Re: Default Administrator account as roaming profile?

As you suggested, I've been looking on other forums and sites regarding
Windows Home Server, and although it's a hot topic, the general/official
concensus appears to be as you described: neither a domain controller, nor
able to join one. I also learnt that it is a "subset" (which I assume means a
smaller version) of MS Small Business Server, which, again, you also
suggested! Naturally, I looked into that, and learnt that 2008 will be
released in November. I don't know if you can shed any light on that version,
or whether it will still backup client data in the same way as Windows Home
Server?

Also, I take it SBS 2008 will still work fine with HP MediaSmart Server? And
is it installed on the server or on each client - like WHS?

Back to the issue of folder redirection: is it possible to redirect various
directories from multiple PCs to one directory? And if so, what is the
process when a directory or file have the same name? I'm thinking primarily
about redirecting the Shared Documents paths of each PC to one 'merged' tree
on the server.

Finally, assuming everything discussed is set up, and I decided roaming
profiles were for me, would it be possible to 'merge' default Administrator
accounts from PCs on the workgroup/LAN? If so, how? If not, what is usually
done with default accounts when a roaming Administrator account is set up?

Thanks, by the way, for all this help!

"Lanwench [MVP - Exchange]" wrote:

daztrue <daztrue@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I'm not sure what you mean by "set up a lab (either physical or
virtual) and download an eval of Windows server". Can you explain?

I'm not sure what's unclear, sorry. A lab is a test network. Physical means
you have a bunch of machines on this test network. Virtual means you use
virtualization software, such as VMWare or MS Virtual Server or
....Workstation. Eval is evaluation. Does that help to clarify?

You also mentioned that I can't use Windows Home Server, which is
what I envisioned getting. What's the problem there?

As far as I'm aware, Windows Home Server can't be used as a domain
controller. I don't use it, though. You'd want to look up documentation or
post in a server group for that.

Finally, you stressed folder direction (which I've also been looking
into) for all data, which I wasn't planning.

If you really do use roaming profiles you must use folder redirection, or it
will barf at some point.

My main intention for a
home server (HP MediaSmart) is to redirect shared files to be
available across the home network so other PCs won't need to be on,
and as a backup resource.

That sounds fine.

However, your emphasis on tiny profiles
makes me wonder whether roaming profiles are practical for my
intended setup.

No, and not possible, as far as I know. Nor are they necessary.

Other than wanting to control everything from one profile, I want to
be able to configure/set policies for individual accounts/groups,
which I'm lead to believe can only be done with AD.

Yes, that's correct.


An important point is that I'm also intending to upgrade to Vista
Ultimate. There must be some way I can do this?

I don't use or support Vista, but I know Vista Business can join a domain.
Don't know about Ultimate.

Good luck ;)

"Lanwench [MVP - Exchange]" wrote:

daztrue <daztrue@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
My instant reaction was "What's AD?", but from a combination of
another forum discussion and the help file I'm guessing yo're
referring to Active Directory?

Yes.


I certainly don't have roaming profiles at the moment as I have no
server,

OK.

but am on the verge of getting one. I've been studying about
Group Policy but need to familiarise myself more with the setting up
of OUs, domain and Active Directory. Plus, of course, my original
question. If you can help that'd be great!

I suggest you set up a lab (either physical or virtual) and download
an eval of Windows server, XP Pro, and try setting up an active
directory environment. Without this there's nothing you can test or
play with. You can't use Windows Home Server (if that's what you've
got).

MS Small Business Server would be a good place to start if you can
get your hands on a copy.

My boilerplate on roaming profiles is below...

********************
General tips:

1. Set up a share on the server. For example - d:\profiles, shared as
profiles$ to make it hidden from browsing. Make sure this share is
*not* set to allow offline files/caching! (that's on by default -
disable it)

2. Make sure the share permissions on profiles$ indicate
everyone=full control. Set the NTFS security to administrators,
system, and users=full control.

