In the previous section, we looked at the basis of a
user-self-service portal. However, we focused on the theory. In this article,
we will focus on the process to implement this in production. First, let's
review again the basic components of a User Self Service platform:
Standardized Scripts - Anything repetitive should be
scripted -both to save time and ensure consistency.
Transceiver Mechanism - You will need a
method to transmit securely user's requests. In many organizations this may
already exist. For instance, anyone who is using Altiris on their servers
already has the functionality installed everywhere - and you can get tools to
use it if you purchase Altiris workflow. Other organizations may not have
this, in which case there are a plethora of options you can use dependent on
platform. ADSI for active directory gives many of the functions needed and on
the OSS side, there are multiple tools to handle remote administration. For
cross-platform, there are a number of XML-RPC based interchanges available.
Web Interface - As with above, this can depend on
platform. Altiris customers can work in the workflow environment. Windows
Domain users will want to develop code based on Active Directory authentication
and group membership. OSS will probably look to LDAP directories for this
role. The platform is irrelevant provided that it can be used to authenticate
users and perform the level of authorization you require based on directory
group membership.
Next, let's have a look at the process to implement this in
production. It is just a few easy steps
1.
Repetitive Analysis - If you find yourself doing anything on a
repetitive basis, it probably should be in a script. The more repetitive steps
it has, the more it should be scripted. Even if you never make it fully to the
level of user-self-service, simply automating this will save time. Review
tickets and time journals to see what appear to be consistent reoccurring user
requests. Take time to write the scripts to do what you want. Determine
Authorization Criteria - Of what you can offer, what do you want to offer
and how do you govern who will have access to it. Based on this, determine what
effective transceiver and directory medium you will need.
2.
Test Process - Develop a simple test process using all aspects of
your chosen user self-service method. This will show if what you have in mind
is doable.
3.
Write and test the scripts - Develop a series of scripts that
address what you found in the repetitive analysis phase. At this point, the
system administrator group is ahead of the game. The scripts being done allow
for the reduction of time doing tickets. It also allows for the introduction of
user self-service - or the hand-off of tickets to another user-facing group.
Note: In addition to covering the theory of User Self Service, later articles
in this series will also provide some of the scripts!
4.
Develop the web interconnection - based on the scripts, build the
web forms to call them and process the days. We recommend that you use
role-based page layouts to make it easy to add and remove functions for a given
role.
5.
Internal Testing - As the web page is interconnected to the
scripts, begin the process to internally test the new system.
6.
Present the portal - Show management what youÂve created and how
it should serve to decrease user waiting periods as well as to decrease the load
on the technical team.
Now, you may find some functions
that may just be policy statements or documentation - these are the easiest
items to address, as no scripting will be involved. For example - you may have
the option of "Email Documentation". For this item, your web portal may just
point to web-based documentation to show users how to configure and use their
email clients (don't forget screen-shots) - This doesn't even need a script
and it's an easy way to eliminate some user calls.
So then, what sort of scripts are
we talking about? Well, in the next article in the series, we will look at all
sorts of scripting for this. But for now, let's start with the most basic
script - account provisioning for a windows domain. This script can be used
for NT 4 or ADS domains - only minor modifications are required - see the
highlighted variables in the first section below. Also, note that this script
uses blat for emailing notifications. You can find this program at
http://www.blat.net/ . Here is the script:
Create User Account (newuser.cmd):
@echo off
::---------------------------------------------------------------------------
:: USAGE:
::
newuser {username} {First Name} {Last Name}
::---------------------------------------------------------------------------
::
:: Set
Variables
::
set
data_drive=h
set home_dir=L
set home_path=Users
set
data_server=dataserver
set pdc=pdc01
set bdc1=bdc01
set bdc2=bdc02
set mailto=ntadmins@company.com
set
totalattempts=3
::
::---------------------------------------------------------------------------
:pre
net use z:
/del
blat\blat
-install mail.company.com quota@company.com > %1.log
cls
goto start
::
:: Master
Function
::
:start
goto info
goto end
::
::
Information Collection Functions
::
:info
cls
set
attempts=%totalattempts%
:uname
echo
-----------------------------------------------------------------------------
echo Domain User Creation Script:
echo
-----------------------------------------------------------------------------
set name=
if "%1"==""
goto nouname
if "%1"==" "
goto nouname
set
attempts=%totalattempts%
:first
set fname=
if "%2"==""
goto nofirst
if "%2"==" "
goto nofirst
set
attempts=%totalattempts%
:last
set lname=
if "%3"==""
goto nolast
if "%3"==" "
goto nolast
goto add_user
goto end
:nouname
echo If you
want to create a user, you must have a user name. Try again.
