Windows for Workgroups logon to EPS

E&PS Network Logon for Windows for Workgroups Users

#5 of a series of notes on how to do things on the UNM / E&PS network by Jim Connolly

(Revision date: 31-Oct-97.)

Introduction

This document is for users of Microsoft Windows for Workgroups 3.11 who want to make use of the Earth & Planetary Sciences Local Area Network (hereafter referred to the network). There are several sections. Section 1 is designed to walk users through a first time network logon, including how to setup your computer to automatically initiate a logon you on every time you start it up. Section 2 describes how you routinely logon after you have done it for the first time. Section 3 explains how to install the Windows NT services for Windows for Workgroups. In this document, things you need to type into dialog boxes are shown in bold and underlined. "Poweruser" footnotes are for people who want more than cookbook information about the network. Note that these footnotes are not available on the HTML version of this document available on the Worldwide Web.

For all of this to work, in addition to a good attitude with a decent sense of humor you need the following:

An active account on the Network for which you know your user name and first time temporary password. These were distributed to you on a small piece of paper if you returned one of the network surveys distributed in May or throughout the summer. If you don't have this, see me, Jim Connolly (Rm 306E, ph. 7-3817) and get one.
A computer running Microsoft Windows for Workgroups Version 3.11 which has been setup and is talking to the campus Ethernet and running the "Microsoft Windows Network". You should have an assigned "name" for your computer, and an IP address (one of those multi- digit numbers that looks something like 129.24.168.####), an ethernet card and a cable plugged into a white box in your office which has a active connection. Just because you have a box with two ethernet plugs in your office doesn't necessarily mean that you have active ports. I have access to this information if you have forgotten it, but if you need this setup, Mark Miller (7-9447) is in charge of requesting IP addresses and port activation from CIRT (the computer center).

Section 1: The First-time Login

Have your piece of paper with your account name and temporary password handy.

Find your Windows Control Panel and run it. It is usually found in the program group called "Main" if you let Windows set itself up the way it normally does. Look for the icon named "Network" and double click on it.

In the first network box (labeled "Microsoft Windows Network"), if you are logged on to the Windows for Workgroups network, click on the Logoff button. Then, in the box labeled Workgroup: enter E&PS. Whatever the default logon name is, change it to your account name (i.e., CONNOLLY). When this is done, double-click on the button at the bottom labeled Startup.

In the startup dialog box (labeled "Startup Settings") check all of the options in the "Startup Options" section. In the box below, check "Log on to Windows NT or LAN Manager Domain" and enter the domain name E&PS in the appropriate box and then click on OK.

You will now be back at the "Microsoft Windows Network" box. You should now click on the "Log On" button. Make sure your logon name is correct and enter your password you normally use for your Windows for Workgroup Logon. Click on OK when you're done. Next you will see the Domain Logon box. Make sure that the box labeled "Save password . . " is not checked. Make sure your account name is correct (it's not case-sensitive), and enter your temporary password (it is case-sensitive). You will immediately be asked to change your password. To avoid trouble, do this carefully and use the TAB key to move the cursor between boxes. Type your temporary password in the OLD Password box, and type your new password twice in the boxes below. It asks for it twice to make sure you haven't made a typo in typing it just once.

Important note about Passwords: Make your password something you can remember but is hard to guess. I find mnemonics of phrases are good. For instance ihoebtbot is a mnemonic for that famous Mad magazine proverb "I had one eggplant but that brunch over there". Computer hackers and security breaches are nontrivial problems on networks, so please use a good password. The network will make you change it every 90 days. If you will be logging into the network from a Macintosh computer, you should limit your password to 8 characters, which is the maximum accepted by the Mac OS.

If all has gone well, the network will display a DOS windows which says "running logon script" and then echo a dialog box which says that you were successfully logged in the level of "Privilege" level of your logon. Most everyone will be logged on at the "USER" level.

The "script" which runs at logon does two things for every user:

It synchronizes you local computer's date and time with the server (which is in turn synchronized with the atomic clock at NIST in Boulder -- it's very accurate). This is important for timing automatic backups and things which will be implemented in the near future.
It opens network drive "L:" as the USER directory on the server which gives you access to your login directory (look for the directory which is the same as your user name) which may be accessed from any computer you sit down at.

Section 2: Routine Logons

If everything was set up properly in Section 1, this is really simple. When you shut down Windows you are automatically logged off. When you start Windows, the logon dialog pops up with the name of the last user who was logged on. For a single user computer, this is no problem. Just type in your password in the Windows Logon Dialog Box, then Type in your E&PS Domain Password in the Domain Logon Dialog box and you're all set. If you leave your computer and it is not in a secured area, logoff by running the Log On/Off program (with the cute keys) Icon in your "Network" program group. When you come back, logon by running it again. Leaving your computer without logging off is like leaving your keys in your car with the engine running and the doors unlocked. Your work might be there as you left it, but you sure can't count on it.

