 Sundry

0.1 Key

%USERNAME% defines the NT system variable %USERNAME%, when this is used in the text it indicates that you should type these exact characters and the NT system will substitute it with the current username

'username' indicates that you should type the actual name yourself

Wherever '\FILE-SERVER' is used, you may want to replace the actual name of your server if it differs from this.

1.0 file server setup - operating system

Shares and Drive Mappings

Sub-directories

SHARED\...

Groups

xxxxxx (global)

User Accounts

Creating a Template User Account

NOTE: usernames should not contain capital letters (else it can complicate some MS system administration tools)

• create directory: \\FILE-SERVER\HOME\%USERNAME%

• create directory: \\FILE-SERVER\USER-SYS\%USERNAME%

• Administrative Tools (Common) -> user manager for domains -> User -> New User

• user properties -> 'user must change password at next logon'

• Groups -> Group Memberships -> Member of: ORGANISATION-NAME-STAFF (set Primary Group to ORGANISATION-NAME-STAFF)

• Profile

  • User Profiles -> User Profile Path: \\FILE-SERVER\USER-SYS\'username'\profile\ (NT 4 doesn't understand %USERNAME% in the above box)

  • User Profiles -> Logon Script Name: logon.bat

  • Home Directory -> Connect H: To \\FILE-SERVER\HOME\%USERNAME%

• Account -> Account Type -> Global Account

• Add

• leave the 'Account disabled' when you have finished creating users with it

• login as %USERNAME% from a workstation - the template will be copied to their roaming profile directory

• -*- logout

• -*- login as Administrator

• -*- control panel -> system -> user profiles -> ...copy profile from existing user to new, and set the new user as the person able to use that Profile

• how do we then add that user to that list ?

• they should appear after the user has logged in, perhaps only after they've logged-in locally (at the server console) (error: you can't do this as it says 'unable to login interactively; Policies > User Rights... log on locally: template still doesn't appear on the list, only local accounts do)

• they will then have a 'local' profile, which can be re-configured as 'roaming'

• ...setup group permissions for Shared directories

• ...set Primary Group in Profile

Creating a User Account from a Template

Server side

(for the user their H: isn't \HOME\username its \HOME unless we add a 'cd H:\%USERNAME%' to a logon script)

• create U:\username (their user system files directory)

• create H:\username (users' home directory. now G:)

• Administrative tools (Common) -> User Manager for Domains -> pick the user 'template' -> User -> Copy

• enter the username

• Profile -> User Profile Path - change the word 'template' to the new username

• add a password

• check the 'Account Disabled' box to off

• (if users have individual profiles then 'start/settings/control panel/system/user profiles/template/Copy To'

  • (Copy profile to: \\FILE-SERVER\USER-SYS\'username'\profile (or U:\'username') )

  • (Permitted to use/Change: ORGANISATION-NAME/'username')

• using Windows Explorer, set permissions for the following directories

  • U:\'username'

    • right-click on the directory -> Properties -> Security -> Add -> Show users -> choose user -> Add

    • choose to apply to 'sub-directories' and 'existing files'

    • pick the username -> special directory access: (RWXDO)

    • special file access: (RWXDO)

    • (Error: sometimes says 'access denied' - choose to continue)

    • ('User Admin... -> create user' can set these if the directory doesn't already exist)

  • H:\'username'

    • right-click on the directory -> Properties -> Security -> Add -> Show users -> choose user -> Add

    • choose to apply to 'sub-directories' and 'existing files'

    • pick the username -> special directory access: (RWXDO)

    • special file access: (all)

    • Add Administrators and give them Full control

    • Remove Everyone

• configure 'user manager -> ...pick the username... -> policies -> account -> account policy' with various settings...

• create a user mailbox for email

  • from within Pegasus Mail

    • create U:\MAIL\%USERNAME%

    • login to Pegasus Mail, choose 'user management', add, %USERNAME%

  • or from within Mercury

    • Configure... -> Manage local users

  • change permissions for the mail directory U:\MAIL\%USERNAME% to Full control for this user

• create Pegasus Mail accounts for all other functions required, with permissions set for the Group name (rather than individual) who will be administering it

User/workstation side

• logon as the new user to a workstation

• take ownership of U:\'username' (right-click on the directory -> Properties -> Security -> choose username -> Advanced -> Owner -> choose 'replace owner on subdirectories and objects' - ok

• take ownership of U:\mail\'username'

• take ownership of H:

• login to Pegasus Mail and close it down again, so as to create its profile

• configure Pegasus mail by copying the template file U:\mail\template.ini to this user's mail directory U:\mail\'username' and replacing all instances of 'xxxxxxxx' with their username

• copy desktop shortcuts from \\FILE-SERVER\software\'organisation-name'-config-files(?)\desktop to this user's desktop

• run Microsoft Word and cancel any warnings so they don't show for the user

• create an OpenOffice user profile [using a doctored version of TWEAK that uses P: in place of D:, there should be a copy of this doctored version on E: of each workstation: B -> O -> G]

• configure this user's environment

  • TWEAK: A -> N, R, W

  • TWEAK: D -> A

• configure Mozilla

  • enable QuickLaunch?

