LSRS lab setup

/in /by

Adding a lab and its users to LSRS

Create File Share Group and user in lsrs.ucla.edu AD

  1. In “File Sharing Group” OU create “PILastName Lab” Security group. Ex. “Clark Lab”
  2. Make the group a member of the “LSRS Share Group”. Ex. “Clark Lab” is a member of “LSRS Share Group” group.
  3. Create user objects in “Lab Users” OU. User name to be the same as their UCLA Logon ID. Ex. “clarka”
  4. Add user objects to their appropriate lab “File Sharing Group”. Ex. “clarka” is a member of “Clark Lab” group.

Creating the local lab directory/Simple Volume on rad0.lsrs.ucla.edu

  1. On rad0.lsrs.ucla.edu in “Disk Management” create “New Simple Volume…”
  2. On “Assign Drive Letter or Path” screen choose “Mount in the following empty NTFS folder:”
  3. Select “Browse…” -> “E:\” -> “Labs”
  4. Select “New Folder…” ->”PILastName” Ex. Clark
  5. Select “Next” and in “Format Partition” screen input “PILastName in “Volume label:” field. Ex. Clark
  6. Select “Next” -> “Finish”

Assigning NTFC permission on the new “Simple Volume”

  1. On rad0.lsrs.ucla.edu in “Disk Management”, right-click and select “Properties”
  2. Select “Security” tab -> “Advanced”
  3. Remove the following Principals: Everyone and Users (will be two ACLs)
  4.  Add the following Principals:
    1. “PIUCLA Logon” Ex. clarka with the following ACL
      1. Allow, This folder, subfolders, and files, “Modify” permissions
    2. “Domain Users” group with the following ALC
      1. Allow, This folder only, and “Traverse” permissions

Setting NTFS permissions on Lab drive/folder

  1. Right click on the E:\Labs\”PILastName” folder and select “Properties…” Ex. e:\Labs\Clark
  2.  Select the “Security” tab -> “Advanced” button.
  3. In “Advanced Security Settings for PILastName” window click “Add”.
  4. Click “Select a principal” link and add the “PILastName Lab”. Ex. “Clark Lab” with the following ALC
    1. Allow, This folder only, and “Traverse” permissions

Creating the shared “Lab” folder

  1. On rad0.lsrs.ucla.edu create user folder E:\Labs\”PILastName”\Lab. Ex. E:\Labs\Clark\Lab
  2. Right click on the “Lab” folder and select “Properties…”
  3.  Select the “Security” tab -> “Advanced” button.
  4. In “Advanced Security Settings for Lab” window click “Add”.
  5. Click “Select a principal” link and add the “PILastName Lab”. Ex. “Clark Lab” with the following ALC
    1. Allow, This folder only, and “Traverse” permissions

Creating the “user” (non PI) folder

  1. On rad0.lsrs.ucla.edu create user folder E:\Labs\”PILastName”\”UCLA Logon”. Ex. E:\Labs\Clark\timhunt
  2. Right click on the “UCLA Logon” folder and select “Properties…”
  3.  Select the “Security” tab -> “Advanced” button.
  4. In “Advanced Security Settings for UCLALogon” window click “Add”.
  5. Click “Select a principal” link and add the “UCLA Logon”. Ex. “timhunt”with the following ALC
    1. Allow, This folder, subfolders, and files, “Modify” permissions

Creating the PI “user” folder

  1. On rad0.lsrs.ucla.edu create user folder E:\Labs\”PILastName”\”UCLA Logon”. Ex. E:\Labs\Clark\clarka
    1. They will (and only they) will get permissions for the folder via inheritance at the “Simple Volume” level

Create “Share point” (“New Folder…”) in the DFS Namespace and setting DFS viewing permissions. Note: this needs to be done with a users that sufficient “Share Permissions”. Ex. lssacsc@lsrs.ucla.edu

  1. In the “DSF Management” tool create the lab folder in the following location:
    1. DFS Management -> Namespaces -> \\lsrs.ucla.edu\Labs
      1. Right click ” ” and select “New Folder…”
      2. In the “Name:” field input “PILastName” Ex. Lin
      3. In “Folder targets:” box click “Add…” and input location of the local lab directory. Ex. \\rad0.lsrs.ucla.edu\Lab\Lin
      4. Right click the folder and select “Properties…”
        1. Select the “Advanced” tab and check the “Set explicit view permission on the DFS folder”.
        2. Click “Configure view permissions” and “Add” the “PILastName Lab” group to have “Read”. Ex. “Lin Lab”