Computer Setup Procedures


Windows Setup

  • If reusing an existing system, reset or wipe and re-install Windows. This not needed for a new Dell.
  • Apply a barcode sticker. Add to inventory spreadsheet.
  • Perform an Intune configuration (see Intune documentation in OneNote)
  • Intune configuration
    • Records the computer in Azure Active Directory (see Microsoft Endpoint Manager admin center)
    • Sets computer name to BIOS<system-serial-number>
    • Configures required VUMC settings
    • Installs Microsoft Office 365
    • Installs BIG-IP VPN client
    • Installs security software
  • Send appropriate email if this system is for a new department member (Windows email boilerplate)

The first user to log on to the system becomes an administrator. I don't log in before sending the system to the user. They can install any other software that they need.

macOS Setup

  1. Intune Mac: Assign a MacOS device to an Enrollment Profile (before turning on computer for first time)
  2. Intune Mac: Setup and Enrollment
  3. apply a barcode sticker.
  4. add entry to inventory spreadsheet.
  5. send introductory email to new department member - DalesNotes#Your_MacBook_has_arrived_40configured_41

Linux setup

Re-installation Note

If you are re-installing an existing user's computer, you will need to know the computer's host name. The GID/UID for this user's account is used when creating an account backup staging server.

General Install Steps

This section describes the setup steps that a general to all Ubuntu installations. There are a number of steps to be done that are specific to the user who will be using the computer. Those steps are outlined below.

Labels

If this is a new computer, get a barcode label from DalePlummer and place it on the new computer. The computer hostname should be "biostat" (e.g. biostat0000).

Install Ubuntu

Using the live CD, install Ubuntu.

  • We usually make partitions like this:
Partition sizeSorted ascending comment
/ 256 GB (approximately) (ext4) This is where all system files are placed.
/home remainder of space (ext4) user's files
swap size of memory e.g. 32 GB
  • Get a hostname from ColeBeck or DalePlummer
  • During the installation, make a user called "biostat".

Once the Ubuntu installation is complete, log on as user "biostat" and continue...

Edit the sources.list file

Edit the sources.list file to use the http://mirrors.advancedhosters.com/ubuntu/ repository. Include main/restricted/universe/multiverse.
sudo gedit /etc/apt/sources.list

Here is a sources.list files that works well. Use "bionic" for 18.04 systems and "focal" for 20.04. Note the addition of the R materials.
deb http://mirrors.advancedhosters.com/ubuntu/ focal main restricted universe multiverse
deb http://mirrors.advancedhosters.com/ubuntu/ focal-updates main restricted universe multiverse
deb http://mirrors.advancedhosters.com/ubuntu/ focal-backports main restricted universe multiverse
deb-src http://mirrors.advancedhosters.com/ubuntu/ focal main restricted universe multiverse
deb-src http://mirrors.advancedhosters.com/ubuntu/ focal-updates main restricted universe multiverse
deb-src http://mirrors.advancedhosters.com/ubuntu/ focal-backports main restricted universe multiverse

deb http://mirrors.advancedhosters.com/ubuntu/ focal-security main restricted universe multiverse
deb-src http://mirrors.advancedhosters.com/ubuntu/ focal-security main restricted universe multiverse

deb https://cloud.r-project.org/bin/linux/ubuntu focal-cran40/

Then run these commands to get the key for the R repository:

gpg --keyserver keyserver.ubuntu.com --recv-key 51716619E084DAB9
gpg -a --export 51716619E084DAB9 | sudo apt-key add -

Then...

sudo apt update
sudo apt dist-upgrade

And maybe a reboot...
sudo reboot

Install packages

Install a few other things that we want.
sudo apt install gnumeric abiword pidgin samba ntp ssh cifs-utils sshfs nfs-kernel-server nfs-common remmina compizconfig-settings-manager vim r-base-core r-base-dev r-base-html r-doc-pdf r-recommended exim4 htop emacs texlive-base texlive-latex-recommended texlive-latex-extra libjpeg62 libappindicator1 libindicator7 lockfile-progs

Download (http://www.rstudio.com/) and install RStudio ( sudo dpkg -i Downloads/rstudio-0.98.953-amd64.deb ) Also, download (https://www.google.com/chrome/browser/) and install Google Chrome ( sudo dpkg -i Downloads/google-chrome-stable_current_amd64.deb )

Disallow ssh root logins

Edit /etc/ssh/sshd_config and set PermitRootLogin to no
sudo gedit /etc/ssh/sshd_config

Set up printers

See Printer hostnames for the names and other information about our printers. (Instructions for installing printers on Windows and Macintosh are in the FAQ topic (see the "How_to_install_printers..." section))

  • get printer definition files
cd /usr/share/cups/drv
sudo wget http://biostat.app.vumc.org/wiki/pub/Main/UbuntuSetup/hp-color_laserjet_m651-ps.ppd
sudo wget http://biostat.app.vumc.org/wiki/pub/Main/UbuntuSetup/hp-color_laserjet_m553-ps.ppd
sudo wget http://biostat.app.vumc.org/wiki/pub/Main/UbuntuSetup/xrx6360dn.ppd