  • set cache to U:\'username'\mozilla

  • remove Personal Toolbar bookmarks

• configure OpenOffice (as per the configuration described in http://thegoldenear.org/toolbox/windows/docs/openoffice.html

• check email works to and from local users and out onto Internet

Creating a User Account Without a Template

Server side

NOTE: usernames should not contain capital letters (else it can complicate some MS system administration tools)

• create directory: \\FILE-SERVER\HOME\%USERNAME%

• create directory: \\FILE-SERVER\USER-SYS\%USERNAME%

• Administrative Tools (Common) -> user manager for domains -> User -> New User

• user properties -> 'user must change password at next logon'

• Groups -> Group Memberships -> Member of: ORGANISATION-NAME-STAFF (set Primary Group to ORGANISATION-NAME-STAFF)

• Profile

  • User Profiles -> User Profile Path: \\FILE-SERVER\USER-SYS\'username'\profile\ (NT 4 doesn't understand %USERNAME% in the above box)

  • User Profiles -> Logon Script Name: logon.bat

  • Home Directory -> Connect H: To \\FILE-SERVER\HOME\%USERNAME%

• Account -> Account Type -> Global Account

• Add

• login as %USERNAME% from a workstation then logout again - the template will be copied to their roaming profile directory

• Back at the server, using Windows Explorer, set permissions for the following directories

  • U:\'username'

    • right-click on the directory -> Properties -> Security -> Permissions -> Add -> Show users -> choose user -> Add - ok

    • choose to apply to 'sub-directories' and 'existing files'

    • pick the username -> special directory access: (RWXDO)

    • special file access: (RWXDO)

    • OK

    • (Error: sometimes says 'access denied' - choose to continue)

    • ('User Admin... -> create user' can set these if the directory doesn't already exist)

  • HOME\'username'

    • right-click on the directory -> Properties -> Security -> Permissions -> Add -> Show users -> choose user -> Add -> OK

    • choose to apply to 'sub-directories' and 'existing files'

    • pick the username -> special directory access: (RWXDO)

    • special file access: (all)

    • Add Administrators and give them Full control

    • Remove Everyone

• create a user mailbox for email

  • from within Pegasus Mail

    • create U:\MAIL\%USERNAME%

    • login to Pegasus Mail, choose 'user management', add, %USERNAME%

  • or from within Mercury

    • Configuration... -> Manage local users -> Add

• change permissions for the mail directory U:\MAIL\%USERNAME% to Full control for this user

User/workstation side

• logon as the new user to a workstation

• take ownership of U:\'username' (right-click on the directory -> Properties -> Security -> choose username -> Advanced -> Owner -> choose 'replace owner on subdirectories and objects' - ok

• take ownership of U:\mail\'username'

• take ownership of H: (if you get an error message, ignore it)

• login to Pegasus Mail and close it down again, so as to create its profile (P:\PMAIL\winpm-32.exe)

• configure Pegasus mail by copying the template file U:\mail\template.ini to this user's mail directory U:\mail\'username'\pmail.ini; and replacing all instances of 'xxxxxxxx' with their username

• copy desktop shortcuts from \\FILE-SERVER\software\'organisation-name'-configuration-files\desktop to this user's desktop

• run Microsoft Word and cancel any warnings so they don't show for the user

• create an OpenOffice user profile; using TWEAK, found on E:, run tweak.bat: B -> O -> G
  (we use a doctored version of TWEAK that uses P: in place of the usual D:; there should be a copy of this doctored version on E: of each workstation (called openoffice-config-for-p.bat)): G

• configure this user's environment, using TWEAK on E: TWEAK.BAT

  • TWEAK: A -> N, R; then logout for settings to take effect

  • TWEAK: A -> W

  • TWEAK: D -> A

• If you use Mozilla, configure Mozilla

  • enable QuickLaunch?

  • create U:\'username'\mozilla

  • set cache to U:\'username'\mozilla

  • remove Personal Toolbar bookmarks

• Or if you use Firefox, configure Firefox

  • create U:\'username'\firefox

  • set cache to U:\'username'\firefox

  • remove Personal Toolbar bookmarks

• Configure OpenOffice (as per the configuration described in http://thegoldenear.org/toolbox/windows/docs/openoffice.html

• Elevate a user's RefsBase 3 account beyond read-only access if required. Do this using a RefsBase account with admin priviliges:
  Refsbase is currently configured to allow access to any authenticated domain user - an account is automatically created if it does not yet exist, and is added to the "All Users" group which gives read-only access. To elevate a user's permissions, locate them in the "All Users" group, and drag onto "Researchers", "Probationers" or "Supervisors" as appropriate. You can find all these in the Users "dataspace", which you should select in the dropdown above the tree.

