Creating an Environment for Local, Remote, and Mobile Users
Novell Cool Solutions: Trench
By Jody Greene
Digg This -
Posted: 13 Apr 2004
Update: Jody has made some updates to his article due to inquiries from interested readers.
Users have a difficult time accessing network resources in the same fashion no matter whether they are local, remote, or mobile. Also, administrators have a difficult time managing the network environment to support local, remote, and/or mobile users.
This document describes how to setup your NetWare client environment to support seamless integration of local, remote, and mobile users with very little administrative overhead.
Items addressed are:
- Client32 settings
- User object settings
- TimeZone manipulation
- Trustee object rights
- File system rights
- Login script settings
- Printing issues
- ZENworks (shared applications)
- Use NCIMAN to customize your client
- Use location profiles (see documentation: http://www.novell.com/documentation/lg/noclienu/index.html).
- Use a variable (stay consistent with which variable number) to uniquely identify each location.
- Be sure the user has a home directory.
- Set the user's default server to their local server where the company's main data store is.
Because users are not always confined to a particular time zone while traveling, the PCs time is not always updated to reflect where the user currently resides. For this reason, we manipulate the PC's time via a registry file (Windows 2000) called from the login script.
BE CAREFUL WHEN MODIFYING THE REGISTRY!!!
We change the time zone on a PC and export the following key, for each time zone we have to support:
We then create a *.reg file for each and place it in a folder on all servers in the company that users log into.
For those locations that do not have a server, NetStorage is a good solution for secure file access. This article assumes that every site has a server.
Although logging into the network using the client where all of the resources are on the opposite side of a WAN link is possible, it only adds to the user's frustration (slow).
Directory Map Objects
- Each location has a Directory Map object for each volume that will be accessible by users.
- The Directory Map objects are in the same container as the servers and volumes.
- Give the Organization object READ and COMPARE trustee rights to the Directory Map objects.
- We use one login script for each WAN location and use the INCLUDE statement for all sub (user) OUs.
- Give the Organization object READ and COMPARE trustee rights to OU (WAN level) login scripts.
We setup every one of our data servers with identical (top-most level) directory structures where possible. This allows us to copy files back and forth to servers using script files. Also, standardization is a wonderful thing.
- Give the Organization object RF rights to the folder on each server volume, in which you are storing your *.reg files.
- Give the Organization object RF rights to the SYS:PUBLIC folder on each server volume.
Here are examples of login scripts from two locations (SL1 & MIS).
- <WEBACCESS> variable is used for NetStorage only
- We are using the %2 variable at all sites to determine the user's location (the variable changes depending on which location the user selects when they login).
- The REGEDIT /S copies the registry file (silently). BE CAREFUL WHEN MODIFYING THE REGISTRY!!!
- The %FILE_SERVER OR %MESSAGE_SERVER variable pulls the user's default server setting
- The CX command initiate the change context. Use a corresponding number of dots for the number of containers up the tree where the server resides.
Note: For all OUs below the container of the server add the following syntax:
Include the server container's login script.
Example login scripts:
SL1 Login Script
IF "<WEBACCESS>"="1" MAP G:=SL1NW602/DATA:GROUPS MAP H:=SL1NW602/DATA:USERS EXIT "" END NO_DEFAULT DOS SET MAPROOTOFF="1" IF "%2"="SLC_UT" @REGEDIT /S "\\SL1NW602\DATA\APPS\REGFILES\MST.REG" MAP S1:=.DM_SYS_PUBLIC.SL1.UT.US.NPSP END IF "%2"="PAR_NJ" INCLUDE .PAR.NJ.US.NPSP EXIT "" END IF "%2"="MIS_ONT" INCLUDE .MIS.ONT.CAN.NPSP EXIT "" END IF "%2"="TOR_ONT" INCLUDE .TOR.ONT.CAN.NPSP EXIT "" END CX . MAP ROOT H:=% MESSAGE_SERVER/DATA:\USERS MAP ROOT G:=% MESSAGE_SERVER/DATA:\GROUPS CX .%LOGIN_CONTEXT MAP ROOT S:=.DM_DATA.SL1.UT.US.NPSP\APPS MAP ROOT U:="%HOME_DIRECTORY" IF "%OS"="WINNT" @Z:\PUBLIC\CLIENTS\WINNT\I386\ACU.EXE /U:UNATTEND.TXT @C:\PROGRAM FILES\NOVELL\ZENWORKS\NALDESK.EXE @W32TM -ONCE END
MIS Login Script
IF "<WEBACCESS>"="1" MAP G:=MISNW602/DATA:GROUPS MAP H:=MISNW602/DATA:USERS EXIT "" END NO_DEFAULT DOS SET MAPROOTOFF="1" IF "%2"="SLC_UT" INCLUDE .SL1.UT.US.NPSP EXIT "" END IF "%2"="PAR_NJ" INCLUDE .PAR.NJ.US.NPSP EXIT "" END IF "%2"="MIS_ONT" @REGEDIT /S "\\MISNW602\DATA\APPS\REGFILES\EST.REG" MAP S1:=.DM_SYS_PUBLIC.MIS.ONT.CAN.NPSP END IF "%2"="TOR_ONT" INCLUDE .TOR.ONT.CAN.NPSP EXIT "" END CX . MAP ROOT H:=% MESSAGE_SERVER/DATA:\USERS MAP ROOT G:=% MESSAGE_SERVER/DATA:\GROUPS CX .%LOGIN_CONTEXT MAP ROOT S:=.DM_DATA.MIS.ONT.CAN.NPSP\APPS MAP ROOT U:="%HOME_DIRECTORY" IF "%OS"="WINNT" @Z:\PUBLIC\CLIENTS\WINNT\I386\ACU.EXE /U:UNATTEND.TXT @C:\PROGRAM FILES\NOVELL\ZENWORKS\NALDESK.EXE @W32TM -ONCE END
It is difficult to setup a dynamic printing environment. In order to setup printing with as little administration as possible, as well as limited end-user interaction, we have done the following:
- All printers are at the same container location (LAN printers). Meaning each WAN location has its own printers in a container.
- Assigned the Organization object as a user of all NDPS printers (except those that require restricted access)
- Each sub (user) OU is setup to install all printers that are local to the that site (even restricted access printers). This makes printer distribution easier because we don't have to selectively setup printers at each OU or user. (Even though restricted printers are added to the OU to install, they won't, except on those that have been assigned as users for that printer).
- If a user travels to another location, then they will have to manually install the NDPS printer using the Add Printer Wizard.
Many organizations provide shared applications to their entire end-user population. Because of slow WAN links, it is nearly impossible to expect an end-user to run this type of application across the WAN. In this case it is recommended that the applications be duplicated on a server at each WAN site. (referring to the login script-you can see that we use the S:\ drive. The folder structure is identical at each site).
Be sure that the organization has the proper rights to each location. In our case we give the O [RF] rights to the APPS folder on the DATA: volume.
Instead of using UNC, we use the S:\ drive to each application, which allows the user to run the app from the local server. Because the user uses the app object from their associated container or user, any localized settings in that object continue to work.
NOTE: RSYNC is not currently supported by Novell on NetWare servers (except Branch Office); therefore, continue at your own risk.
To ensure that all servers contain the proper (updated) applications, install RSYNC on the source server and each client server.
CRON.NLM can be used to schedule the updates.
For more information on RSYNC go to: http://forge.novell.com/modules/xfmod/project/?rsync
If you have any questions you may contact Jody at firstname.lastname@example.org
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com