UW Windows Infrastructure
The University of Washington Windows Infrastructure (UWWI) was created to provide
UW NetID based authentication for UW clients using the Windows platform. In addition,
it provides some authorization services and name resolution services. Departments
with existing Windows domains can setup a one way trust to UWWI from their domain.
UWWI replaces the "LABS" domain service designed for the general campus computing
labs. The "LABS" domain service was retired from service in October 2007.
UW Technology expects that UWWI will enable many Windows-based services,
and is eager to hear client feedback on desired additions to the existing UWWI service.
Action on subsequent enhancements to the functionality of the campus-wide Windows
Infrastructure will depend on the availability of resources. The ability to delegate
administration of users, host computers residing within UWWI's Active Directory,
and other widely requested Windows services will be postponed until resources
have been allocated.
Summary
There is a central forest, with a single domain, containing all UW NetIDs:
- Use does NOT require UW Forest membership.
- Sharing resources DOES require a local domain (which will trust the central domain).
- No need for cross-realm Kerberos (aka altSecurityIdentity) to use UW NetIDs with
Windows. Shadow accounts and the confusion of not having synchronized NTLM passwords
are a thing of the past!
- UWWI is available to, and use is supported for, any UW units that wish to use it.
- You must explicitly trust UWWI to use it (domain trusts are NOT transitive).
- Passwords are synchronized in real time between UWWI and the UW
NetID system.
- Password synchronization is "one way": Password changes must be made using the existing
Change your UW NetID password
web page or other appropriate methods.
- Account creation (provisioning) is automatic and tied to UW NetID activation.
- Group
provisioning is automatic and tied to the
Groups Service. These include affiliation-based groups, e.g. students, faculty, staff,
as well as course-based groups, e.g. course_2005SUM-PSYCH101A,
course_2006AUT-MATH124A.
- A
graphical view of the plan for Windows authentication at the UW
NOTE: Unfortunately, at this time, the UW Windows Infrastructure (UWWI) service
does not allow management of the user directory objects. For more info, see
How to Use UW Windows Infrastructure for Windows Authentication.
Examples of expected uses:
- Local domain with computers:
You manage a local (departmental) Windows domain which contains computers to which
you wish to control access via interactive logon (e.g., via "control-alt-delete").
You would request a (one-way) trust with UWWI. Your users would be able to logon
using their UW NetID password. Once logged in, they can use appropriately
shared resources within your domain.
- Local domain with resources:
You manage a local (departmental) Windows domain which contains resources (file
systems, print servers) to which you wish to permit access. You would request a
(one-way) trust of with UWWI. Your users would be able to perform a network logon
to the resource(s) using their UW NetID password. The workstations
your users have would NOT need to be members of your (or, indeed, any) domain.
- Stand-alone server:
You have NO local domain, but do have a stand-alone Windows (or equivalent) server
providing shared file systems or other resources. You would not be able to share
resources using the UW Windows Infrastructure. To share resources your server(s)
must be contained within SOME domain (that trusts UWWI). You might be interested
in using Nebula services.
In the future it might be possible to organize such services under an "organizational
unit" (OU) within UWWI, but that is not a possibility at this time.
- Stand-alone Windows workstation
You have NO local domain, but manage one (or more) "stand-alone" Windows workstation(s).
You would be able to use resources made available by others (see cases #2 and 3
above) but would not be able to use the UW Windows Infrastructure directly since
you are not "sharing" any resource.