• Check email works to and from local users and out onto Internet

User Settings

Users' application settings are stored in \\FILE-SERVER\USER-SYS\%USERNAME%. Each application can have its own sub-directory below there to store its user settings in.

All users must have 'List' access to \USER-SYS - why?

individual users must have 'Change'? access to \USER-SYS\%USERNAME% and below - see map earlier

Windows Profiles

Setup the desktop as you wish it to be for everyone. these settings will be saved to the Profile which can then be copied to other users. Remember any settings saved by applications that specifically understand Windows NT and track application settings on a per-user basis must also be copied

Copy new shortcuts to %SYSTEMROOT%\profiles\Default Users so that they can be given to newly created users.
Copy new shortcuts to existing users by individually copying them to their profiles directory.

Users each have their own profile, in \\FILE-SERVER\USER-SYS\%USERNAME%

Windows Profiles - Networked

Roaming user profiles live in USER-SYS\%USERNAME%. It can be the same directory as for 'local' Profiles but instead we're putting it in the users' own system files area. Their 'User Profile Path' is unique for each user, the pointer to which is stored in their account settings. here's how its done:

• configure users' accounts with a profile path (User Manager for Domains/UserProperties/Profile/User Profiles/User Profile Path: \\FILE-SERVER\USER-SYS\%USERNAME%)

• copy the profile there using Control Panel -> System (Properties) -> User Profiles -> Copy to ?

System Policy

\\FILE-SERVER\netlogon\NTCONFIG.POL or \winnt\system32\repl\import\scripts\NTCONFIG.POL. Either way they're both the same location. this file can be copied between machines. Be sure to edit 'default computer', ?'default user'? and perhaps create groups of settings for Groups of users on the system.

worthwhile settings:

• ...

• ...

create a new group and define their settings then can cut and paste these settings to any other groups as required

Backup Strategy

• complete file server to tape

  • C: (WINNT)

  • D: (programs)

  • E: (shared)

  • F: (user-sys)

  • G: (home)

• user data to tape

• system data to tape

  • users' own areas (H:)

  • shared areas (S:\mag, S:\pages, S:\words)

  • email (U:\MAIL)

  • Netscape's bookmarks (U:\netscape\bookmark.htm)

  • users' personal bookmarks U:\%USERNAME%\netscape\...bookmark.htm

• other means of backup

  • registry files

  • Mercury settings

  • system policy (NETLOGON$\ntconfig.pol)

  • logon script (NETLOGON$\logon.bat)

  • Pegasus Mail user interface settings (P:\pmail\pmail.ini)
    (isnt this saved in individuals' directories?)

• other means of backup

  • update NT Server recovery disks

User Groups

• ORGANISATION-NAME-STAFF

• (members have access to ORGANISATION-NAME-STAFF shared workspaces on \\FILE-SERVER\SHARED

• everyone is a 'print server operator' ?)

User Accounts (for administration)

• admin

• windows - for making changes to the desktop (aslong as an administrator is allowed to alter a mandatory profile)

Logon Script

(this needs updating)

\\FILE-SERVER\WINNT\SYSTEM32\REPL\IMPORT\SCRIPT\logon.bat
remember that %USERNAME% is case sensitive

@echo off
rem system Logon Script for all FILE-SERVER users
rem if you make any changes to this file please document them below!

rem  date   /   who   /   changes made
rem  ---------------------------------


REM NET TIME \\FILE-SERVER /SET /YES

IF %USERDOMAIN% == ORGANISATION-NAME NET USE U: \\HAL\USER-SYS >null
IF %USERDOMAIN% == ORGANISATION-NAME NET USE P: \\HAL\PROGRAMS >null
IF %USERDOMAIN% == ORGANISATION-NAME NET USE S: \\HAL\LIB >null
IF %USERNAME% == admin NET USE K: \\FILE-SERVER\ADMIN$ >null
rem this would be preferable as ORGANISATION-NAME-STAFF rather than ORGANISATION-NAME Domain

rem copy Netscape's Profile information from server's win-system directory to workstation's:
rem copy \\FILE-SERVER\admin$\nsreg.dat c:\winnt
rem (if not exist %SYSTEMROOT%\nsreg.dat copy \\hal\admin$\nsreg.dat %SYSTEMROOT%\)

NET USE H: H:\%USERNAME%

cd H:\%USERNAME%

NET PRINT \\ORGANISATION-NAME-5\EPL-Laser	
		

2.0 File Server Setup - Software Applications

Applications are installed to to the file server, to P:.

Shortcuts should point to network Shares rather than actual drives and directories on the server.

If an application installs its shortcuts to \winnt\profiles\all users they will need copying to 'Default user' and 'winman' (from whom the desktop is copied to individual users).

Pegasus Mail

Original version: 3.12c; later upgraded to: 4.1x; (with WSendTo, if it works in a multi-user environment)

Create this desktop icon: 'my email' (winpm-32 -i %USERNAME%)

Create this desktop icon: 'ORGANISATION-NAME email' (winpm-32)

Everyone must have write access to U:\MAIL and below so as to be able to send email to others locally

Pegasus Mail - Installation

• logon with Windows NT's 'Administrator' priviliges

• create directory U:\mail

• Install Pegasus Mail to P:\pmail

• run Pegasus Mail

• select 'click here if Pegasus Mail will be used by multiple people on a network such as Windows for Workgroups, or LANtastic.'

