Background

Magic Insurance, Inc., an international company, decided to migrate their entire desktop environment from Windows NT to the Gnome desktop of the Java Desktop System (JDS). The company also wanted to switch their primary word processor from Microsoft Word to StarOffice Writer and their primary browser application from Internet Explorer to Mozilla.

John, the IT administrator for the company, oversees the task of making the migration as easy as possible. John decides to use the Configuration Manager provided by JDS to help him with the migration. As a first step, he examines the three company issues that he needs to address with the Configuration Manager:

• Prevent employees of the Customer Care Center (CCC) from launching computer games, at the request of the manager of this department.

• Provide different configuration settings for the "Experts" and "Novice Users" subdivisions of each department. These subdivisions contain experienced employees and new employees, respectively.

• Provide a solution for employees in the Company Services Center (CSC) who frequently travel to different department locations around the world.

Scenario 1 — Preventing the Launch of an Application

John wants to prevent CCC employees from launching computer games.

Locking Application Functionality

The names of the employees who work in the CCC department are listed in the CCC organization on the LDAP tree for the company in the Configuration Manager. John decides to use the "Restrict Application Launching" feature in Gnome to remove all of the games from the "Allowed Applications" list.

Since the employees could overrule this setting on their client machines, John protects the setting at the CCC organization. As a result, this setting is rendered read-only for all members of the CCC organization.

Steps

1. In the Navigation pane, click the Users tab, and locate Customer Care Center CCC in the organization tree.

2. In the "Actions" column, click the View link next to Customer Care Center CCC.

3. In the Content pane, click the Policies tab, and navigate to Gnome 2.6 > Lockdown.

4. Select the Restrict check box next Application Launching.

5. Select the paths corresponding to the games from the list next to Allowed Applications, and then click Delete.

6. Select the Allowed Applications and Application Launching check boxes.

7. In the Policy Actions drop-down list at the top of the “Lockdown options” column, select Protect.

8. Click Save.

Scenario 2 — Managing Dispersed Profiles

You want to provide different configuration settings for the "Experts" and "Novice Users" subdivisions of each department.

Creating and Configuring New Policy Groups

John decides to create two policy groups called "Novice" and "Expert". He then configures the settings for each policy group and assigns each group to the appropriate subdivisions. This way, if he later makes a change in one policy group, the change is automatically applied to all of the subdivisions that the policy groups are assigned to. John can also remove the policy groups from the subdivisions.

The three features that John needs to disable for novice users are the Configure and the Options submenu of the Tools menu as well as the ability to execute macros in StarOffice.

See the appendix of the StarOffice 7 Administration Guide for a complete list of the available commands.

Before You Begin

The following steps describe how to configure the settings for the "Novice" policy group.

Steps

1. In the Navigation pane, click the Users tab, and then click Policy Repository.

2. In the Policy Group Actions drop-down list, select New.

3. Type Novice in the text field, and then click OK.

4. In the Content pane, navigate to Policies > StarOffice 7 > StarOffice > Security.

5. In Run Macro policy row, and then select Never from the Value list box.

6. Click Save.

7. Navigate to Policies > StarOffice 7 > Advanced > Disable Commands

8. In the CommandList table, click New.

9. Type ConfigureDialog in the text box, and then click OK.

10. In the CommandList table, click New.

11. Type OptionsTreeDialog in the text box, click OK, then click Save in the Content pane.

12. In the Navigation pane, select Organization Tree and locate the Novice Users.

13. In the "Actions" column next to the Novice Users organization, click View.

14. In the Content pane, click the Policy Groups tab, click Novice, and then click Add.

15. Click Save.

16. Repeat steps 12 to 15 for each subdivision of "Novice Users" that you want to add the "Novice" policy group to.

Configuring Settings for “Expert” Policy Groups

Steps

1. In the Navigation pane, click the Users tab, and then click Policy Repository.

2. In the Policy Group Actions list box, select New.

3. Type Experts in the text box, and then click OK.

   ---

   Note –

   Because expert settings are the default, only these three steps are necessary.

   ---

Scenario 3 — Providing a Solution for Roaming Users

You want to provide different proxy settings for the Mozilla browser that are dependent on the host where a user logs in. For example, a browser that is running on a host in North America needs a different proxy setting than a browser that is running on a host in Europe.

Changing the Proxy Settings

In this scenario, the personal settings for Mozilla are stored according to username, and the host-specific settings are stored as an IP-based configuration. Both are stored on a central LDAP server. Furthermore, the LDAP tree already contains the "North America" and the "Europe" domains with the corresponding hosts as members of these domains. John decides that the best solution is to change the proxy setting for Mozilla in these two domains according to the host that is used.

Steps

1. In the Navigation pane, click the Hosts tab, and then locate North America in the domain tree.

2. In the "Actions" column next to the North America domain, click View.

3. In the Content pane, navigate to Policies > Mozilla 1.7 > Advanced > Proxy.

4. In the "Value" column of the Use System Proxy Settings row, deselect the Enable check box.

5. In the "Value" column of the Configure Proxies to Access the Internet row, select the Manual Proxy Configuration option.

6. In the "Value" column of the HTTP Proxy row, type proxy.NorthAmerica.com in the text field.

7. In the "Value" column of the HTTP Port row, type 8080 in the text field.

8. Click Save.

9. Repeat steps 1 to 8 for the "Europe" domain using the proxy name proxy.Europe.com and the HTTP port 9090.

   ---

   Note –

   If John wanted to, he could also prevent the proxy settings from being changed by users by protecting them.

   ---