Re: Assigning user profiles based on OU

From: Mark Renoden [MSFT] (markreno_at_online.microsoft.com)
Date: 06/17/04 

Date: Fri, 18 Jun 2004 08:56:36 +1000

Hi Bill

Without testing myself, you could use "set" in a startup script assigned to
the computers via Group Policy.

I don't follow your explanation of the the requirement. Can you clarify?

Kind regards 

-- 
Mark Renoden [MSFT]
Windows Platform Support Team
Email: markreno@online.microsoft.com
Please note you'll need to strip ".online" from my email address to email 
me; I'll post a response back to the group.
This posting is provided "AS IS" with no warranties, and confers no rights.
"Arizona Bill" <ArizonaBill@discussions.microsoft.com> wrote in message 
news:52F3B7FD-EA63-419D-9AF3-86EBC567B3DE@microsoft.com...
> Mark, Thanks your assistance on this.  That could possibly work but how 
> should I set the %profileserver% environment on client boot?
>
> The main issue I have is that our CTO wants to be staff members to be able 
> to user student workstations and pull the student profile.  Having all the 
> start->program files-> and applications that a student we be able to use. 
> Student that are part of a special topic class that has designated 
> machines with specific apps only showing those specific apps on the client 
> machines.
>
> "Mark Renoden [MSFT]" wrote:
>
>> Hi Bill
>>
>> I'm pretty sure the answer is no.  I assume you want the server name to 
>> be
>> different depending on which client machine you log onto?  The only way I
>> can see you achieving this is to set the user profile path to something 
>> like
>> \\%profileserver%\users\%username% and set the %profileserver% 
>> environment
>> variable when the client boots.
>>
>> Probably a better approach is to identify which settings should be common
>> across all client machines and implement those in a GPO linked to an OU.
>> Inside that OU, create OU's for specific client machine sets and apply
>> another GPO to each of those OU's that set the unique settings for that
>> group of client machines.  If the policy settings are specific to the 
>> "User
>> Configuration" parts of the GPO's, you can use policy loopback as I
>> mentioned earlier:
>>
>> http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/grppolsc.mspx
>>
>> It's really worthwhile reading the document that I mentioned before.  If 
>> it
>> doesn't answer your questions specifically, it'll give some good 
>> practices
>> that you can then adapt to your specific scenario.
>>
>> Kind regards
>> -- 
>> Mark Renoden [MSFT]
>> Windows Platform Support Team
>> Email: markreno@online.microsoft.com
>>
>> Please note you'll need to strip ".online" from my email address to email
>> me; I'll post a response back to the group.
>>
>> This posting is provided "AS IS" with no warranties, and confers no 
>> rights.
>>
>> "Arizona Bill" <ArizonaBill@discussions.microsoft.com> wrote in message
>> news:F3B2E586-57B5-49FE-BA5A-4226CF6AB816@microsoft.com...
>> > Mark, can you tell me if this is possible?
>> >
>> > I am trying to find out information in regards to whether or not this 
>> > can
>> > be done. I am currently running an Windows 2000 active directory will 
>> > all
>> > windows xp pro sp1 clients.  I have been asked to Map User profiles to 
>> > a
>> > network drive.  Ex. z:\profile.  The problem is that I have created a 
>> > VBS
>> > script to run in the computer script section of Group Policy for the
>> > Organizational Unit where the machine resides when the machine boots 
>> > up.
>> > (MapNetworkDrive "z:", "\\server\users)
>> >
>> > The purpose of this is to map specified manditory profiles to 
>> > workstations
>> > and not the Users.  When Implemented, a user logs in and a message 
>> > window
>> > appears stating that it is unable to find the roaming profile.  When a
>> > non-profiled account logs onto the system and opens "My Computer" the
>> > mapped dirve Z:\profile is there.  When you double click on the drive 
>> > it
>> > takes you to the share.
>> >
>> > I question is:  Is it possible to map user profiles to a network drive
>> > that is mapped when the workstation authenticates to the AD network?  I
>> > don't want to make the user profile to a UNC Path name Ex.
>> > \\server\users\%username% but instead to Z:\%username%
>> >
>> >
>> > "Mark Renoden [MSFT]" wrote:
>> >
>> >> Hi Tim/Bill
>> >>
>> >> Consider designing GPO/s that include settings for the users that are
>> >> common
>> >> across all computers and then implementing the differing settings 
>> >> using
>> >> policy in the computer configuration.  Another option is policy 
>> >> loopback:
>> >>
>> >> 231287 Loopback Processing of Group Policy
>> >> http://support.microsoft.com/?id=231287
>> >>
>> >> The following document may be useful (although not specific to your
>> >> needs):
>> >>
>> >> http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/grppolsc.mspx
>> >>
>> >> Kind regards
>> >> -- 
>> >> Mark Renoden [MSFT]
>> >> Windows Platform Support Team
>> >> Email: markreno@online.microsoft.com
>> >>
>> >> Please note you'll need to strip ".online" from my email address to 
>> >> email
>> >> me; I'll post a response back to the group.
>> >>
>> >> This posting is provided "AS IS" with no warranties, and confers no
>> >> rights.
>> >>
>> >> "Arizona Bill" <Arizona Bill@discussions.microsoft.com> wrote in 
>> >> message
>> >> news:01B819AE-6ADA-46A5-9A4F-214FFD702B12@microsoft.com...
>> >> > Tim, I am also having the same issues.  I have manditory profiles 
>> >> > set
>> >> > for
>> >> > users but have mutiple computers with differ applications. If  a
>> >> > profile
>> >> > can be based on OU or mapping a profile to a drive letter which is
>> >> > mapped
>> >> > via a VBS Script based in the OU GPO.
>> >> >
>> >> > Can anyone shed any light on this issue?
>> >> >
>> >> > "Tim" wrote:
>> >> >
>> >> >> Does anyone know of a way to assign a mandatory profile
>> >> >> based on the computer that the user logs on to. We are in
>> >> >> a college setting and not all of our computers have the
>> >> >> same programs. We want to assign a standard profile to be
>> >> >> used by students but do not want dead shortcuts on the
>> >> >> desktop. We could easily create seperate profiles to be
>> >> >> used based on computer location OU, but is this possible?
>> >> >>
>> >> >> Thanks,
>> >> >> Tim
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>