• users' mailbox directory: U:\MAIL (Pegasus wants its own root mail root directory (U:\MAIL), into which it puts PMAIL.USR, and under which it creates sub-directories respective to usernames chosen in Pegasus

• without manually changing the users' home mailbox directory from within Pegasus Mail, which I don't think is a recommended a method of running Pegasus):

  • cannot have U:\ as users' home mailbox directory because when initially running the 'User Management', any existing user directories will induce Pegasus to see them as existing Pegasus users, with Administrator priviliges. so these priviliges have to be removed.and when use it as one of the newly created users, get many emails with strange names, and others popping up as the program sits there doing nothing

  • cannot have U:\%USERNAME% as if you tell Pegasus a name for the directory such as U:\%USERNAME%\mail it will create a directory with that very name, rather than with what that name represents.

  • Having a seperate MAIL directory is likely more secure anyway- create an 'admin' account with Pegasus' 'administrator' rights

• create other Pegasus Mail user accounts as necessary (if you've already created the directories here by hand, they will automatically appear as Pegasus usernames, with administrator priviliges. It seems that all Pegasus knows about a user is whats in this file; and the administrator status can be taken off with the 'user manager...' feature within the program)

• Pegasus Mail client will startup (if it doesn't, start it manually). enter a username. enter networking details or click 'cancel' & ?'close'? to leave till later

Once Pegasus is up and running, you can set the 'Options' for a user and then propogate the appropriate settings files around all users if you want a consistent setup. PMAIL.INI contains most of the settings. Note that you must amend the 3 lines that specify a username near the bottom. VIEWER.PM has directions to applications that might be used to view/process various attachments

Pegasus Mail - Creating user accounts

• set %USERNAME% the Permissions (RWXDO)(RWXDO) for \USER-SYS\mail\%USERNAME%

• the Group has (RWX)(W) on: \USER-SYS\MAIL and all sub-directories (the ability to go into any mail directory and write files, but not read them) (create rights for users to create files in all other users' mail directories (so can send mail locally). one user can see in another's mail directory but cannot read files unless they are the Owner, i.e. if the file represents mail sent by themselves)

• logon as %USERNAME% and Take Ownership \PROGRAMS\pmail\win-pm32.exe for some unknown reason explicitly wants EVERYONE to have (RX)(RX) but this should be possible to set more globally for \PROGRAMS

  • users can login as another user not see that it already has settings and email *so dont get to read emails* and cant save settings on exit

  • when uninstall Pegasus Mail sometimes says it cannot find INSTALL.LOG

Pegasus Mail - Mail filtering rules

Setup mail filtering rules to perform certain actions such-as moving mail into specific folders for different subject matter (using Tools / Mail filtering rules...)

Mercury Mail Transport System

Setup mail aliasing for users and for organisation-specific accounts (such as 'enquiries')

Mercury puts mail into mailboxes, that is the finest granularity it deals with; Pegasus puts mail into folders within mailboxes, that is its finest granularity.

Microsoft Word and Excel

Version: Office 97

Shortcuts location: 'All users'

problems:

• MSO.DLL in Excel, only if Word is loaded first

• sharing NORMAL.DOT

Netscape Navigator / Communicator

Version: 4.7x

Netscape Navigator / Communicator - email client integration

To enable Netscape to launch an email client program other than 'Netscape Messenger' then you must use 'Simple MAPI' (the 1st version of Windows' Mail Application Programming Interface which gives applications a common language with which to launch and pass commands to an email client program that also speaks Simple MAPI):

• copy the DLL into the Netscape Program directory (...\netscape\communicator\program)

• edit PREFS.JS

• enable Simple MAPI in Windows using Pegasus Mail's WPMMAPI.EXE program (note: this copies system files to c:\winnt\system32 and thus it must be run on each workstation)

Netscape Navigator / Communicator - Profiles

To run Netscape Profile Manager: netscape.exe -profile_manager

\WINNT\NSREG.DAT - settings, including profile manager settings (usernames & their Netscape Profile directories) Allow all users to have Change access. Its probably saved by the installer to %windir%, which, when logged into the server console doing the installation, is the server's C:\WINNT. so, having already installed Communicator, you could copy the server's copy of NSREG.DAT to the local C:\WINNT directory and not do any amendments to the profile registry. preferably, install in the first place with the %windir% environment variable temporarily changed in System Properties to some place more communal; unless this has wider ramifications

1) with Netscape's Profile Manager, create Profiles for each username requiring use of Netscape where the Profile Directory Name is in the user's own system area: U:\%USERNAME%\netscape

2) propogate the profile settings file (\WINNT\NSREG.DAT) around the worksatations. the downside to this is that if a new user wants to roam & still have access to their Netscape Profile one NSREG.DAT will have to be edited & re-propogated around the workstations (if they only want to use the one machine they can create a new Netscape Profile on just that machine by running Netscape with the command-line option '-?????')