3. In the users' ADUC properties, specify
\\server\profiles$\%username% in the profiles field

4. Have each user log into the domain once - if this is an existing
user with a profile you wish to keep, have them log in at their usual
workstationand log out. The profile is now roaming.

5. If you want the administrators group to automatically have
permissions to the profiles folders, you'll need to make the
appropriate change in group policy. Look in computer
configuration/administrative templates/system/user profiles -
there's an option to add administrators group to the roaming
profiles permissions. Do this *before* the users' roaming profile
folders are created - it isn't retroactive.

********************
Notes:

Make sure users understand that they should not log into multiple
computers at the same time when they have roaming profiles (unless
you make the profiles mandatory by renaming ntuser.dat to ntuser.man
so they can't change them, which has major disadvantages),. Explain
that the 'last one out wins' when it comes to uploading the final,
changed copy of the profile. If you want to restrict multiple
simultaneous network logins, look at LimitLogon (too much overhead
for me), or this: http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768

********************
Keep your profiles TINY. Via group policy, you should be redirecting
My Documents (at the very least) - to a subfolder of the user's home
directory or user folder. Also consider redirecting Desktop &
Application Data similarly..... so the user will end up with:

\\server\users\%username%\My Documents,
\\server\users\%username%\Desktop,
\\server\users\%username%\Application Data.

[Alternatively, just manually re-target My Documents to
\\server\users\%username% (this is not optimal, however!)]

You should use folder redirection even without roaming profiles, but
it's especially critical if you *are* using them.

If you aren't going to also redirect the desktop using policies,
tell users that they are not to store any files on the desktop or
you will beat them with a stick. Big profile=slow login/logout, and
possible profile corruption.

********************
Note that user profiles are not compatible between different OS
versions, even between W2k/XP. Keep all your computers. Keep your
workstations as identical as possible - meaning, OS version is the
same, SP level is the same, app load is (as much as possible) the
same.

*********************
If you also have Terminal Services users, make sure you set up a
different TS profile path for them in their ADUC properties - e.g.,
\\server\tsprofiles$\%username%

********************
Do not let people store any data locally - all data belongs on the
server.

********************
The User Profile Hive Cleanup Utility should be running on all your
computers. You can download it here:
http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

********************
Roaming profile & folder redirection article -
http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html



"Lanwench [MVP - Exchange]" wrote:

daztrue <daztrue@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Is it possible for the default Administrator account to be set as
a roaming profile on a home server? With multiple PCs on a home
network (each with its default Administrator account), I would
obviously want all of those to become one roaming account and want
to know if it's possible; and if so, how to 'merge' the accounts
when changing to roaming profile - and how this is safely
processed.

If you don't use AD, there are no roaming profiles possible.




.

Relevant Pages

  • Re: Default Administrator account as roaming profile?
    ... Business Server, which, again, you also suggested! ... will still backup client data in the same way as Windows Home Server? ... You can set up roaming *profiles* (my ... If you really do use roaming profiles you must use folder ...
    (microsoft.public.windowsxp.network_web)
  • Re: Default Administrator account as roaming profile?
    ... virtual) and download an eval of Windows server". ... A lab is a test network. ... If you really do use roaming profiles you must use folder redirection, ...
    (microsoft.public.windowsxp.network_web)
  • Re: Default Administrator account as roaming profile?
    ... Been on different forums/sites and certainly looks like MediaSmart Server ... You don't redirect from a PC - you redirect from a profile folder, ... You can set up roaming *profiles* (my ... If you really do use roaming profiles you must use folder ...
    (microsoft.public.windowsxp.network_web)
  • Re: Default Administrator account as roaming profile?
    ... Windows Home Server, and although it's a hot topic, the general/official ... profiles were for me, would it be possible to 'merge' default Administrator ... Roaming profile & folder redirection article - ...
    (microsoft.public.windowsxp.network_web)
  • Re: win2k3 profiles
    ... Your observations about criteria that makes roaming profiles plausible is ... workstations and they are indeed different... ... joined to the server then the Antivirus software deployment is a snap. ...
    (microsoft.public.windows.server.networking)