Case Study: West London High School seeks full control over their IT system by migrating from a managed network solution to the Microsoft technology stack.

Project Overview

A vibrant West London secondary school were eager to move away from their managed network solution. The aim was to take back control and gain more visibility and flexibility over their IT estate. M-Tech worked closely with them from summer 2018 into the new academic year to support them on their transition to the Microsoft suite.

The Challenges

• The school were looking to regain control by moving away from their incumbent managed network solution for education.
• The existing domain was running legacy Windows Server 2008 and in need of upgrading before the looming end-of-life support date.
• The school were looking to change their device management system from their existing network management solution for education to Microsoft’s Group Policy.
• All workstations needed to be upgraded from Windows 7 to Windows 10 to enable the latest features and security architecture.
• Citrix had been used to deliver a full desktop to the onsite thin clients and enable remote access. In line with moving to away from the incumbent managed solution, an alternative was required.
• The high school needed a new tool for image and application deployment.
• The school were using more Office 365 services, they were keen to explore the single-sign-on feature.

The Project in Detail

Domain Upgrade and Group Policy

The first step of the project was to upgrade the domain to enable the school to manage their Windows 10 devices with Group Policy. M-Tech upgraded the legacy Windows Server 2008 to the latest Windows Server 2016; two domain controllers were created on the existing VMWare environment, both as fully functioning DNS servers.

The most up to date hardware from Microsoft features significant and impressive upgrades. The school now benefit from new layers of security, secure virtualisation, built-in software-defined datacentre capabilities, container technology and Azure-inspired infrastructure.

As the chosen method for managing all Windows-based devices (Servers, Workstations and Thin Clients), Group Policy was configured to provide settings for:

• Lockdown
• Folder Redirection
• Drive Mappings
• Shortcuts
• Printers
• Power
• Wireless

To ensure GDPR compliance, Group Policy was also set up to block all USB sticks on devices so data can’t be taken off-site and to minimise the risk of a malware attack being brought on to the network from a removable device.

System Centre Configuration Manager (SCCM) and Device Upgrades

All school devices were due to be migrated to Windows 10 to ensure the latest security features were in place. Windows System Centre Configuration Manager (SCCM) was chosen to manage all workstation image deployment and application deployment. This also streamlines the migration and enables future management of all devices. The SCCM agent is installed at the time of imaging, allowing it to talk back to the server and inventory the devices, as well as install apps.

As well as image and application management, SCCM benefits IT administrators by giving them full access to manage and monitor device power consumption, remotely control all devices, collect application consumption information, centrally control all updates for servers and desktops and manage multiple-sites and hierarchies.

Enabling Remote Access

Citrix had been an integral part of the previous management solution, therefore an alternative form of remote access was required for the school. A new Remote Desktop Services (RDS) 2016 was set up to be used onsite by thin clients and for general remote access from external locations; to access their full desktop, users simply log in. The environment consists of an RDS gateway server and five RDS session hosts.

Operating in this way allows the IT team to manage the hosts, they can shadow a user’s session in the event of an issue, send users on-screen messages and log users off. This is a useful tool for troubleshooting.

Single Sign-On

The high school were successfully expanding their usage of Office 365. As their users were logging in to more apps, they were keen to roll out the single sign-on capabilities. M-Tech installed and configured Azure AD Connect to facilitate this. Single sign-on allows a user to instantly be connected to other applications by logging in to a single application.

Single sign-on reduces reliance on IT support, boosts productivity and improves security. By only having the one password to remember, users are less likely to either forget it or feel the need to write it down. This results in fewer delays to their work or learning and reducing compromise to their account.

The End Result

The London secondary school now have the independence and freedom to manage their IT estate via their own internal IT team. They have full visibility of all devices and are able to remotely manage and monitor the whole suite.

The school is much less vulnerable to security breaches following upgrades to the latest versions of the Domain and device Operating Systems. Additionally, Group Policy has allowed much more granular control over the users without compromising their user experience.

Productivity has increased for staff and students due to single sign-on within Office 365. The IT team have also gained time back to focus on strategic, long-term projects.

—

Visit our dedicated Case Studies page to view more of the projects we’ve worked on recently.