Be careful what you wish for!

E-mail notifications have been added to this site, as some folks were missing them from our earlier blogs/drupal sites.  You'll see a link for "subscriptions" at the bottom of most content.

I'm working to clean up and standardize our OU=OIT in the WolfTech active directory.

I've created under "Management Objects" a "People Groups" container, for holding groups representing teams or other assemblies of humans or human analogs.

Microsoft's Internet Information Server (IIS) uses a local computer account, IUSR_servername to provide access to the filesystem and other resources for anonymous web users.  We've had some problems getting the permissions correct for this acount.

I'd like to propose the following scheme, based on the recommendations from Microsoft's IIS 6.0 Security Best Practices

Present: John K, Kevin S. Patrick W. Tom F., Dan E. Danny D

We got a small group together to advise management on how to best consolidate the many OU's that OIT is creating in WolfTech.  There's more background at

http://xteams.oit.ncsu.edu/iso/node/470

The results of the meeting were

As we work to bring the new Nagios system on-line, there's a lot of firewall changes that need to get made.

Comtech has established a range of addresses for all OIT devices meant for monitoring, and the intention is to open this address range (referred to as "OIT-Monitor") for incoming access for monitoring protocols for all datacenter subnets. This will make firewall settings easier and quicker for ComTech, and allow everyone less back and forth in setting up firewall rules for new VLANS.

The monitoring servers in the OIT-Monitor range of addresses should have incoming access to the following ports for all OIT servers:

echo-reply
echo-request
dest-unreach

UDP and TCP 161 (SNMP read)
TCP 5666 (Nagios NRPE)
UDP 1161 (SMC)
TCP 9999 (MRTGEXT)
tcp/524 (NCP)
tcp/427 (SLP)
tcp/389 (LDAP)
tcp/636 (LDAPS)
tcp/13782 (Netbackup)

Attending: Dan G, Billy B., Kevin S. John K, Mark S., Mike McC, Craig DeS, Jack F and Richard M.

Continuation of previous meeting in July in which we discussed using Wolftech to replace etssauth servers and Sun IDM integration.

Craig gave an overview of how the portal et al currently used the Auth Tree eDir, and it's requirements.  We discussed how AD password policies differ, and covered some workflows about what would happen if one's basic access to one's desktop was controlled by the P1..P5 security policies.

To communicate over ssl with the WolfTech domain controllers, you will need to import the ITECS root Certificate Authority.

In the near future, WolfTech will be moving to the NCSU CA run by OIT SnC. At that point, the root certificate will change.

Dan G., Billy B, and I (John K) met with Anne L. from ITRE to discuss their migration to WolfTech.

They've been working with ComTech since Febuary to get their firewall configurations set so that they can use DHCP and access other campus resources.  They are on VLANs 1414 and 1410.

They're going to get a "default" layout, under OU=ITRE,OU=Research in WolfTech.