3) the Netscape icon's command-line should read: p:\netscape\netscape.exe -P"%USERNAME%" where the profile name is the same as the username

theres also the situation of making permissions to just the file \\FILE-SERVER\WINNT\NSREG.DAT ...but looks unlikely, as it compromises security to make that whole directory open and may be technically impossible to just point to one

registry settings: HKEY_CURRENT_USER\software\netscape\netscape navigator

Notes:

? Netscape user settings directory would be preferable as: \\FILE-SERVER\USER-SYS\%USERNAME%\netscape

? but the netscape profile administrator doesn't allow UNC, so: \\FILE-SERVER\USER-SYS\'username'\netscape

everyone has has their own Netscape Profile, with a copy of our system-wide settings to begin with, and are able to edit their own settings.

Netscape Profiles can be stored in users' own areas, but when Netscape is installed it saves its information (part of Profile Manager), of where Netscape Profiles are stored, to somewhere on the drive & directory Netscape was installed to. so, if you installed at the server console, this info might be on the C:, meaning when a remote user runs netscape they're prompted to configure Netscape Profiles anew

when you setup Netscape/Profiles you will have to make sure its looking to U:\%USERNAME%\netscape for its Netscape Profile information

Netscape Navigator / Communicator - installation

Shortcuts location: 'All Users' on the computer used to install:

• ...\Start Menu\AOL Instant Messenger

• ...\Start Menu\Programs\Netscape\*.*

which want either deleting or moving to 'Default User'

* configure Netscape Profiles on U:\'username'\netscape

New Profile Setup

Use the name provided here for your profile or enter a different one. If you create several profiles, you will be able to tell them apart by their names. Profile name: [ ]

Your user settings, preferences, bookmarks, and stored messages will be stored in the directory below. We recommend that you use the default directory already listed. [U:\'username'\netscape]'

Users are only presented with the Netscape Profile Manager and prompted to create a new Netscape Profile when none previosuly exist

Netscape Navigator / Communicator - Preferences

'Edit / Preferences' reports: 'Unable to load the preference DLLs. Please reinstall Netscape Communicator'

- try the registry fix from Netscape

DLLs involved with preferences:

• 'netscape program directory'\brpref32.dll

• 'netscape program directory'\edpref32.dll

• 'netscape program directory'\mnpref32.dll

If we save our own version of BOOKMARK.HTM to ...\netscape\program\defaults, does it get copied to each new user and to a user's Netscape Profile directory when they lose their own BOOKMARK.HTM?

plug-ins installed - Flash? Shockwave?

Adobe Photoshop 5.5

Install the following components:

• Photoshop program files

• Imageready program files

• actions

• CMap files

• fonts

• goodies

• helpers

• help

• shared plug-ins

• photoshop only plug-ins

• imageready only plug-ins

• settings

• training

• type support

• ICC profiles

Local DLLs required: SPROF32.DLL, KPSYS32.DLL, KPCP32.DLL, PFPICK.DLL, ICCCODES.DLL.

Notes:

• perhaps wants to use a local hard disk for its scratch space as can eat up a lot of space with its undo feature

• Shortcuts location: All users\Start menu\programs

• ICC profiles go to C:\winnt\system32 - this could render them useless unless also copied to workstations

• see 'Photoshop 5.5 readme.wri'

• photoshop\Adobe Photoshop 5.5 settings\photos55.ini - initialisation file

• photoshop\Adobe Photoshop 5.5 settings\prefs.psp - preferences file

• Photoshop was not designed or tested by Adobe to run in a Windows NT multi-user environment

Adobe Photoshop 7

Adobe Page Maker

Version: 6.52

Network Installation

perform a network installation to P:\PM65NET (setup -fadmin.ins) and choose 'install on network server'

Notes

• desktop icon points to: P:\pm65net\pm65\pm65.exe

• Shortcuts location: c:\winnt\profiles\'username'\Start Menu\Programs\Adobe\PageMaker 6.5

• the workstation registry is edited with details, including the following which are user-specific:
  (but, presumably as it edits the workstation's registry with specific directories, in a roaming environment we have to share those user-specific files)

  HKEY_LOCAL_MACHINE/SOFTWARE/Adobe/PageMaker65
  ppd4 = U:\ruth\p-maker\RSRC\UKENGLSH\PPD4
  NetAdobeDirectory = P:\PM65NET\PM65\RSRC
  AdobeDirectory = U:\ORGANISATION-NAME-staff\p-maker\RSRC\UKENGLSH\PPD4
  
  HKEY_LOCAL_MACHINE/SOFTWARE/Adobe/PageMaker65/UKENGLISH/PageMaker65
  PM65Defaults = U:\ORGANISATION-NAME-staff\p-maker\RSRC\UKENGLSH\PM65.CNF
  

• PageMaker doesnt need to locate its user files in an individual user's directory, rather in a directory the user has access to, which is defined in the workstation's registry. if this is shared, are there any issues to do with multiple users sharing a single copy of a single users own files?