set /a
attempts-=1
if %attempts%
EQU 0 goto it
goto uname
:nofirst
set /a
attempts-=1
if %attempts%
EQU 0 goto it
goto first
:nolast
set /a
attempts-=1
if %attempts%
EQU 0 goto it
goto last
:it
echo Not
getting anywhere, are we?
goto end
::
:: User
Creation Functions
::
:add_user
cls
echo
-----------------------------------------------------------------------------
echo Domain User Creation Script:
echo
-----------------------------------------------------------------------------
echo Adding
User %1:
echo [User] >
temp.txt
echo %1,%2
%3,password,Autocreated User,%home_dir%:,\\%data_server%\%1$,,homedir.bat >>
temp.txt
echo [Global]
>> temp.txt
echo [Local]
>> temp.txt
date /t >
%1.log
time /t >>
%1.log
echo Account
for %1 has been created by %USERDOMAIN%\%USERNAME%, connecting from
%COMPUTERNAME%. >> %1.log
ADD.EXE /c
temp.txt \\%pdc% >> %1.log
:: net user
%1 password /add /scriptpath:homedir.bat /fullname:"%2 %3" /comment:"Autocreated
User" /domain
net group
"autocreated" %1 /add /domain >> %1.log
:add_homedir
echo Adding
Homedir to \\%data_server%\%data_drive%:
:: net use z:
/del >> %1.log
net use z:
\\%data_server%\%data_drive%$ >> %1.log
z:
cd \%home_path%
mkdir %1
c:
:Synchronize
Domain Controllers
:: This way
the cacls can see that the domain user exists.
::
nltest /sync
/server:%bdc1% >> %1.log
nltest /sync
/server:%bdc2% >> %1.log
echo
Replicating from %pdc% to %bdc1% and %bdc2%:
sleep 25
echo Adding
%1$ share to %data_server%: %data_drive%:\%home_path%\%1
:share_homedir
rmtshare \\%data_server%\%1$=%data_drive%:\%home_path%\%1
/REMARK:"Auto Created Share" /REMOVE Everyone /GRANT %1:c /GRANT
Administrators:f >> %1.log
:secure_homedir
echo Securing
%data_server%'s Filesystem: %data_drive%:\%home_path%\%1
::echo Remove
the everyone permission to the directory
cacls z:\%home_path%\%1
/e /r Everyone /t >> %1.log
::echo Add
the User's Access
cacls z:\%home_path%\%1
/g %1:C /e /t >> %1.log
::echo Add
Admin Accesss
cacls z:\%home_path%\%1
/g Administrators:F /e /t >> %1.log
cacls z:\%home_path%\%1
/g "Domain Admins":F /e /t >> %1.log
:send_email
echo
Notifying Domain Administrator team:
blat\blat.exe
%1.log -t %mailto% -s "%USERDOMAIN%\%USERNAME% has created User %1" -base64 >>
email.log
goto end
::
:: Terminate
functions
::
:end
Cls
net use z:
/del >> %1.log
del temp.txt
>> %1.log
del email.log
>> %1.log
move %1.log
logs
::pause
![[System|Toolbox]](images/stb-logo.gif){kind=logo}
Windows