  • set up printers using the command line (biostatcolor1, biostatcolor2, and biostatcolor3 for regular users; biostatcolor4 is for administrators). The network addresses for the printers can be deduced from the commands below (following "socket://") or found at Main.PrinterHostnames.
sudo lpadmin -p 00_biostatcolor1 -L "biostatistics" -D "HP Color LaserJet M651" -P /usr/share/cups/drv/hp-color_laserjet_m651-ps.ppd -v socket://biostatcolor1.dhcp.mc.vanderbilt.edu:9100/ -E

sudo lpadmin -p 00_biostatcolor2 -L "biostatistics" -D "HP Color LaserJet M651" -P /usr/share/cups/drv/hp-color_laserjet_m651-ps.ppd -v socket://biostatcolor2.dhcp.mc.vanderbilt.edu:9100/ -E

sudo lpadmin -p 00_biostatcolor3 -L "biostatistics" -D "HP Color LaserJet M651" -P /usr/share/cups/drv/hp-color_laserjet_m651-ps.ppd -v socket://biostatcolor3.dhcp.mc.vanderbilt.edu:9100/ -E

sudo lpadmin -p 00_biostatcolor4 -L "biostatistics" -D "HP Color LaserJet M651" -P /usr/share/cups/drv/hp-color_laserjet_m651-ps.ppd -v socket://biostatcolor4.dhcp.mc.vanderbilt.edu:9100/ -E

sudo lpadmin -p 00_biostatcolor7 -L "biostatistics" -D "HP Color LaserJet M553" -P /usr/share/cups/drv/hp-color_laserjet_m553-ps.ppd -v socket://biostatcolor7.dhcp.mc.vanderbilt.edu:9100/ -E

Mount directory for administrative scripts

Create a mount point for the administrative scripts.
sudo mkdir -p  /biostat/cvs/admin

Add the following line to /etc/fstab

biostat1553.emp.vumc.io:/home/cvs/admin /biostat/cvs/admin nfs nfsvers=3,rsize=8192,wsize=8192,timeo=14,intr 0 0
...and mount the administrative folder
sudo mount /biostat/cvs/admin

Exim4

This setup allows the workstation to send emails, i.e. from the root account and from user cron jobs. This setup is orthogonal to the VUMCid user's email setup.

It works by having exim send all outgoing emails to the smarthost biostat.app.vumc.org. This will only work if the following steps are performed, and if the workstation IP address resolves to biostat?.dhcp.mc.vanderbilt.edu, where ? is replaced with the appropriate number.

Assuming exim v4...
sudo cp /biostat/cvs/admin/etc/update-exim4.conf.conf /etc/exim4/update-exim4.conf.conf
sudo /usr/sbin/update-exim4.conf
sudo cp /biostat/cvs/admin/etc/mailname /etc/mailname
Then edit /etc/aliases and add the following line root: biostat-it@list.vumc.org

Restart exim
sudo /etc/init.d/exim4 restart

You can test that it works by running something like this:
  • /biostat/cvs/admin/bin/mail-wrapper your.eamail.address@vumc.org ls -lh /tmp
This will email the output of 'ls -lh /tmp' to the biostat it mailing list.

Install the Tenable Nessus End Point Protection Agent

Installation steps that are user specific

Before configuring a new computer, please read NewEmployeeInfoSysProcedures.

Create an account and location for backup on the biostat1553 server (backup staging server)

  • Create the user on the biostat1553.emp.vumc.io server (for backup services). If this is a reinstall or new computer for an existing user, record the UID and GID from the old system. See Transition to new backup server for additional detail.
sudo adduser VUMCid
  • Note the UID and GID that are generated when the biostat1553 account is created. We will use these values when setting up the user account on the workstation.
  • edit /etc/passwd and change "/bin/bash" to be "/bin/false" for the user just created
  • Make the user's backup directory: /home/wsbu/backup/VUMCid

Make a user account on the workstation (if not reinstalling)

Be sure to use the GID and UID that you recorded earlier. See NewEmployeeInfoSysProcedures

sudo addgroup --gid [GID] [VUMCid]
sudo useradd --create-home --shell "/bin/bash" --groups cdrom,audio,video,plugdev,lpadmin,adm,sudo --uid [UID] --gid [GID] [VUMCid] && sudo passwd [VUMCid]

Workstation Backups

  • Create the directory /biostat/backup/VUMCid (make sure to change "VUMCid" to real value)
sudo mkdir -p /biostat/backup/VUMCid

  • Add the following line to /etc/fstab:
biostat1553.emp.vumc.io:/home/wsbu/VUMCid /biostat/backup/VUMCid nfs nfsvers=3,rsize=8192,wsize=8192,timeo=14,intr 0 0

  • If you are restoring a backup because of a machine replacement or reimaging then use rsync. When logged on the the user's account, a command like this will work:
cd /biostat/backup
rsync -av VUMCid /home

  • Add the following cron entry to the VUMCid's crontab and choose a suitable value for X and Y ( crontab -e). The command is sudo crontab -u VUMCid -e
mm hh  * * * /biostat/cvs/admin/sbin/run-user-cron
  • If there's problems mounting those entries, try running exportfs -a on the server, either biostat or biostat1553. It seems to clear up the nfs export entries.

Samba (optional)

  • Set up Samba. To allow user to mount their /home/VUMCid directory from elsewhere, add this paragraph to then end of their /etc/samba/smb.conf file. Change "VUMCid" as appropriate.
[VUMCid]
    comment = Samba on Ubuntu
    path = /home/VUMCid
    read only = no
    browsable = yes
  • Create a Samba ID: sudo smbpasswd -a VUMCid
  • Restart the Samba service: sudo service smbd restart

Send introductory email to new department member (DalesNotes#Your_Linux_desktop_is_ready)

Topic revision: r2 - 21 Feb 2023, DalePlummer
 

This site is powered by FoswikiCopyright © 2013-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Vanderbilt Biostatistics Wiki? Send feedback