New User Orientation

Welcome to the Computer Science Department. The following information will help you get the most out of your account here in CS, whether you use UNIX or Windows. When in doubt, you can find answers to most of your questions on this wiki, or in the FAQs.

If you have not read the acceptable use policy for the IMSS cluster, you should do so, the policies are here. If you have a newly created CS account, the account's temporary password is expired. You have a grace period of 7 days to log in and change your password. If you do not log in within 7 days (or you forget your temporary password, or you change your password and forget your new password) your account will be locked, and you will need to see the CS Systems Administrators in person to get your account unlocked. Our office(s) are on the first floor of Annenberg, you should call ahead to make sure that we're in the office:

* David Leblanc - 112 Annenberg, on campus extension  2402
* Pat Cahalan - 112 Annenberg, on campus extension 3290

For instructions on changing your password, see the FAQ, "How do I change my password?"

Please note that your CS account is a finite resource. We are simply unable to allow indefinite access to CS resources for 200+ people every school year; the numbers do not scale. For a rundown on the CS account policy, including password expiration events and account culling, see the FAQ, "What is the account policy?".

The basic services that most CS users will be interested in are:

* Email
* File Storage
* Print Services
* Unix Accounts
* Windows Domain Accounts


CS runs an IMAP server,, for receiving mail and an SMTP server, for sending mail. Both servers support TLS. If you wish to access CS mail remotely (from some network other than the local wired network in Annenberg), your client MUST be configured to use TLS encryption - the mail server will not accept unencrypted sessions.

CS mail service assumes that your CS email address (username AT cs dot caltech dot edu) is the end-point destination for your mail. If you do not intend to read your mail on the CS cluster, you need to forward your CS email to whatever destination address you use to typically read mail, whether that be your email address, your address, etc. If you don't forward your CS email, you won't get important department announcements such as building closures, lab closures, scheduled cluster outages, or your password expiration warnings. See ?Email for more information on forwarding your CS email.

To arrange a mail forward, you need to create a file called


in your CMS home directory. To do this, you will need to be familiar with a command-line text editor such as VI. Log into a CMS workstation in the lab, or log into "" remotely via ssh, and at a command prompt type:

vi .forward

VI will launch. Hit the "I" key to switch to "edit" mode, and type the destination email address for your mail forward, e.g.:

Then hit the "Esc" key to exit editing mode, and then


To write the file. You should then exit to the command prompt. Test your email forward by sending yourself an email, and ensure that it winds up at your destination address.

File Storage

If you are using a UNIX account, your home directory is an NFS mount point. You should have no local files on any machine that you log into. Everything in your home directory is backed up on an hourly/daily/weekly/monthly basis. For more information on NFS, the filer, and quota structures, see the ?Storage section of the wiki.

If you are using a Windows account, files in your profile are backed up. For more information on which files are located in your profile, read the "Your Profile" section of the Microsoft Windows Domain chapter below.

The default quota structure is as follows: undergraduates have a 256 MB quota, unless they are taking a specific class that requires them to have a larger quota. Research group members have a group-defined quota that varies according to the individual research group - check with your group if you have questions about your quota.

Print Services

If you are logged in to a supported CS Linux workstation, your printers are automatically mapped from the domain settings. If you're a staff member or a faculty member, your default printer is in 305 Ann. If you're an undergrad or grad student, your default printer is in 104 Ann. If you are logged into a supported CS Windows workstation, your printers are available via the Printers Control panel. If you are a visitor, or running a self-administered machine, you can print directly to the printers via IP, see the FAQ, "How do I directly connect to the printers?"

Unix Accounts

CS UNIX machines have no local password file. All accounts are stored in a central directory, which uses an SSL connection to authenticate logins to the various hosts in the department. There are essentially three classes of UNIX machines - servers, classroom machines (machines in 104), and lab machines (individually owned machines in offices and/or machines owned by a research group).

The servers are for infrastructure use only, with the exceptions of the remote login server ( - see below). Your particular CS course may be assigned one or more remote access machines if remote access was required by your instructor, speak to your instructor for the name of the machine(s) to connect to for remote usage.

The machines in 104 Ann are general purpose machines, and can only be used by students actively at the console. We do not allow remote connections to the 104 lab machines.

Lab machines are assigned to specific individuals or groups.

Finally, for remote logins (to read mail or manipulate your files via the shell), use ssh to connect to

Windows Accounts

The Computer Science active directory domain is (referred to hereafter under the old style WINS name CS-AD). If you have a CS-AD account, you can log into any of the public machines in Annenberg using your CS-AD account, including the machines in the 104 lab, and any of the research group lab machines you may have access to.

Unless specifically requested and authorized by an approved faculty member, your account does not have local administrator privileges on any machines in the domain. If you require elevated privileges to run some specific code (note - this is unlikely), contact

If you have your own personal computer and it is not a part of the domain, you can access CS-AD resources using your credentials (more on this later), but you are expected to conform to the best practices for Windows as outlined later in this document.

Your Profile

The first time you log into a machine using your domain account, a roaming profile will be created for you. This windows-specific profile is stored on the filer here in CS, as a subdirectory of your UNIX home directory, and is automatically synchronized to your local machine when you log into/out of the domain. All information that is stored in this profile is backed up on the server side on an hourly/daily/weekly schedule. Note - changes to your profile are only replicated to the server when you LOG OFF of the machine. Therefore, changes are also only backed up when you log off of the machine. Make sure you log off every night!


Q. What's included in the profile?

A. The profile includes all of the subfolders of c:\Documents and Settings\, except the hidden folder "Local Settings".

This includes everything you store in your My Documents folder, your Internet Explorer Favorites and Cookies, your History folder, your Start Menu settings, and your Desktop settings and files.

It does NOT include the data files for Microsoft Outlook and/or Outlook Express (which are stored in the "Local Settings" folder) or data files for any Windows program that does not by default store data in "My Documents". This includes, but is not limited to, Eudora local folders, Netscape local folders (mail), cookies and bookmarks (browser), Mozilla, most Adobe products, most freeware/shareware products, and other non-Microsoft applications.

If you are using a non-Microsoft application, make sure you save your data files to "My Documents", instead of the program directory for the application. Domain Policies

In addition, any Windows machine that connects to CS resources is expected to adhere to the following standards:

  • should have installed all of the latest security patches and updates from the windows update site
  • should have automatic updates configured to download and install the latest updates daily.
  • should have installed all of the latest security patches from the office update site, if running Microsoft Office
  • should have installed and running the latest updated version of Norton Anti-Virus (\\software_repository\Norton_Corp)
  • should have a non-trivial local Administrator account
  • if not a member of the domain, should have domain-style minimum password requirements, namely:
    • 8 characters minimum
    • not contain multiple repeat characters
    • not be based on a dictionary (english or otherwise) word
    • mix of three of the four following types of charaters:
    • uppercase letters
    • lowercase letters
    • numbers
    • special characters (%, $, {, ?, etc)
    • password life of no more than 6 months
    • should have no local file shares set up
    • should have the audit log enabled

Given the wild spread of computer viruses targeting Microsoft Windows systems, and the lack of network-based security on the Caltech campus, failure to follow the above basic policies leaves your machine open to several forms of attack, any of which can affect other users not only in the Caltech domain, but all across campus.