Do you need to Logon to the Network? Windows for Workgroups users do not need to logon to the network if they will only be using resources available on their local machine. You do not need to logon to use Telnet or FTP other TCP/IP software (Eudora, Winsock FTP, Netscape or Mosaic) since (as long as TCP/IP is properly setup on your computer) these function independently of the E&PS Network. You do need to logon if you will be using network file resources (either on the server or on another Windows for Workgroups computer), using network printing services, or accessing software installed on the network. To not logon, just click on the cancel button in the first logon dialog box. If necessary, you may logon later by running the Log On/Off program.

For a computer used by several people, it is important that each user log on with their own account name and password in both (WFWG and Domain) logon dialog boxes. Users should never give other users their account names and passwords, because access to resources is controlled by assigned privilege. If someone you work with needs an account, see me and they can get one. Although each NT user license costs about $12, account costs are not charged to individual users.

Each person has access to two areas or "shares" on the server's hard disks for storage of their data. One is the "USERS" share which contains the "login" areas for all users and their personal, private file areas. Users may take ownership of their login areas (after installing NT File Manager Extensions--see the next section), and control who has what access to their files. The other area is "COMMON" which contains areas which are designed for users who are working together (i.e., Paleomag, Quaternary, TEM, etc.) to have areas in which a designated group of associates have access. How these areas are accessed and arranged are detailed in a separate document on network resources.

Section 3: Installing the NT Services for Windows

For Windows for Workgroups computers, a set of "add-on" server tools are available which makes management of your directories and printing easier on the NT network. Most users will only need to install the file manager extensions, which enable users to take control of their directories and files. Every file on an NT network has an owner/creator who has complete control of who gets to see (or not see), read, make changes to, that file, and the file manager extensions are how you use that control. In general, the owner of a file is the person who was logged on when it was created. If you are logged on and save a file to your network directory from Word or Excel, that is your file. If you want nobody but E&PS Domain user Joe Blow to see that file, using the security menu you may remove everyone from the permissions list (whatever you do, don't remove yourself or you will need administrator help to access your own files!) and then add Joe Blow. If you want to let him read it but not change it, you can give him Read only access.

To install the NT Server tools, you must be logged on to the Network (i.e., Sections 1 & 2). Openin file manager and connect to the network drive (Disk : Connect Network Drive) on EPS named "Install" (you may "Browse" to find it or type //EPS/Install in the dialog box). Change to the subdirectory: /srvtools/windows, find and double click on the program SETUP.EXE. Windows will do its usual setup file copying stuff, and present you with a dialog box where you get to pick what you want to install. Most users should "uncheck" everything except the last item, "File Manager Extensions." The other tools are only useful to people who have some function in system management. People who will be administering "Common" file areas (like lab or research group managers) and have "Account Manager" privilege will need User Manager, and if you are planning to share a printer (particularly one with a direct Ethernet connection) or will be a "Printer Operator" you will want the NT print manager. The Server Manager and Event Viewer are only useful for Administrators.

Setup will install the Microsoft 32 bit program extensions if they are not already present, and all of the files necessary for the selected options. This is a fairly stupid setup program, and after an installation is complete, you need to use your text editor (use NOTEPAD or Write without converting to Write format) to make the following changes to your autoexec.bat and config.sys files.

To autoexec.bat: at the end of the "path=" statement add: ;c:\srvtools and add the line: set tz=UCT+07:00DST (sets timezone to GMT + 7hrs, w. daylt.sav.)

To config.sys: change the files statement to files=50 (a larger number is okay), and change the lastdrive statement to lastdrive=z (need lots of drive "handles" for the network)

After you have done this, exit Windows and reboot the system. If windows restarts before you reboot (this irritatingly happens sometimes when you edit autoexec.bat in Windows) just exit and reboot. I'd suggest rebooting with the reset button, not ctrl-alt-del.

When this is done, "Security" will appear in the file manager menu. To take control of your directory, open file manager. If your logon script has run like it's supposed to, you should see a drive "L:" in your drive icon list. Click on it to open the drive, change to the directory with your username. If I have set your permissions properly, you can use the Security : Owner menu option to "Take Ownership" of your private directory. You may exclude everyone from seeing anything in your directory, but as administrator, I ask that you give Administrators at least LIST access, and if you want your data backed up during routine system backups, you need to give Backup Operators at least READ access. If you exclude administrators from LIST access after taking ownership, you may find an administrator taking control of your directory, particularly if disk space begins to get tight on the system.