Re: win2k3 profiles
- From: "somebody" <somebody@xxxxxxxxx>
- Date: Sat, 10 Feb 2007 03:53:56 GMT
Frankster,
Thank you! That is very helpful.
You are correct, I am now responsible for this entire ball of wax.
Your observations about criteria that makes roaming profiles plausible is
helpful. I had not even thought about the applications installed on the
workstations and they are indeed different... so roaming profiles will
probably not make sense or be very userful. You helped me clairfy what I
should do to tidy things up without going overboard. Here is my revised
plan. If you don't mind reading it I would welcome your thoughts on it:
1) set a password on the local administrator account
2) join the necessary workstations to the domain with
system-properties/computername/domain
3) log on locally as administrator and add the domain user as a user with
standard local rights (not power user or administrator)
4) log on as the user/domain to create the folder/file structure for the
user profile
5) copy the profile from the old user account to the user.domain manually (I
am not sure about this, but suppose that I could just copy the contents of
desktop folder, my docs folder, favorites folder and then log on as the user
and import the outlook settings - or is there a better way?)
6) delete the old user/local profiles
7) implement my documents redirection if I want to
This isn't as sexy as the roaming profiles etc but it does seem quite
practical and straight forward, organized, and meets most of my goals (data
stored on the server for backup, workstations part of domain for anti virus
and windows update rollouts. I know that once all the workstations are
joined to the server then the Antivirus software deployment is a snap. I
really look forward to that.
Also, I think your comment about users not appreciating change without a
benefit is very insightful. I have to keep that in mind.
Thanks again for all of your help.
"Frankster" <Frank@xxxxxxxxxxxxxx> wrote in message
news:YfKdncwqLMrYbFHYnZ2dnUVZ_h6vnZ2d@xxxxxxxxxxxxxxx
Okay, here's my input... (everybody has an opinion, and this is mine!
) )
First though, you say you "inherited" this server. Can I assume you also
inherited the responsibility for the whole network? Or just the server?
For the sake of my answers I'm gonna assume you have control of the whole
network, clients and all.
Also, keep in mind that you should weigh the benefit of any change against
actual improved user experience and/or security. And... ease of admin, of
course. But I can tell you right now that many outfits could care less
about "ease of admin", so they will typically give that last priority.
Bottom line, anytime you change the way a user interacts with the system,
they'll expect to see an improvement that benefits them. Otherwise it's
just another unwanted change.
With that out of the way...
Q: Some workstations don't even log on to the domain and do not appear in
the active directory (never joined the domain?).
A: Yes, that's what I would say. Probably never joined the domain. Any
profiles on the server indicate that there was, at one time at least, a
roaming profile configured for this user. The server is probably
configured to allow "Everyone - Full" permissions. So, no need to be a
domain member. BTW, this is not ALL that unusual in workplaces that have
"evolved" from one or two stand-alone PCs to finally installing a server.
Sometimes they even hire someone to install the server, but the
workstations are not joined to a domain. Maybe the server isn't even
installed as a Domain Controller. Just depends. Additionally, if local
accounts have been configured on the PCs, I've seen workers just logon to
their local account rather than the domain. Most don't understand about
the pulldown arrow to select the domain. Most don't know the difference.
Ideally, there will be no local accounts on the machines.
Q: Others do log on to the domain but seem to have local profiles.
A: Domain membership does not automatically create Roaming profiles. That
has to be done manually by the admin. There are plusses and minuses to
roaming profiles. They are not always better. Personally, I only configure
roaming profiles unless 2 conditions are met. 1) Most (all?) of the
workers have the potential to log on to other machines often, and, 2)
every machine in the place is IDENTICAL (programs, hard drives, operating
systems, etc. - IDENTICAL). If either one of these criteria are absent,
roaming profiles may not be the best way.
Q: I would like to have all workstations to logon to the domain, have user
profiles on the server, and have my documents redirected to a personal
folder on the server.
