It has been a fruitful weekend after all.
First, we pinned down some of the wonkiness that was going on with the network. Turned out that when we set up the domain controller (DC) for the con last year, we set it to be the DNS and WINS provider on the network, with the network management box basically doing a DNS pass-through to it. Once we got DNS up and running things were running smoothly; laptops were logging in quickly and domain level SIDs were resolving in no time at all.
That only left us with one last problem to solve; printing to network shared printers. The problem boils down to this rule. The user printing to the shared printer must be a member of the administrator group on the machine hosting the printer. This presents certain security risks that we were not at all comfortable with leaving in place on the registration machines.
We have a solution and we tested it. None of the registration machines will have a direct connection to the printers. In fact, we will have a headless machine that will host all three printers for registration. Since it will do nothing but managing the printers, the impact of having the user set up as admin on the box is minimized.
So, Jason and geojlc are officially awesome. They were awesome before, but now they're officially recognized as awesome. ;)
That only left us with one last problem to solve; printing to network shared printers. The problem boils down to this rule. The user printing to the shared printer must be a member of the administrator group on the machine hosting the printer. This presents certain security risks that we were not at all comfortable with leaving in place on the registration machines.
We have a solution and we tested it. None of the registration machines will have a direct connection to the printers. In fact, we will have a headless machine that will host all three printers for registration. Since it will do nothing but managing the printers, the impact of having the user set up as admin on the box is minimized.
So, Jason and geojlc are officially awesome. They were awesome before, but now they're officially recognized as awesome. ;)