Re: How do you all manage employee workstations? Looking for sugge
- From: v-yanniw@xxxxxxxxxxxxxxxxxxxx ("Jenny wu [MSFT]")
- Date: Thu, 02 Mar 2006 13:01:00 GMT
Hi Andy,
Thanks for your update. Many thanks for Jeff's input.
To roaming profile:
When enabled roaming profiles, users have same profiles (such as desktop)
when logon any domain computers. In this way, User profiles are stored at
an administrator specified server location. When a user logs on and has
been authenticated within the directory service, the user profile,
including user settings and documents, are copied to the local computer.
User profile changes made on the local computer are then captured. Changes
will then be copied to the user profile stored on the server and be applied
the next time the user logs on.
Since the files is saved in network location, the user can see the same
profile nevertheless which workstation they log (XP or Windows 2000). You
can take a look at the article I recommended in my previous post.
You can use group policy to assign software to all workstations. you can
refer to the following articles to process.
How to use Group Policy to remotely install software in Windows Server 2003
http://support.microsoft.com/?id=816102
HOW TO: Use Group Policy to Remotely Install Software in Windows 2000
http://support.microsoft.com/?id=314934
Hope above information helps.
Have a nice day!
Sincerely,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
From: "Jeff Vandervoort" <jeffv @ jrvsystems dot com><u#LCL6OPGHA.648@xxxxxxxxxxxxxxxxxxxx>
References: <13D77723-0CB2-4D3A-83A1-DB8F640A92C4@xxxxxxxxxxxxx>
<OFwD9KPPGHA.532@xxxxxxxxxxxxxxxxxxxx>
<txtXPpQPGHA.1388@xxxxxxxxxxxxxxxxxxxxx>
<E5C22866-27FE-4D8A-A958-182CE8D938B4@xxxxxxxxxxxxx>
Subject: Re: How do you all manage employee workstations? Looking for suggeor
Date: Wed, 1 Mar 2006 10:00:29 -0600
Lines: 394
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
X-RFC2646: Format=Flowed; Original
Message-ID: <OjjHAlUPGHA.2012@xxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.windows.server.sbs
NNTP-Posting-Host: mail.jrvsystems.com 24.153.139.70
Path: TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
Xref: TK2MSFTNGXA03.phx.gbl microsoft.public.windows.server.sbs:248449
X-Tomcat-NG: microsoft.public.windows.server.sbs
Probably safer to redirect to \\Servername\Users\%USERNAME% rather than a
mapped drive, IMO. If you're doing this one user at a time through the UI
by REGEDIT you're working too hard! This can be done with GP also.ideas.
A new computer is "a computer other than their own". Roaming Profiles work
fine in a mixed 2000/XP environment. Only problem I've found with that is
the Quick Launch toolbar gets displayed twice on W2K after the profile's
been upgraded to WXP. I just live with it.
My preference for loading OS is not to. And about the only time I do (on a
locked down system) is after a HDD crash.
The rest of your questions are pretty non-controversial...most admins will
agree with what I posted. But for OS installs, everyone has different
Here's mine--DOS
I've always used an "administrative install" of Windows patched to the
latest SP, and use WSUS to distribute post-SP updates after that. I have
boot floppies with the antique MS-DOS Network Client on it that runs abatch
file that (among other things) XCOPY's the i386 folder to the local drivein
and launches automated setup. So I put the floppy in, boot the computer,
come back 40 minutes later and Windows is ready for me to logon. I have as
much software as possible install via GP, so after the computer object is
the right OU and security groups, another reboot and that's done, about 20the
minutes later. So in an hour, unattended, and only 5 minutes of my time,
machine is ready for the stuff I have to install manually (except where Ithe
have SMS available).
Windows 2000 Server & above also supports installs where your NIC boots
computer across the LAN and installs Windows. Honestly, I've never doneone
of those, mainly because they're machine specific.SOME
I've also never used Ghost, but I know lots of people swear by it. The
reason I do what I do is mostly familiarity, to be honest. I have a
collection of scripts developed over the years that let me get an admin
install set up very quickly. But all image-based methods have at least
complications with differing hardware configs. With the administrativeyou
install point I use, the only thing that's machine-specific is setting up
real mode NIC drivers for the boot floppy, which is a fussy process. If
have standardized on hardware configs, 2 or 3 boot floppies, 1 for eachNIC
mfr. (often for all models from the same mfr), will get you through.of
Vista will have much network installs; that may finally change my
procedures.
--
Jeff Vandervoort
JRVsystems
"Andrew Vital" <AndrewVital@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E5C22866-27FE-4D8A-A958-182CE8D938B4@xxxxxxxxxxxxxxxx
Thanks for all of those great suggestions... i've done some redirection
workstationMy
Dovuments to user's Z:\ drive (server\users\username) but i haven't done
all
but i'll definitley look into using GP.
Regarding Roaming profiles, users rarely (if ever) log on to a
OEMs.other then their own - bet that as it may, if i upgrade a "dead" computer
from 2000 to XP would the user's profile still remain the same or would
there
have to be some sort of conversion? Also if a user logged into a 2k
computer,
then an xp, would thye be able to log into a 2k machine again?
Since we bought Office 2003 just over the summer i'm stuck with the
forIt
was about 8k vs. 30k for the entire office, so it's tough to justify the
22k
difference to management, and regardless it will likley be a few years
before
we upgrade office again, we were on 2k before and only upgraded to 2k3
because of a 3rd party system we purchased that would only integrate with
office xp or higher.
What do you all do for the actual workstation OS loading, do you use
Imaging
software (I.e ghost) or what?
Thanks again! and ill also do some other research to become more familure
with these suggestiosn.
