|Microsoft Windows Server HOW-TO:|
Set time sync on a Win2k3 domain controller:
At a command prompt:
c:\net time /setsntp:us.pool.ntp.org
c:\w32tm /config /update
c:\w32tm /resync /rediscover /nowait
Win2k/XP workstations automatically sync time against the DC when they log in to a domain
Some options for w32tm:
Basic login script:
net use /delete * /y (deletes all existing shares)
net use H: \\server\sharename (creates a network share using drive letter H:)
net use I: \\server\sharename...
Creating shares for users in a Windows domain:
1) Create a folder or partition to act as the Users container
2) Right-click on the folder or partition and choose "Sharing and Security"
3) Select "Share this folder" and give it a name in "Share name"
4) Click the Permissions button, remove all users, and add "Domain Users" giving that group Full Control
5) In the folder or parition, create subfolders, one for each user. Use the username assigned to users as the folder name
6) Right-click on each of the subfolders and choose "Sharing and Security"
7) Select the Security tab, click Advanced, and uncheck the box labled "Inherit from parent the permission entries that...." and click "Remove"
8) Back in the Security tab, remove everyone and add "Domain Admins" and the specific user who will own the folder
9) Repeat for all user folders
A sample login script:
NET USE /delete * /y
NET USE H: \\<server name>\STORAGE$\%username%
NET USE I: \\<server name>\STORAGE$\Apps
NET USE J: \\<server name>\STORAGE$\Shared
The %username% variable is replaced with the user name provided at workstation logon. You can create a group policy on an OU in Win2k/2k3 server and assign a logon script to it, or...you can set the logon script on a per-user basis by setting it in the users Profile tab in Active Directory Users and Computers.
To create a GPO (Group Policy Object), open up Active Directory Users and Computers, create a new OU, name it, then click on the Group Policy tab in the properties on the OU you created. Then click New and name the new policy object. Then select the new policy object and click Edit. Open User Configuration -> Scripts (Logon/Logoff) and then double-click Logon in the right pane. Click Add and then navigate to C:\WINNT (or Windows)\SYSVOL\sysvol\<domain name>\scripts and select the name of the login script you created. It needs to end in .cmd (such as logon.cmd). It is recommended that all logon scripts are kept in this location as it is replicated automatically across multiple domain controllers if more than one DC exists.