Virginia Tech

VT AIS Windows 2000 Pilot Project

Summary and Recommendations

For a printer friendly version of this page, see: Printable Version of "Summary and Recommendations"; a single page version of the full report, less supplemental documents, is also available.

The AIS Windows 2000 Pilot project was implemented to test a Windows 2000 configuration for general distribution to the Virginia Tech campus community. The project was designed to examine "the benefits and advantages of a centrally-managed Windows 2000 environment."

The project consisted of three major components:

  • Security
  • Remote Administration
  • Any Time, Any Where Software Availability

The first phases of the project involved the development and testing of a software environment to support these objectives. The simultaneous implementation of several components has provided a complex challenge and an opportunity to learn additional details about the Windows 2000 operating system, available software tools, and environmental configuration.

Based upon the current availability of Microsoft Windows XP and the desire to enable users of machines currently running Windows 95/98/ME/NT operating systems to update their systems with the increased stability and enhanced security of Windows 2000, it has been decided to conclude the AIS W2K Pilot and to distribute the information we have learned to the general campus community.

General University Recommendations

Based upon the experience gained during the AIS W2K Pilot testing, the following recommendations are made for the University community:

  1. University Community Involvement:   The Orientation Team recommends that Information Systems & Computing provide forums for individuals across campus to express their computing needs, interests, and concerns. It is recommended that the benefits and advantages of proposed changes be demonstrated so that individuals will be encouraged to implement new solutions rather than having changes dictated by others.

  2. Operating Systems:   Windows XP is now available. It is recommended that Information Systems & Computing develop a plan to evaluate the positive and negative aspects of implementing Windows XP in the University environment.

    Windows 2000 includes enhanced stability, greater security, and additional features not found in Windows 95/98/NT/ME. It is recommended that individuals currently using Windows environments prior to Windows 2000 be encouraged to replace their current operating systems.

    All operating systems should be updated with required security updates and patches.

    Partition imaging software, such as Symantec Ghost, is a reliable and effective method for installing Windows 2000 on hardware compatible systems. It is recommended that Information Systems & Computing evaluate the feasibility of creating and maintaining a partition image that can be used to install Windows 2000, Service Packs, and required patches on faculty and staff systems.

    It is further recommended that Information Technology Acquisitions and Desktop Support groups within the University be involved in decisions associated with software selection and implementation.

  3. AntiVirus Software should be included as part of the software suite on all machines. Since new viruses are being written continuously, it is imperative that virus definition files be kept current. In addition, a group should be tasked with periodically evaluating available vendor anti-virus offerings and to examine the feasibility of providing centralized anti-virus administration for faculty and staff who would like this service.

  4. Security Software, including firewalls and intrusion detection, are recommended for installation on all University owned systems. Security Software is complex and may prevent some applications from working properly; ongoing research will be required to protect University computers from threats from other systems while at the same time enabling individuals to complete their required work. Information Systems and Computing should maintain familiarity with the available security products, co-ordinate the experiences of the campus community, and provide guidelines for security settings both in Group Policies and for recommended security products. A plan for a centrally managed system to collect and analyze incident logs should be also be developed. The IS&C Security Team should continue to maintain the Security Web Site (www.security.vt.edu) to provide an up to date resource for the campus community. In addition, a group should be tasked with periodically evaluating available vendor security offerings and best security practices for MS Windows environments. Best Practices information should be also be made available and updated on a regular basis on a web site available to the University community.

    Individuals need to be reminded not to execute unknown applications, and to be especially cautious of e-mail attachments from unknown individuals. Further, individuals are encouraged not to use Microsoft Word or other word processor attachments for sharing simple text information; instead, they are encouraged to copy and paste this text into the body of e-mail messages.

  5. Software Distribution and Maintenance via SMS:   SMS is a potentially valuable tool for the general distribution and management of software at Virginia Tech and could also be used for hardware and software inventory, license management, and remote management. The complexities of creating and testing software installer packages for distribution under SMS require a knowledgeable, full-time system administrator. The pilot SMS administrator recommends that SMS not be used in production until the next software release. He further recommends exploring other software distribution products, such as the Intellimirror solutions built into Windows 2000.

  6. RADMIN was found to be a potentially useful tool both to perform remote administration and to allow individuals to remotely access their desktop systems from other locations. It is recommended that this product continue to be made available to the campus community and that alternatives be evaluated as they become available.

  7. Backup/recovery solutions should be made available for all University owned machines. The restoration ability of these solutions should be tested at periodic intervals.

    • It is recommended that all University Mission Critical machines be provided a centralized Computing Center or departmental backup solution.

    • It is recommended that individuals currently backed up by central systems continue to be provided with this backup solution.

    • It is recommended that individuals who do not otherwise have a centralized backup for their files be informed of the availability of these options and of the backed up remote storage options available from the Computing Center, e.g., the use of Roaming Profiles and Folder Redirection investigated as part of the AIS W2K Pilot.

    Information Systems and Computing should review available backup solutions at periodic intervals and report the findings to the University community.

  8. As a best practice, it is suggested that individuals log on as User and not using an Administrator account; Administrator logons should only be used when necessary.

Summary Comments

The AIS W2K Pilot Project provided an integrated environment for enabling individuals to use distributed resources on the Virginia Tech Network which potentially could be extended for use by other members of the Hokies Domain. Included within this environment were a centrally managed Group Policy Object, Norton AntiVirus Protection, Black Ice Agent security protection, remote administration tools, and a suite of tools for "Anytime, Anywhere" file accessibility. See Benefits of the AIS W2K Pilot to learn more about the components which were implemented in this environment.

Last Modified:   May 17, 2002
Privacy Statement