• where does it copy network profile registry from on the local machine? bcos then...pm65 settings getting copied each time from local registry maybe?

• registry settings kept in ...????...\PM65\PM65REG.TXT and re-copied to registry each time loaded changes to system kept in: ...pagemaker main program files directory...\EXTRAS\PM65MAP.PDF

• Problem: installing hyphenation module, when loading up, displays this then exits: "¦HInit- Fail¦¦ for U:\ORGANISATION-NAME-staff\p-maker\RSRC\Linguist\PRX\PRXLNG1.D 8205:5410" (PRXLNG1.D is actually PRXLNG1.DLL (164KB) - deals with hyphenation and dictionary).
  Solution: "Pagemaker writes to the Registry in an area where Administrator privileges are required... But only when operating in a Domain!
  B. If you are using PageMaker 6.5x in Windows NT 4.0, ensure users have full access rights to the PageMaker65 key in the Registry

RefsBase 2

Database location: S:\refsbase

Adobe Acrobat Reader

Original version: 4.05; Later upgraded to: 5.1

Shortcuts location:

• All users\programs\Adobe Acrobat...

• All users\Desktop\Acrobat Reader...

Asks you to accept the end user licence agreement when first run.

Copy the Netscape Acrobat plug-in files (nppdf16.dll and nppdf32.dll) to Netscape's 'splugins's directory, to enable Netscape to load PDF files into the browser window

Macromedia Dreamweaver

Original version: 3; later upgraded to: 4

Shortcuts location: All users

Registry settings: HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\Dreamweaver\3\Registration

Location - possibly sets itself to C:\... and wants changing to P:\...

Problems: needs a more up-to-date version of MFC42.DLL than version 4.2, atleast works with version 6?

3. Hardware

4. Workstation Setup

Windows NT4 User interface

each workstation must conform in the following areas:

• registry permissions (change using regedt32)

• boot from hd0 first

• TCP/IP settings

• countdown on startup: 3 seconds (change with Control Panel / system properties / startup/shutdown / system startup / show list for [] seconds)

• countdown for hardware profile: 3 seconds

• 'Administrator' account renamed, atleast to 'admin', preferably to something more subtle

• admin password

• disable the 'guest' account

• Windows Explorer ->

  • View -> Details

  • View -> Options

    • (*) show all files

    • [*] Display the full path in the title bar

    • [ ] Hide file extensions for known file types

    • [*] Display compressed files and folders with alternate color

    • [ ] Include description bar for irght and left panes

• My Computer

  • Folder - 'Browse folders by using a single window that changes as you open each folder'

  • View - show all files

    • display the full path in the title bar

    • hide file extensions for known file types

    • display compressed files and folders with alternate color

• Regional Settings

  • English (United Kingdom) -> [*] set as system default locale

• Keyboard Properties / input locales - English (United Kingdom)

• Shortcuts removed from desktop: 'Internet Mail' and 'Internet Explorer'

• show small icons in Start menu (Start / Settings / Taskbar...)

• remove everything from 'All users' profile directory

Installed Software

• Windows NT 4 Workstation

• Windows NT 4 Service Pack 6a

• Netscape's NSREG.DAT from the file server

• setup simple MAPI interface using Pegasus Mail's WPMMAPI.EXE

• re-install the single copy of users' Pagemaker files to the shared space on the server, which will add to the workstation's registry: run P:\PM65NET\SETUP and install to U:\PAGEMKR

• TweakUI

• Microsoft Office files (though this may change)

Windows 2000

• follow the 'Workstation Installation' document at http://thegoldenear.org/rcs/workstation-installation.html but without installing the major applications (including not Internet Explorer 5.5)

Application Configuration

These have all been tested with Windows 2000 and our current knowledge of specific issues with Windows 2000 is included here

Adobe Page Maker 6.52

For Initial System Installation

• login locally as Administrator

• if you don't have them already, make drive mappings to the server for P: and U:, as 'admin'

• install the program just the once for the whole system

  • run the user setup program (P:\PM65NET\setup.exe)

  • install to Users' system files area (U:\PAGEMKR)

  • choose your options

    • pagemaker 6.5

    • table 3.0

    • dictionaries

    • postscript printer descriptions - choose the the default Adobe options and your specific printer, i.e. 'Canon PS-GP unit v52.3'

    • ? filters

    • plugins

    • Kodak CMS

    • color libraries

    • scripts

    • ? tutorial

    • extras

    • Acrobat Distiller 3.0?

  • enter the registered user and serial number

  • run the Page Maker 6.52 update (P:\PM65NET\pm652upd.exe)

For Other Workstations

• run-in the registry settings from pm65.reg (these are the registry settings made by the above)

• set file type associations [TWEAK: I -> B -> B])

• slacken off the Adobe key in the registry, giving Everyone Full Control to HKLM\SOFTWARE\Adobe [TWEAK: B -> AD]

(?) Then could install as individual users to own area on U: (?)

