Windows Server overview

All school-owned PC laptops are joined to the Crossroads Active Directory domain, and all teachers and older students log in using credentials defined on the Windows server "domain controller". In July 2016, NHVT Computers assisted with transitioning from old hardware with Server 2008, to new hardware with Server 2012. All staff and student data was copied from the old to the new, and the AD accounts, group policies, etc. were transitioned as well.

This master server is CA-2016-SVR. In addition to Active Directory and Group Policy services, it also does file sharing, DNS, DHCP, and print. In the past it had SQL Server and web services enabled, probably for some legacy support thing like SpiceWorks.

SECURITY GROUPS:

Accounting:

Brad

Hazel

Jennifer Thomas FIXME

Marie (GONE)

Marilyn

Marion

Nancy (GONE)

Ryan TEMPORARY

Stuart

Board:

Brad

Hazel

Jennifer Thomas FIXME

Marie (GONE)

Marion

Stuart

Faculty:

_CA Admin Template (FIXME defunct? in "history" OU)

_Laptop Office Template (FIXME defunct? in "history" OU)

_Laptop Staff Template (FIXME defunct? in "history" OU)

(all regular faculty AND office staff)

fileadmins:

Alison (GONE)

Amy

Bruce

Cindy (GONE)

Doris

Heather

Lee (GONE)

Liz

Peter F (GONE?)

Peter T (GONE sorta)

Vicky (GONE)

summerprograms:

Heather

technicians:

Lucas Moyer

Marion Bates

Nancy Mosson (GONE)

GYxxxx = students

students = meta group of GYs

tech6/7/8 = Amy + a defunct GY

SHARES:

~~Acctn aka Accounting (V:) DEFUNCT b/c QuickBooks is separate now~~

~~installs (no letter) DEFUNCT~~

~~Size: 5.71 GB~~

~~Purpose: QuickBooks~~

~~Share Permissions:~~

~~QBDataServerUser28 has special~~

~~S-1-blahblah has special~~

~~CROSSROADS\Accounting has Modify~~

~~CROSSROADS\QBDataServiceUser26 has special~~

~~CROSSROADS\caadmin has full~~

~~CROSSROADS\lmoyer has full~~

~~CROSSROADS\Administrator has full~~

~~BUILTIN\Administrators has full~~

~~NT AUTHORITY\SYSTEM has full~~

~~NTFS Permissions:~~

~~QBDataServiceUser28 has special~~

~~help FIXME I dunno how to interpret this~~

~~Path: D:\Shares\Installs~~

~~Size: < 1MB~~

~~Purpose: Open share for things like Ninite that I want to be able to deploy via GP. Doesn't really matter~~

~~Share Permissions:~~

~~BUILTIN\Users has special~~

~~BUILTIN\Users has read & execute~~

~~BUILTIN\Administrators has full~~

~~NT AUTHORITY\SYSTEM has full~~

~~CREATOR OWNER has full~~

~~CROSSROADS\lmoyer has full~~

~~Everyone has full <- FIXME wtf?~~

snaps (U:)

board (X:)

Path: D:\Shares\Board

Size: < 1GB

Purpose: Board/Trustee stuff

Share Permissions:

CROSSROADS\caadmin has full

CROSSROADS\lmoyer has full

CROSSROADS\Board has modify

BUILTIN\Administrators has full

NT AUTHORITY\SYSTEM has full

books (Y:)

Path: D:\Shares\Books

Size: 2.4 GB

Purpose: HR and finance

Share Permissions:

CROSSROADS\SummerPrograms has read

CROSSROADS\Accounting has Modify

CROSSROADS\caadmin has full

CROSSROADS\lmoyer has full

BUILTIN\Administrators has full

NT AUTHORITY\SYSTEM has full

courses (T:)

Path: D:\Shares\Courses

Size: 20 GB

Purpose: student use

Share Permissions:

CROSSROADS\lmoyer has full

CROSSROADS\Domain Users has full

BUILTIN\Administrators has full

NT AUTHORITY\SYSTEM has full

Exceed (P:)

Size: < 1 GB

Path: D:\Exceed

Purpose: Old, soon to be defunct fundraising tracking

Share Permissions:

CROSSROADS\caadmin has full

CROSSROADS\CAExceed has full

CROSSROADS\lmoyer has full

CROSSROADS\Domain Admins has full

BUILTIN\Administrators has full

NT AUTHORITY\SYSTEM has full

CREATOR OWNER has full

NTFS Permissions:

weird FIXME

Faculty (S:)

Staff users' homes are underneath the Faculty share which is HIDDEN! It can be accessed manually (i.e. on a non-joined PC) via

Start -> Run, enter \\CA-2016-SVR\faculty$ <- note the appended $.

It's defined in the AD Users and Groups view, under the user's Profile tab:

Path: D:\Shares\Snaps

Size: 2.3 GB

Purpose: Photos

Share Permissions:

CROSSROADS\caadmin has full

CROSSROADS\lmoyer has full

CROSSROADS\Faculty has modify

BUILTIN\Administrators has full

NT AUTHORITY\SYSTEM has full

staffwork (Z:)

Path: D:\StaffWork

Size: < 1 GB

Purpose: Misc collab

Share Permissions:

CROSSROADS\caadmin has full

CROSSROADS\lmoyer has full

CROSSROADS\Faculty has modify

BUILTIN\Administrators has full

NT AUTHORITY\SYSTEM has full

students (S:)

It's defined in the AD Users and Groups view, under the user's Profile tab:

Their homedir name is firstinitial lastname, not visible here because the box is too small.

Path: D:\Shares\Users\Students\GY20xx

Size: 29 GB

Purpose: Student homes

Share Permissions:

CROSSROADS\caadmin has full

CROSSROADS\students has read & execute

CROSSROADS\lmoyer has full

BUILTIN\Administrators has full

NT AUTHORITY\SYSTEM has full

CREATOR OWNER has full

technet (no letter)

Size: 82 GB

Purpose: IT stuff, software installers, etc.

Share Permissions:

CROSSROADS\Technicians has modify

CROSSROADS\caadmin has full

CROSSROADS\lmoyer has full

CROSSROADS\Domain Admins has modify

BUILTIN\Administrators has full

NT AUTHORITY\SYSTEM has full

CREATOR OWNER has full

As we move to Google Backup and Sync, I am disabling this altogether (changing radio button to "Local path")

Path: D:\Shares\Users\Faculty

Size: 431 GB

Purpose: Old, soon to be defunct faculty homes

Share Permissions:

CROSSROADS\caadmin has full

CROSSROADS\lmoyer has full

CROSSROADS\Faculty has special

CROSSROADS\Domain Admins has full

BUILTIN\Administrators has full

NT AUTHORITY\SYSTEM has full

CREATOR OWNER has full

--------------------------- here be dragons ----------------------------

These shares are/were all auto-generated by Windows.

logs

NetLogon

print$

prnproc$

Shared Folders

SYSVOL