Loopback processing, roaming profiles, folder redirection for domain-member laptops
- From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 5 Apr 2007 20:53:42 -0400
Hi.
My name is Lanwench and I know just enough group policy to be dangerous.
[IIRC I posted a similar question a couple of years ago, when I knew even
less, but didn't get too much in the way of useful advice - so I hope this
is at least a better-informed question now. ]
I support a number of small domains (predominantly W2003 AD with WinXP Pro
clients) and am learning a lot of cool group policy stuff as I go
along...it's helped me lock down and standardize a lot in my various
customer environments & I'm pleased with the results. However, I have some
annoying issues with laptop users and how I handle folder redirection,
profiles, and offline files. So many settings seem to be per user, and not,
"per user when user logs into specific computers" - and I can't find a way
to set pup an OU to ignore or block specific inherited GPOs and yet still
inherit *some* of them. Ugh. I've figured out plenty of kluges to work
around this in the past, but they suck, frankly; I'm hoping I've missed
something.
After lurking in here & doing more reading, I'm now wondering whether
setting up a separate OU for laptops and somehow making use of this loopback
processing thing, is the answer....
************
Typical config
************
* Domain <---I never mess with the default domain policy, etc., except to
set password policies
|
* Company Name <--- nothing blocked; my custom GPO linked here
|
* Computers <--- currently nothing linked; just inheriting
policies from above
|
* Users <--- currently nothing linked; just inheriting policies
from above
Pertinent bits from the custom GPO:
1. Folder redirection for My Documents (generally to the user's home
directory or a subfolder therein)
2. All Offline Files crap disabled (I have had tragic disasters in the past;
don't get me started. I even disable offline file caching on my shares for
good measure)
3. "Prohibit user from changing My Documents path" is enabled
Everything above works fine overall. [Note that I have been using roaming
profiles for years and nearly always implement them; I know how to make them
work, and they generally do.]
***********
Problem....
***********
When I've got users with laptops--who *also* use desktops, note--much of my
gorgeous setup falls apart---although the roaming profiles work fine & get
cached.
1. Their normal My Documents path will naturally be useless to them when
they are not on the network, as it's defined by the user bits of the GPO,
not the computer bits
2. Although I know plenty of third party sync software (current fave:
SecondCopy) that will sync whatever server files I wish to the laptop, how
do I get them to actually see/make use of the locally sync'd data?
3. I could set up a desktop shortcut to a custom-created local folder, and
populate/sync it however I wish, and show them how to use that when on the
laptops....but what a pain. [And even if I do this, they will then wind up
with this weird orphaned shortcut when they log into their desktop PCs.]
I'm a bit lost. And honestly, even if I were to suck it up and say "fine,
I'll use !@#$%% offline files," I'd never want that enabled/used when they
logged in at their *desktops* ...only on their laptops. And I'd *really*
rather not use it anyway.
***********
Goals
***********
I just want some of the "user" level settings to be different when the
domain user is on a laptop. Can I do the following:
* Keep a single (remember: it's roaming) Windows profile for the user
* Set a *different* and local path for their My Documents data (e.g.,
c:\data\username) when they're on their laptop
* Handle the file syncing with third party software, scripting,
whatever....really not worried about this part
* Still prevent them from changing the My Documents path
***********
Questions
***********
1. As I understand it, enabling loopback processing in a GPO linked to a OU
allows one to set separate 'user'-ish settings based on a computer/location,
right?
2. If I'm even close with the above- at what level in the config described
above do I create the OU for the laptops?
3. What, if anything, in my custom GPO, should I break into different GPOs -
to make sure that the laptop users inherit the settings I wish to apply to
*all* users?
4. Can this even be *done* ?
I'd welcome any ideas (besides "use offline files" .... on that subject I
afraid I'm implacable). Any newbie-friendly links/tutorials, whatnot.
Thanks for your patience and understanding, and yes, I'm aware that I'm a
bit long-winded, and you should feel exceptionally sorry for whomever has
the misfortune to date me. :)
.
- Follow-Ups:
- Re: Loopback processing, roaming profiles, folder redirection for domain-member laptops
- From: Mark Heitbrink [MVP]
- Re: Loopback processing, roaming profiles, folder redirection for domain-member laptops
- From: Florian Frommherz
- Re: Loopback processing, roaming profiles, folder redirection for domain-member laptops
- From: Bruce Sanderson
- Re: Loopback processing, roaming profiles, folder redirection for domain-member laptops
- Prev by Date: Re: Use GP to add domain groups to local Power Users and Admins
- Next by Date: Re: Can I apply group policies and have them not apply to everyone
- Previous by thread: Adding Printers with GP
- Next by thread: Re: Loopback processing, roaming profiles, folder redirection for domain-member laptops
- Index(es):
Relevant Pages
|
Loading