Adobe Photoshop 5.5

• Requires these DLLs (we've been putting them in %WINDIR%\SYSTEM32

  • PCDLIB32.DLL (a Kodak file, version 3.0.0.0)

  • SPROF32.DLL

  • .DLL

  • .DLL

  • .DLL

  • .DLL

  • .DLL

  • .DLL

• login locally as Administrator, check you have a drive mapping for P: and run it, (P:\photoshop\photoshp.exe). This probably makes registry settings by importing P:\photoshop\pshop-5.reg so you may be able to just run this .reg file

• (Don't run Photoshop 7 afterward as Photoshop 5.5 won't then work)

Adobe Acrobat Reader

• login locally as Administrator

• make a drive mapping for P: to \\HAL\PROGRAMS

• run Acrobat Reader (P:\acrobat\Reader\acrord32.exe (this makes registry settings)

Microsoft Office 97 - Word and Excel

run P:\msoffice\setup.exe (?)

Windows 2000 compatibility and configuration:

• Claims problems but works ok. Doesn't pick up that it should save by default to H:. The configuration program doesn't work with Windows 2000

• Word's spellchecker isn't available

• set file type associations as the installer hasn't worked [TWEAK: I -> B -> A]

Macromedia Dreamweaver 4.01

Windows 2000 compatibility and configuration:

• When quit it says "access to an unnamed file was denied"

• Claims invalid serial number in registry and doesn't have permissions to change - Run it as local Administrator and it asks for the serial number - or import our saved registry settings

Refsbase 2

• copy manually from \\file-server\software\Refs to C:\refs on each workstation

• run C:\refs\pdoxwin\pwlocal.exe

  • working directory: c:\refs\rbv2

  • private directory: c:\refs\rbv2\private

  • ODAPI configuration file: S:\resfbase\refs\odapi.cfg

• run c:\refs\pdoxwin\nconfig.exe

  • Local Settings

    • username: this actual workstation name (so that when its being used each person is logged in with an independant name)

    • Paradox for Windows Directory: 'C:\pdoxwin' changes to C:\refs\pdoxwin

    • ODAPI Directory: C:\refs\odapi

• run ODAPI Configuration Utility then close it down

• (On exit says "file C:\winnt\pdoxwin.ini could not be created" - copy pre-configured pdoxwin.ini to c:\winnt)

RefsBase 3

(requires Windows 2000)

• login locally as Administrator

• run Windows Component Update: \\db-server\idonix\setup\refsbase\wcu.cmd

  • login to the database server as Administrator

  • the installer runs hidden in the background; it will perform a reboot. The only way to know when its finished is to use Ctrl+Alt+Del -> Task Manager -> Processes and look for install.exe and msiexec.exe which will disappear when the installation has finished

  • Internet Explorer 6 SP1 and MDAC 2.7SP1 will be installed if they aren't already (note: MDAC 2.7 SP1 is not the most recent release of MDAC; Idonix say they will update this when they next update the install). You'll need to login again if it reboots after installing these.

  • when asked for the VS .NET disk, make a connection to \\db-server (using Start -> Run -> \\db-server and logging in as Administrator) so the installer can then access the server again. Then press 'OK' and it will continue.

• if Internet Explorer 6SP1 was already installed on this workstation, our configuration will remain where-by VBScript and WSH are removed; restore them for the next section to work (TWEAK: A -> P -> B,C)

• run \\db-server\idonix\setup\refsbase\setup.vbs

• run RefsBase 3 using the desktop shortcut, it will install some program files locally

• rename the desktop shortcut from 'New RefsBase' to 'RefsBase 3' (Idonix will change their installer to use 'RefsBase 3' next time they visit)

• the desktop shortcut has no icon because its icon location is set to %ProgramFiles%\Idonix\bin\refsbaseRefsBase.exe. Change this location to %PROGRAMFILES%\Idonix\bin\refsbase and use the icon in the file Idonix.EX.RefsBase.WinUI.exe (Idonix will fix this next time they visit)

• (note: the program loader needs to access the database server, which requires authentication. It does this as it copies the latest version of executables and settings onto the local machine before running locally)

• restore our preferred configuration

  • remove VBScript and WSH [TWEAK: A -> A]

  • Control Panel -> Add/remove programs -> Add/Remove Windows Components -> uninstall Outlook Express if it was re-introduced by the Internet Explorer installer

WinZip

Installed on each workstation

Original version: ; later upgraded to: 8.0.

F-Prot anti-virus

Currently we're leaving (All Users) shortcuts on the desktop

Install to %PROGRAMFILES%\F-Prot

Configure F-Prot [TWEAK: B -> F ->

• A (Configure, with updates coming direct from the Internet; when have the file server collecting updates change this to collect them from P:)

• C (Slacken off F-Prot Updater registry key)

• D (Set F-Prot Updater to run at system startup)]

QuickBooks 2001

Requires users have 'Standard' priviliges and that Internet Explorer have some settings relaxed to our default.