A: I think you know already, but roaming profiles are not necessary for
server-stored user data directories. You can have a drive automatically
mapped to the server where the user stores all their data. In fact you
SHOULD! For reasons you mentioned. But that is different from the profile.
One thing to note is that I do understand that many users store all their
documents in the "My Documents" folder under their --- yes... PROFILE on
the local machine. That is NOT a good idea, ever. The users should be
educated about the perils of storing their data on the local machine (no
backup as well as much higher potential for corruption being "within" the
user profile. All data should be stored on the server.
Q: How do I implement profiles on the Server
A: To to the domain user account on the server and configure a path for a
home directory that resides on the server and enable a roaming profile for
that user. This is done (or not done) on a per user basis. Obviously there
are more details, but you get the idea.
Q: [How do I...] join a workstation to the server
A: FYI... XP Home cannot join a Windows Domain. XP Pro can. There is more
than one way. You can do it on the server or from the WS. I prefer from
the WS. Go to the WS, logon as Administrator, go to the properties of "My
Computer", choose Computer Name | Change, change from Workgroup to Domain.
You will be asked for an account on the server with appropriate
permissions to join a domain - that would be
<DomainAdministrator>|<DomainAdministratorPassword>. Then just follow
instructions.
Q: [How do I...] move a users local profile to the server, and force
redirection of their my documents folder to a location on the server?
A: Profile info above. As for redirection of the "My Documents" folder,
yes, you can do that. MS has a TechNet article on it I believe. I've never
done it because I don't believe in it. Instead I believe in educating
users to save all their information on their own special mapped server
drive/directory, not in "My Documents". Just my opinion.
Good luck. Any more questions, let 'er rip. :)
-Frank
"somebody" <somebody@xxxxxxxxx> wrote in message
news:XP%yh.2$H77.1@xxxxxxxxxxx
Frank, I have been reading this and other groups and understand that
these things can be done and I see great benefits in doing them. The
benefits include having all data on the server for centralized backup,
having workstation members of the domain for Windows and Antivirus
updates, being able to set policies that permit/restrict specific user
activity, etc. I see our office as vulnerable because of each of these
points. People install software at will, data is saved on workstations,
anti virus is not centralized, etc. I hope that answers your question
and that someone could please answer mine. I do want to add to my list
of questions; how to do desktop redirection (which I understand helps
keep the user profile small). Thank you.
"Frankster" <Frank@xxxxxxxxxxxxxx> wrote in message
news:lKGdnYR3ea5DH1HYnZ2dnUVZ_rKvnZ2d@xxxxxxxxxxxxxxx
Just curious... if you don't know how to do these things, it infers that
you have never done them before. If you have never done them before, how
do you know you need to do them? is there any problem with the way the
network is running now? IOW, what "problem" do you want to solve? There
is no need to change stuff just "because you can".
-Frank
"somebody" <somebody@xxxxxxxxx> wrote in message
news:luYyh.2442$177.2398@xxxxxxxxxxx
I have inherited a Windows 2003 Server network with XP Pro workstations
and am confused about the user profiles.
Some workstations don't even log on to the domain and do not appear in
the active directory (never joined the domain?).
Others do log on to the domain but seem to have local profiles.
Ideally I would like to have all workstations to logon to the domain,
have user profiles on the server, and have my documents redirected to a
personal folder on the server. And ultimately have the profiles roam.
How do I implement profiles on the Server, join a workstation to the
server, move a users local profile to the server, and force redirection
of their my documents folder to a location on the server?
Thank you!
.
- References:
- win2k3 profiles
- From: somebody
- Re: win2k3 profiles
- From: Frankster
- Re: win2k3 profiles
- From: somebody
- Re: win2k3 profiles
- From: Frankster
- win2k3 profiles
- Prev by Date: Assistance Setting up IP Filtering in a 2003 Routing Remote Access Server
- Next by Date: Re: XP box can't browse to PDC, but can other DC's
- Previous by thread: Re: win2k3 profiles
- Next by thread: Re: changing subnet of DC and BDC, not IP Address
- Index(es):
Relevant Pages
|
