One day, it would be nice to have a standard operating environment for UCC clubroom machines. Currently the state of them could be described as varying degrees of broken, partly due to having no defined procedure for setting them up. The purpose of this page is to brainstorm what this procedure should be.

Steps marked with require a wheel member, anything else can be done by a winadmin.

Windows Profiles

Please see WindowsProfiles for more information on how these work / how you should manage them.

Windows 7

Steps to do before/during installation

• Add forward and reverse DNS entries for the machine. Not essential for setup

• Add the machine to DHCP. Not essential for setup

During/after installation

• Install Win7 Pro, not the home edition, or you won't be able to add it to the domain
• Make sure you create at least 3 disk partitions - one for windows, one for games/other, and one or more for linux
• Enable the Administrator account and set a password, nuke the user you created during install
  • Handy hint: Instead of logging in with LOCALMACHINENAME\Administrator, log in with .\Administrator

• Install F-Prot antivirus, You will need a wheel member to give you the registration key

• Install device drivers (graphics and sound most importantly).

• Run the registry hack from http://wiki.samba.org/index.php/Windows7 - you won't be able to add the machine to the domain without doing this)

• Configure it to be part of the domain 'UCCDOMAIN'. (Control Panel, System, Advanced System Settings, Computer Name) Ignore the error message

• Install and configure wpkg.
  • Both the client installer and the config files will be in //Mylah/wpkg
  • Import settings using the "import settings" button from //Mylah/wpkg/settings.xml

  • Go into service management and change the WPKG Service startup type to Automatic (Delayed Start) This step is essential, wpkg will not work without it

  • Restart the computer
• Set up printing.
• Add Winadmins to computer administrators.
• Add static route for 130.95.13.0/26: at a command prompt, type

route add -p 130.95.13.0 MASK 255.255.255.192 130.95.13.65

• This prevents a VPN connection from trying to steal the default route to users home directories.

Software to install

Software in this list should either be free to download and install, or something that the UCC has a license for. Some preference is given to software which is easily deployed with WPKG.

Installed automatically via WPKG

• Putty

• OpenOffice

• Firefox
• Security policy to hide last logged in user
• Windows experience index test after initial install

• WinSCP

• OCS Inventory

• FoxIT Reader

• GIMP

• Ario (MPD client: http://ario-player.sourceforge.net/)

• Xming
• Inkscape

Install by hand

• WolfET
• Steam

• MikTex then Lyx (in that order, be sure to enable auto-package downloads in MikTex)

• Thunderbird

• CD Burning Software: InfraRecorder (isorecorder is no longer needed, as infrarecorder can do images)

• VLC

• Daemon Tools (v3.46 was the last release before it was bundled with spyware, see http://www.daemon-tools.cc/dtcc/download.php?mode=Download&id=70)

• PrimoPDF (a print to PDF utility)

Windows XP

Steps to do before/during installation

• Add forward and reverse DNS entries for the machine. Not essential for setup

• Add the machine to DHCP. Not essential for setup

• Add the machine template to Samba. As root on Mylah, run /home/wheel/bin/ucc-addwinpc computername.

During/after installation

• Install Windows XP SP3 and configure it to be part of the domain 'UCCDOMAIN'.
• Install device drivers (graphics and sound most importantly).
• Set up printing.
• Add Winadmins to computer administrators.

• Configure WPKG. Install WPKG Client 1.3.9.msi, and load settings.xml using 'import settings', both in //mylah/wpkg

  • As winxp is no longer the default profile, you will need to edit /wpkg/hosts.xml and make an entry for the machine
• Turn Windows Updates on to fully-automatic.
• Add static route for 130.95.13.0/26: at a command prompt, type

route add -p 130.95.13.0 MASK 255.255.255.192 130.95.13.65

Software to install

Software in this list should either be free to download and install, or something that the UCC has a license for. Some preference is given to software which is easily deployed with WPKG.

• OpenOffice

• Media Player 11

• CD Burning Software such as? possibilities include http://www.deepburner.com/ and http://infrarecorder.sourceforge.net/

• F-Prot Antivirus \\musundo\fprot\ contains installers (use the MSI packages) and license codes in licenses.txt. You will need a handy wheel member to open licences.txt for you.
• VLC

• Daemon Tools (v3.46 was the last release before it was bundled with spyware, see http://www.daemon-tools.cc/dtcc/download.php?mode=Download&id=70)

• Windows Live messenger
• Steam
• Audacity
• Google Talk
• irfanview (and the plugin that knows about jpeg orientation jfif tags)
• winscp
• DirectX 9 runtime
• Notepad++

What about...

