The UW Forest

The UW forest is a service offered by UW Technology to provide central support for basic forest services (global catalog servers, schema management, and limited enterprise admin responsibilities). UW departments can no longer join the UW forest service, and eventually this service will be replaced by the UW Windows Infrastructure service. Departments are welcome to run their own independent forest. Departments currently in the UW forest are encouraged to migrate out of it. UW Technology has migrated out most of its domains out of the UW forest, and a blueprint for migrating out of the UW forest exists based on that experience.

Within the UW forest, a special domain called the labs domain was created that held a subset of UWNetIDs. This domain was provided by UW Technology as a service to EPLT (now known as Catalyst) for use in the centrally-provided general purpose computing labs for Windows authentication purposes. Because the labs service was only intended for use by a single client no domain trusts were permitted to it. However, some members of the UW forest took (unsupported) advantage of it's existence to leverage their Windows-based services. This service is replaced by the UW Windows Infrastructure (UWWI). EPLT has embraced UWWI as a replacement, and the labs service has an end of life date of July 2007. We strongly encourage UW Forest members who are relying on the labs domain to move to using the UW Windows Infrastructure instead.

The costs and risks of joining the UW forest are:

• Increased vulnerability to exploit described in the MS02-001 bulletin

• Must follow Domain and Domain Controller Policy

• Can't run Exchange 2000 or 2003

Resources

• Domain and Domain Controller Policy
• Required Group Policy settings
• UW Forest automated scripts
• UW Forest Stats
• Diagnosing domain controller issues

Meeting Minutes

• 10/4/2002
• 2/5/2003
• 9/17/2003
• 12/13/2006
  • UW Windows Infrastructure - Brian Arkills (PowerPoint)