Relevant Pages

  • Re: Assigning user profiles based on OU
    ... create OU's for specific client machine sets and apply ... you can use policy loopback as I ... a user logs in and a message window ... > appears stating that it is unable to find the roaming profile. ...
    (microsoft.public.win2000.group_policy)
  • Re: Cannot run program from network drive
    ... > To make this work for all computers, just add this code group under the ... but check the box that states Policy levels below this ... > permissions from the permission set associated with this code group. ... local client machine, and changes are not automatically propagated over a ...
    (microsoft.public.dotnet.security)
  • Re: Assigning user profiles based on OU
    ... Consider designing GPO/s that include settings for the users that are common ... policy in the computer configuration. ... > users but have mutiple computers with differ applications. ... > can be based on OU or mapping a profile to a drive letter which is mapped ...
    (microsoft.public.win2000.group_policy)
  • figuring out group policies
    ... Group Policies work? ... both the Default Domain Controllers Policy ... change in their profile on the computer they just logged onto. ... computers, one while setting was Enabled and one while setting was Disabled, ...
    (microsoft.public.windows.server.sbs)
  • Re: Assigning user profiles based on OU
    ... > Consider designing GPO/s that include settings for the users that are common ... > policy in the computer configuration. ... >> users but have mutiple computers with differ applications. ... >> can be based on OU or mapping a profile to a drive letter which is mapped ...
    (microsoft.public.win2000.group_policy)