CLA Technical Services

Active Directory Overview

Objective

The Chancellor’s Office of the CSU system has mandated that data security measures be implemented throughout the CSU university system. These measures will affect everyone from information technology staff to end users such as faculty, staff and students.

The securing of data containing confidential information is a high priority for the CSU. To that end, it is expected that state-owned workstations and laptops become even more secure than ever, and that data are secured in such a way that minimizes the risk of compromise through lost, stolen, or breached information such as names, mailing addresses, phone numbers, grades, and other sensitive data.

Starting Fall 2010, the CLA has joined a centralized authentication system known as Active Directory for Windows 7 and XP users. (Mac OS X users will also be rolled into the system at a later date.) Active Directory will eventually be implemented on every state-owned computer on the Cal Poly campus. You can log on into Active Directory and connect to your data files via the Internet from anywhere with a connection, while an off-campus connection will require the use of the Windows Terminal Services application (discussed later in this overview). A high-speed connection is recommended; however, dial-up connections are sufficient for accessing documents such as those created in Microsoft Office.

Topics for this Title

  1. Logging into Active Directory
  2. The U:Drive - The Virtual Storage Space
  3. Windows Terminal Services (also known as Remote Desktop Connection)
  4. Temporary Administrative Access
  5. Summary
  6. Conclusion

Logging into Active Directory

When you log onto Active Directory (AD) for the first time, you will be logging onto not only your machine, but also to a virtual location where, upon successful logon, you will be able to access your own virtual file space, as well as similar areas known as file shares. Your Cal Poly portal username and password will be required for successful authentication.

Windows 7 Login ScreenAnother Windows 7 Login Screen

For your first time logging onto AD, you will do the following:

  1. Turn on your machine, and wait until the boot process is complete. You will know this when you see the Windows 7 screen requesting that you press the Ctrl-Alt-Delete keys. Make sure that the CP-CALPOLY domain is chosen from the drop-down menu beneath the login window. 
  2. Type the following:
    • Username (any of these will work, but try them in order in case you're unable to log on):
      • jmustang (your Cal Poly portal username)
      • jmustang@calpoly.edu
      • CP-CALPOLYjmustang
    • Password: Your portal password
  3. A successful login will result in a "Welcome" greeting and some other messages displayed. A new desktop will be created for you, with the end result being that the Windows desktop will be displayed on your screen. Subsequent logins from this point on should only require your Cal Poly portal credentials.

The above method is for accessing Active Directory while on campus. You can also log in when you're off campus with your Cal Poly portal credentials; your credential information is cached. However, you will not have direct access to your virtual file store on Active Directory using this method. Instead, you will need to use Windows Terminal Services, described in more detail below.

Return to Top

The U: Drive - The Virtual Storage Space

When you are logged into Windows 7, you will of course see the Desktop. Double-click on the Computer shortcut, and you will find, in addition to the physical drives on the computer, 1 GB of virtual storage space. This is where you will store data files, particularly documents and files with sensitive information.

To access the U:drive in Windows 7, select "Computer" from the Start menu in Windows 7. A Windows Explorer window will open to display all of the available drives for your machine. It will be in the "Network Location" section that you'll find your virtual file store, or U: drive.

Showing the U: drive location

You can also access the U: drive remotely from off-campus through Windows Terminal Services.

Return to Top

Windows Terminal Services (also known as Remote Desktop Connection)

In order to access your Active Directory file store from off-campus, you will need to use the Microsoft application known as Windows Terminal Services (WTS) to access it. WTS allows you to log on remotely to your Active Directory account from anywhere with an Internet connection. WTS should already be installed and configured on your Windows-based, state-owned computer, and a Mac OS X version of the application is available. Once connected, you can access the remote U: drive, your local C: drive, and any remote file shares that you are authorized to use.. 

The following walkthrough assumes that you have WTS installed; otherwise, please visit the CMS-WTS web site for instructions on how to install the application (program name updated on the site to Remote Desktop Connection).

Windows Remote Desktop Login Screen

  1. Double-click on the WTS shortcut on the desktop. A new window will appear, overlaying your current Windows desktop.
  2. When the login window appears, login on with your Cal Poly portal credentials. Make sure that the CP-CALPOLY domain is chosen from the drop-down beneath the login window.
  3. Click OK. If all goes well, you should see a Windows desktop that looks similar to the image below.

Windows Remote Desktop

There are a few things to be aware of when using WTS:

  1. You may delete unwanted shortcuts on the desktop, for example, if you do not use BrioQuery. 
  2. While you can save data files to the desktop (which will appear the next time you log in via WTS), it Is recommended that you save them either to your file store on the remote U: drive or in your Documents folder on your local C: drive. Any items left on the desktop will count against your 1 GB file store limit for Active Directory.
  3. A limited number of applications, including Word 2003 and Excel 2003, can be accessed via the Start Menu of your Cal Poly WTS  account.

When you open My Computer from the Start Menu in WTS, you will see two lists of drives - one for network drives, and another for other drives. Again, the U: drive is your remote storage space, while the C: drive allows you to access data files from the machine that you are currently using, shaded in red in the image below.

Drives on Windows Remote Account

Return to Top

Temporary Administrative Access

If you are on a state-owned machine and need to install programs or hardware drivers, you may request a temporary administrator account, which will be approved on a case-by-case basis, and must be related to course instruction, your job responsibilities, or for research purposes. The accounts are available for a short-term period, and will be good until it expires. Please note that the creation of any local adminstrator account(s) is a violation of the campus security policy. Additionally, any local administrator accounts on state-owned computers will be deleted when detected by Active Directory. For more information on temporary administrative accounts, please contact the CLA Tech Team.

Return to Top

Summary

Active Directory is a centralized authentication system that allows users to store and access date files via a file store (or location) known as the U: Drive. All state machines with Windows 7 will require login via an Active Directory account. When off-campus, Windows Terminal Services should be used if you wish to access and store data files remotely. Temporary administrative accounts may be granted to install approved applications and hardware drivers.

Return to Top

Conclusion

We hope you find this document helpful. If you have any questions regarding the use of Active Directory, please contact the CLA Tech Team.

Back to top