Quickbooks is installed to a workstation, an account is created specifically for it with 'Standard'(?) user priviliges and Internet Explorer security slackened off. A corresponding account with synchronised password is created in the domain and on any print servers as required. Passwords are set to never expire.

5. Printing

Canon GPS 300-405

• internal printer server

  • network topology: UTP / RJ45

  • MAC Address: 00-C0-85-29-0B-E0

  • IP Address: 10.0.1.50

  • port:

  • domain: URBED

• external print server:

  • make & model: Axis Commuications Network Print Server 542

  • info: http://www.axis.com/products/axis_540/

  • printer port: parallel / centronics

  • network topology: BNC / coaxial

  • IP Address: 192.225.225.10

  • port: 515

Enable LPR

• [IP Address]

• [print]

Epson EPL 5700L

• ORGANISATION-NAME-5

• printer name: EPL-LASER

Notes

• (drivers are saved to: PRINT$ - winnt\system32\spool\drivers which exists both on the server and the workstation (DO WE HAVE TO GIVE EVERYONE BETTER ACCESS TO THAT DIRECTORY?) and the driver/installer makes settings in users' own settings in the registry portion of their Profile?: NTUSER.DAT/MAN ? (cached copy of HKEY_CURRENT_USER subtree on the local computer)

• and elsewhere in the users' Profile? (i.e. an Epson atleast wants to put its icon in C:\WINNT\Profiles\All Users\Start Menu\Programs\EPSON)

• and in the local workstation's registry/profile/etcetera?

• and in the server's registry? (\\HKEY_CURRENT_USER\Printers\Connections...)

• Epson printer saves log of its installation to: \winnt\Epstplog.txt

• Epson Laser (\\FILE-SERVER\epson-laser)

• logon to each workstation with administrator priviliges, install networked printer drivers from the server to the local machine so that they may be available when logged in from that workstation to the server

• set 'scheduling / print directly to the printer' to off (not sure about all this in terms of the Epson printer setup)

Current Setup

• Install EPL-5700L drivers and software (not BarCode) from the autorun screen on the EPSON print drivers CD Rev 2.0aE.

• restart

• Start / printers / EPL-5700L - Ignore error messages - Properties / ports / add port (select 'local port')

• 'new port', add name '\\ORGANISATION-NAME-5\EPL-Laser'

Printing to a Printer over TCP/IP

"You can install the LPD service under Windows NT by installing the Microsoft TCP/IP Printing Service from the Network option in the Control Panel folder. By default, the LPD service is set to start manually. To have it start automatically, use the Services icon in Control Panel, and change the startup options for the TCP/IP Print Server service" chapter 5 - setting up print servers http://www.microsoft.com/technet/winnt/Winntas/manuals/concept/xcp05.asp

6. Networking

IP Address Assignments

ISP

BT OpenWorld

BT ADSL router

• Efficient Networks/flowpoint model 5861

• http://www.efficientnetworks.com/products/routbus.html

• DSL tools: http://support.efficient.com/drivers/kernels/Speedstream/GUI/v396.zip

• http://support.efficient.com/

• Ever wondered if home ADSL could host a server for you?: http://www.darrenbull.com/welcome.asp?page=enrouter&pindex=13

• [consume-thenet] BT ADSL router console cables: http://www.consume.net/mhonarc/thenet/msg03476.html

• loads of docs from the manufacturer: http://kb.efficient.com/display/1n/kb/article.asp?aid=45992

• default login is 'login' with a password of 'admin'

• IP configuration

  • Preferred DNS server: 213.120.62.101

  • Alternate DNS server: 213.120.62.102

  • with fixed IP addresses

    • workstation subnet mask: 255.255.255.248

7.0 Sundry

• There are issues when a user logs on locally then logs on to server, local copy of desktop is then used for networked account, and local versions with our workstations is bereft of shortcuts

• copied explorer.exe to P:\winnt so as to be usable by everyone

• some desktop settings aren't being saved BUT...if you logon as Admin and change file associations they're then available to all users

• Permissions - \USER-SYS and below ORGANISATION-NAME-STAFF 'List' not perfect cos ppl can atleast see whats in others' directories

• Permissions - \USER-SYS\ORGANISATION-NAME-staff and below ORGANISATION-NAME-STAFF 'Change'

• Permissions - \USER-SYS\mail\%USERNAME% wants to have full rights (RWXD)(RWXD) and O?

• Permissions - out-of-the-box, EVERYONE comes with default Full Acess to all drives and directories. EVERYONE has full access to root directories - this should change

Document ¤ Version: 1.9.3 | Licence: GNU General Public License | Copyright: © 2000-2006 Pete Boyd
Site ¤ - URL: http://thegoldenear.org/ | Email: inkwire at thegoldenear dot org
Built using HTML 4.01 Strict and CSS. For best results, use a browser that supports open Standards.