VT AIS Windows 2000 Pilot Project
Summary and Recommendations
For a printer friendly version of this page, see: Printable Version of "Summary and Recommendations"; a single page version of the full report, less supplemental documents, is also available.
The AIS Windows 2000 Pilot project was implemented to test a Windows 2000 configuration for general distribution to the Virginia Tech campus community. The project was designed to examine "the benefits and advantages of a centrally-managed Windows 2000 environment."
The project consisted of three major components:
- Remote Administration
- Any Time, Any Where Software Availability
The first phases of the project involved the development and testing of a software environment to support these objectives. The simultaneous implementation of several components has provided a complex challenge and an opportunity to learn additional details about the Windows 2000 operating system, available software tools, and environmental configuration.
Based upon the current availability of Microsoft Windows XP and the desire to enable users of machines currently running Windows 95/98/ME/NT operating systems to update their systems with the increased stability and enhanced security of Windows 2000, it has been decided to conclude the AIS W2K Pilot and to distribute the information we have learned to the general campus community.
General University Recommendations
Based upon the experience gained during the AIS W2K Pilot testing, the following recommendations are made for the University community:
- University Community Involvement:
The Orientation Team recommends that Information Systems & Computing
provide forums for
individuals across campus to express
their computing needs, interests, and concerns.
It is recommended
that the benefits and advantages of proposed changes be demonstrated so that
individuals will be encouraged to implement new solutions rather than having
changes dictated by others.
- Operating Systems:
Windows XP is now available.
It is recommended that Information Systems & Computing develop a plan to evaluate the
positive and negative aspects of implementing Windows XP in the University environment.
Windows 2000 includes enhanced stability, greater security, and additional features not found in Windows 95/98/NT/ME. It is recommended that individuals currently using Windows environments prior to Windows 2000 be encouraged to replace their current operating systems.
All operating systems should be updated with required security updates and patches.
Partition imaging software, such as Symantec Ghost, is a reliable and effective method for installing Windows 2000 on hardware compatible systems. It is recommended that Information Systems & Computing evaluate the feasibility of creating and maintaining a partition image that can be used to install Windows 2000, Service Packs, and required patches on faculty and staff systems.
It is further recommended that Information Technology Acquisitions and Desktop Support groups within the University be involved in decisions associated with software selection and implementation.
- AntiVirus Software should be included as part of the software suite on
Since new viruses are being written continuously,
it is imperative that virus definition files be kept current.
In addition, a group should be tasked with periodically evaluating
available vendor anti-virus offerings and to
examine the feasibility of providing centralized anti-virus administration for faculty and staff
who would like this service.
- Security Software, including firewalls and intrusion detection,
are recommended for installation on all University owned systems.
Security Software is complex and may prevent some applications from
working properly; ongoing research will be required to protect University computers
from threats from other systems while at the same time enabling individuals to
complete their required work.
Information Systems and Computing should maintain familiarity with
the available security products, co-ordinate the
experiences of the campus community, and provide guidelines for security settings
both in Group Policies and for recommended security products.
A plan for a centrally managed system to collect and analyze
incident logs should be also be developed.
The IS&C Security Team should continue to maintain the
Security Web Site (www.security.vt.edu) to provide an up to date resource for the
In addition, a group should be tasked with periodically evaluating
available vendor security offerings
and best security practices for MS Windows environments.
Best Practices information should be also be made available and
updated on a regular basis on a web site
available to the University community.
Individuals need to be reminded not to execute unknown applications, and to be especially cautious of e-mail attachments from unknown individuals. Further, individuals are encouraged not to use Microsoft Word or other word processor attachments for sharing simple text information; instead, they are encouraged to copy and paste this text into the body of e-mail messages.
Software Distribution and Maintenance via SMS:
SMS is a potentially
valuable tool for the general distribution and management of software at
Virginia Tech and could also be used for hardware and software
inventory, license management, and remote management. The complexities
of creating and testing software installer packages for distribution
under SMS require a knowledgeable, full-time system administrator. The
pilot SMS administrator recommends that SMS not be used in production
until the next software release. He further recommends exploring other
software distribution products, such as the Intellimirror solutions
built into Windows 2000.
RADMIN was found to be a potentially useful tool both to perform remote
administration and to allow individuals to remotely access their desktop systems from
other locations. It is recommended that this product continue to be made available to the
campus community and that alternatives be evaluated as they become available.
- Backup/recovery solutions should be made available for all
University owned machines. The restoration ability of these solutions should be
tested at periodic intervals.
- It is recommended that all University Mission Critical machines be provided
a centralized Computing Center or departmental backup solution.
- It is recommended that individuals currently backed up by central systems
continue to be provided with this backup solution.
- It is recommended that individuals who do not otherwise have a centralized
backup for their files be informed of the availability of these options and of
the backed up remote storage options available from the Computing Center, e.g., the use of
Roaming Profiles and Folder Redirection
investigated as part of the AIS W2K Pilot.
- It is recommended that all University Mission Critical machines be provided a centralized Computing Center or departmental backup solution.
- As a best practice, it is suggested that individuals log on as User and not using an Administrator account; Administrator logons should only be used when necessary.
The AIS W2K Pilot Project provided an integrated environment for enabling individuals to use distributed resources on the Virginia Tech Network which potentially could be extended for use by other members of the Hokies Domain. Included within this environment were a centrally managed Group Policy Object, Norton AntiVirus Protection, Black Ice Agent security protection, remote administration tools, and a suite of tools for "Anytime, Anywhere" file accessibility. See Benefits of the AIS W2K Pilot to learn more about the components which were implemented in this environment.
Last Modified: May 17, 2002