Andrew Windows is the term given to a PC that is configured as a member of the campus’s Microsoft domain called “andrew.ad.cmu.edu”. A Microsoft domain is a group of computers that can be managed collectively, such as sharing accounts and deploying and updating software in an automated way. Andrew Windows PCs are sometimes also referred to as “domain-member PCs”, “managed PCs”, “Active Directory PCs”, and “Orpheus PCs”.
Andrew Windows PCs have three login fields: User name, Password, and a “Log on to” field. If the third field doesn’t appear, click the Options button. The “Log on to” field allows you to specify whether you’re using a “local” account or a “network” account.
Local accounts are those that exist only on that computer. Although a local account might have been created on a particular computer with the same user name and password as your Andrew account (ie: the one you use for reading email), they’re actually separate accounts- changing the password on one will not automatically change the password on the other. Also, changing a local account password on one computer will not change the local account password on any other computers.
Network accounts are stored on a central server. Using
network accounts enables centralized account management- accounts don’t have to
be created separately on every desktop computer, and a changed password is
effective from all computers. Andrew Windows PCs can use your Andrew
account as well as accounts in a few separate campus Microsoft domains, which
you will see listed in the “Log on to” pulldown menu. One of those Microsoft domains
is called ‘Andrew’, which although named the same, is not for your Andrew
account. Your Andrew account is part of the non-Microsoft domain called “andrew.cmu.edu”.
Andrew Windows PCs have modified logon software which recognizes this
non-Microsoft domain and displays it as “andrew.cmu.edu (Kerberos Realm)”.
Use the pulldown arrow to set the “Log on to” field to “Andrew.cmu.edu (Kerberos Realm)”. Enter your Andrew ID in the User name field and your Andrew password (ie: the one you use for email) in the Password field. For example:
Most Andrew Windows machines are configured to allow any valid Andrew ID to log in, but can be configured to restrict access to only certain Andrew IDs. Each user gets its own Desktop folder and My Documents folder, and does not have access to other people’s folders.
By default all Andrew ID accounts are ‘limited access’ accounts that do not have access to install new software or change operating system settings. This is a very powerful way to protect the machine from spyware and viruses. For more information, see the ‘Preventing Spyware’ link at http://support.chem.cmu.edu.
Every computer has a local account called ‘administrator’.
For many departmental machines, this password is set and used only by the
departmental computer administrator, and a separate local account called ‘admin’
has been created for use by the machine’s owner. By default this account
has no password.
Use the pulldown arrow to set the “Log on to” field to the setting has the name
of the computer with the text “(this computer)” at the end. Enter ‘admin’
as the User name and leave the Password field blank. For example:
In Windows XP, accounts with blank passwords can not be used remotely. Ie: there’s no risk of someone hacking into your computer using an account with a blank password. However, someone could still log in at the actual keyboard, so it’s recommended that you create a password for all accounts. For guidance on selecting a secure password, see http://www.cmu.edu/computing/documentation/faq_secure/SecurityFAQ.html#choose
Computing Services provides 1GB of secure PC storage space for every Andrew account, called MyFiles. Andrew Windows machines are configured to map the drive W: to this space. Other users do not have access to your space, and the space can be accessed from any PC, including non-Andrew Windows PCs. For more information on MyFiles, see http://www.cmu.edu/computing/documentation/faq_roaming/faq_roaming.html