Re: Where to store/save user profiles?
- From: "David Griffiths" <dayvg69@xxxxxxxxxxxxxxxxxx>
- Date: Sun, 14 Oct 2007 12:08:04 +0200
Hi Lanwench
A simple question.
If the redirect is set for My Documents Desktop etc... does this just redirect the roaming storage on the server or does it make the workstation always use the server rather than the local path... if that makes sense
Dave
"Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:%23IsSUQbDIHA.6012@xxxxxxxxxxxxxxxxxxxxxxx
chris.wilkins10@xxxxxxxxxx wrote:I'm looking into setting up default, mandatory and roaming profiles.
Which is the best location to save these?
My Active Directory is divided into several partitions:-
Partition C: = OS ie. Server 2003
Partition E: = NTDS database
Partition F: = NTDS logs
Partition G: = SYSVOL
Partition H: = Swap file
Chris..
In addition to Mathieu's comments (with which I agree) -
------------------------
Default profile setup
------------------------
Create a local 'template user' on a workstation. Log in, and tweak everything that you want to standardize but cannot (easily) control via group policy. This includes power settings, Windows Explorer display settings, etc. Don't add a mail profile, or anything that will be unique to any domain user - keep it nice and generic.
Once you're done with this 'template' profile, log out - then log in as a domain admin (or any account that has permissions to write to \\DCname\netlogon).
In control panel | system, copy the 'template' user profile you created to \\DCname\netlogon\Default User (with the proper capitalization & the space). Set "Allowed to use" to "Everyone"
.
Then your new *domain* users will have these settings.
------------------------
Mandatory profiles
------------------------
I suggest you avoid them unless there's some compelling reason - it's a pain if you ever need to make a change. However, if you want to use one, just rename the user's ntuser.dat to ntuser.man
------------------------
Roaming profiles
------------------------
These can work well if you are very careful - but if you aren't, much can go wrong. You're probably going to need a lot of disk space to hold them. If you use folder redirection for My Documents, Application Data and Desktop, you may not need roaming profiles. In a domain, you should redirect those even if you don't use roaming profiles. This is done via group policy.
If you choose to go with roaming, profiles, here's my boilerplate on the subject.
1. Set up a share on the server. For example - d:\profiles, shared as profiles$ to make it hidden from browsing. Make sure this share is *not* set to allow offline files/caching! (that's on by default - disable it)
2. Make sure the share permissions on profiles$ indicate everyone=full control. Set the NTFS security to administrators, system, and users=full control.
3. In the users' ADUC properties, specify \\server\profiles$\%username% in the profiles field
4. If you want the administrators group to automatically have permissions to the profiles folders, you'll need to make the appropriate change in group policy. Look in computer configuration/administrative templates/system/user profiles - there's an option to add administrators group to the roaming profiles permissions. Make sure you do this before the users log in and create their subfolders, as this doesn't apply retroactively.
5. Have each user log into the domain once from their usual workstation (where their existing profile lives) and log out. The profile is now roaming.
Notes:
* Make sure users understand that they should not log into multiple computers at the same time when they have roaming profiles (unless you make the profiles mandatory by renaming ntuser.dat to ntuser.man so they can't change them). Explain that the "last one out wins" when it comes to uploading the final, changed copy of the profile.
* Keep your profiles TINY. Via group policy, redirect My Documents at the very least - to a subfolder of the user's home directory or user folder. Also consider redirecting Desktop & Application Data similarly..... so the user will have:
\\server\home$\%username%\My Documents,
\\server\home$\%username%\Desktop,
\\server\home$\%username%\Application Data.
If you aren't going to also redirect the desktop using policies, tell users that they are not to store any files on the desktop. Big profile=slow login/logout, and possible profile corruption.
* Note that user profiles are not compatible between different OS versions, even between W2k/XP. Keep all your computers. Keep your workstations as identical as possible - meaning, OS version is the same, SP level is the same, app load is (as much as possible) the same.
* Do not let people store any data locally - all data belongs on the server.
* The User Profile Hive Cleanup Utility should be running on all your computers. You can download it here: http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en
.
- Follow-Ups:
- Re: Where to store/save user profiles?
- From: Mathieu CHATEAU
- Re: Where to store/save user profiles?
- References:
- Where to store/save user profiles?
- From: chris.wilkins10@xxxxxxxxxx
- Re: Where to store/save user profiles?
- From: Lanwench [MVP - Exchange]
- Where to store/save user profiles?
- Prev by Date: Re: My Pictures won't let me email photos
- Next by Date: Re: Where to store/save user profiles?
- Previous by thread: Re: Where to store/save user profiles?
- Next by thread: Re: Where to store/save user profiles?
- Index(es):
Relevant Pages
|