• ActiveState ActivePython and/or ActivePerl

• Eclipse? Massive but apparently Java programmers love it

• NetBeans? Not nearly as massive (but still quite large)

• Komodo Edit, a rather nice lightweight programmers' editor
• gVim, the logical alternative to the above
• TortoiseSVN

• Cygwin I vote no, it's horrible [DAA]

• sequoiaview?
• Hardware design tools like ..
• SwitcherCADIII (free download with very active support list)
• Ultium Designer (on at least one machine) or Free (limited) version of Eagle

• Pushing the UCC CA out over WPKG? http://wpkg.org/SSL_CA_Install

• Inkscape
• The GIMP

Installed automatically via WPKG

• Java Runtime Environment
• Firefox 3
• Flash player

• PuTTY (also add the binary directory to %PATH% [RVS] - not done yet)

• Xming
• GTK+ 2.14
• 7zip

• FileZilla

• Thunderbird

• ISORecorder

• Ario (MPD client: http://ario-player.sourceforge.net/)

• BZFlag
• Adobe Reader 9

• InfraRecorder

Linux Servers

• Add a root user and nuke the initial unprivileged user
• Change sources.list to use UWA's mirror %s/au.archive.ubuntu.com/mirrors.uwa.edu.au\/ubuntu/
• Set up NFS:
  • Add the machine to DNS if it isn't there already
  • Add the ethernet (MAC) address to madako's /etc/dhcp3/dhcpd.conf if it isn't there already
  • Add the machine to the 'sharemgr share' output on Musundo
  • Add the fstab line (copy off martello or something)
  • mount -a and hope

• Set up LDAP - you may need to use libnss-ldapd and libpam-ldapd on newer Ubuntu and Debian (as opposed to the old libnss-ldap)

• Ensure nsswitch.conf uses ldap for groups, passwd, and services - the latter is not done by default on most configurations.
• Install dispense: copy /usr/local/bin/dispense, /usr/local/lib/libucc.so and /usr/share/man/man1/dispense.1.gz off a machine with a similar architecture
• Add the UCC root SSH keys: add the hostname to /home/wheel/bin/uccroot/push.sh, then run that script.
• Install Phonehome:

  • apt-get install python-zsi rsync apt-listchanges

  • As root on mooneye, cd /usr/local/phonehome && ./setup.zsh $HOSTNAME

• Install the UCC motd system on machines which mount /home: add the following line to /etc/inetd.conf:

motda   stream  tcp     nowait  root    /home/wheel/bin/motd.update.sh motda

• Remove and purge exim, and replace it with postfix

• Edit the root: line of /etc/aliases to direct mail to the ucc hostmaster address, then run newaliases

• Packages to install:
  • alpine
  • nfs-common
  • zsh
  • ncurses-term
  • vim
  • screen
  • build-essential
  • cvs
  • subversion
  • sun-java6-jdk or openjdk-6-jdk
  • susv2
  • susv3
  • ocsinventory-agent (server is mussel.ucc.gu.uwa.edu.au)
  • logwatch

Linux Desktops

• Add a root user and nuke the initial unprivileged user
• Change sources.list to use UWA's mirror %s/au.archive.ubuntu.com/mirrors.uwa.edu.au\/ubuntu/

• Set up LDAP - you may need to use libnss-ldapd and libpam-ldapd on newer Ubuntu and Debian (as opposed to the old libnss-ldap)

  • apt-get install --no-install-recommends libnss-ldapd libpam-ldapd

  • Set server to ldaps://mussel.ucc.gu.uwa.edu.au/ ldaps://martello.ucc.gu.uwa.edu.au/ - do not use the ucc.asn.au domain

  • Set search base to dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au

  • Check server SSL certificate: demand

  • wget -O /etc/ssl/UCC-CA.crt http://ucc.asn.au/UCC-CA.crt to copy the UCC certificate authority

  • Edit /etc/nslcd.conf and add the line tls_cacertfile /etc/ssl/UCC-CA.crt

  • Restart nslcd: /etc/init.d/nslcd restart

  • Edit /etc/nsswitch.conf to include for groups, passwd, and services - the latter is not done by default on most configurations.

  • Edit /etc/pam.d/common-auth (order of unix & LDAP is important, as is use_first_pass rather than try_first_pass):

auth    sufficient      pam_unix.so
auth    required        pam_ldap.so nullok_secure use_first_pass

• Edit /etc/pam.d/common-account (order of unix & LDAP is important):

account sufficient      pam_unix.so
account required        pam_ldap.so use_first_pass

• Test: id accmurph should show uid=666(accmurph) gid=666(winadmin) groups=666(winadmin) - if so, libnss-ldapd is working.

• Test: login and try your username and password - if ok, libpam-ldapd is working.

• Modify /etc/fstab to mount /away
• Add the UCC root SSH keys: add the hostname to /home/wheel/bin/uccroot/push.sh, then run that script.
• Install Phonehome:

  • apt-get install python-zsi rsync apt-listchanges

  • As root on mooneye, cd /usr/local/phonehome && ./setup.zsh $HOSTNAME

Ensure the following packages are installed:

• build-essential
• cvs
• subversion
• openjdk-6-jdk
• vim
• ocsinventory-agent (server is mussel.ucc.gu.uwa.edu.au)
• bzflag
• gnome-desktop-environment (includes Openoffice, Python, ???)
• google-chrome or chromium
• thunderbird

CategorySystemAdministration