- Andy
""Jenny wu [MSFT]"" wrote:
Hi Andy,
Thanks for using the SBS newsgroup. Also thanks for Jeff and Gregg's
great
input.
Yes, the suggestions of Jeff are good. I would like to give more detail
information about how to process it. Hope it useful to you-).
I: Roaming user profiles enable users to log on to any computers in a
domain while preserving their user profile settings.
314478 How to Create and Copy Roaming User Profiles in Windows XP
http://support.microsoft.com/?id=314478
314886 Some Issues to Consider If Windows XP Users Have Roaming Profiles
http://support.microsoft.com/?id=314886
324749 How To Create a Roaming User Profile in Windows Server 2003
http://support.microsoft.com/?id=324749
II: Folder Redirection is a User group policy. This means that a user
thewhom you configure folder redirection must have a group policy linked to
some folder structure where their user object is subordinate, such as a
site, domain, or organizational unit.
When we enabled some folders' Folder Redirection, the folders content in
client computer will be saved in one server box. And when we click the
folder on workstations, we will be redirected to server box and open the
files located the server box.
More detail inforamton:
Folder Redirection feature in Windows
http://support.microsoft.com/kb/232692/EN-US/
III: Offline files: You can make network files available offline by
storing
shared files on your computer so that they are accessible when you are
not
connected to the network. If you do this, you can work with the files
aresame way that you work with them when you are connected to the network.
When you reconnect to the network, changes that you made to the files
createupdated to the network.
How to use offline files in Windows XP
http://support.microsoft.com/kb/307853/EN-US/
How To Configure Offline Files to Synchronize When a Particular Network
Connection Becomes Active
http://support.microsoft.com/?id=312171
IV. In domain environment, we can use group policies to manage and
monitor
workstations. You can take a look at the following articles to get brief
understanding to group policy.
324036 HOW TO: Use Software Restriction Policies in Windows Server 2003
http://support.microsoft.com/?id=324036
Software restriction policies (Step-by-step instructions on how to
http://www.microsoft.com/resources/documentation/WindowsServ/2003/enterprisenew software restriction policies.)
/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/en
Computerterprise/proddocs/en-us/Safer_topnode.asp
323525 HOW TO: Restrict Users from Running Specific Windows Programs in
Windows
http://support.microsoft.com/?id=323525
Run only allowed Windows applications
http://www.microsoft.com/windows2000/techinfo/reskit/en-us/gp/206.asp
Don''t run specified Windows applications
http://www.microsoft.com/windows2000/techinfo/reskit/en-us/gp/207.asp
316353 How to configure a user account to use a roaming user profile in
Windows Server 2003, Windows 2000 Server, or Windows NT 4.0
http://support.microsoft.com/?id=316353
231289 Using Group Policy Objects to Hide Specified Drives in My
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKifor
http://support.microsoft.com/?id=231289
818465 HOW TO: Use Group Policy to Permit Users to Redirect and Play
Audio
in a
http://support.microsoft.com/?id=818465
Using Security Filtering to Apply GPOs to Selected Groups
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechnt/2618ebdf-e04d-4abe-bdeb-c7d893ee3c62.mspx
HOW TO: Use Group Policy to Audit Registry Keys in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;324739
How to Add Custom Registry Settings to Security Configuration Editor
http://support.microsoft.com/kb/214752/EN-US/
The whitepaper "Implementing Registry-Based Group Policy for
Applications"
explains how to write custom .ADM files. To view this whitepaper, please
see the following Microsoft Web site:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serveol/windows2000serv/deploy/regappgp.asp
Articles for Group Policy:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/6eed436f-5b05-4eaa-9525-c0c429fcf9f6.mspx
Group Policy Overview:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/6eed436f-5b05-4eaa-9525-c0c429fcf9f6.mspx
Create or delete a Group Policy object
lookrHelp/4f8dd800-e0e3-44a6-8a4a-d3d34b245fe7.mspx
Troubleshooting Group Policy application problems
http://support.microsoft.com/kb/250842/EN-US/
Hope above information helps! I am happy to be assistance of you and
areforward to your reply!
Have a nice day!
Sincerely,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the
corresponding
newsgroups so that they can be resolved in an efficient and timely
manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check
the
"Notify me of replies" box to receive e-mail notifications when there
newsreader,any updates in your thread. When responding to posts via your
Pleaseplease "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In
doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly.
Givecheck http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
--------------------
Reply-To: "Gregg Hill" <bogus@xxxxxxxxxxx><u#LCL6OPGHA.648@xxxxxxxxxxxxxxxxxxxx>
From: "Gregg Hill" <bogus@xxxxxxxxxxx>
References: <13D77723-0CB2-4D3A-83A1-DB8F640A92C4@xxxxxxxxxxxxx>
Subject: Re: How do you all manage employee workstations? Looking forsuggestio
Date: Tue, 28 Feb 2006 21:41:05 -0800have
Lines: 93
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
X-RFC2646: Format=Flowed; Response
Message-ID: <OFwD9KPPGHA.532@xxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.windows.server.sbs
NNTP-Posting-Host: rrcs-67-52-120-182.west.biz.rr.com 67.52.120.182
Path: TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
Xref: TK2MSFTNGXA03.phx.gbl microsoft.public.windows.server.sbs:248323
X-Tomcat-NG: microsoft.public.windows.server.sbs
Jeff,
All very good advice! To figure out misbehaving apps, I recommend
Sysinternals' RegMon and FileMon. Let the OP Google those bad boys and
some fun with them.Best
Gregg Hill
"Jeff Vandervoort" <jeffv @ jrvsystems dot com> wrote in message
news:u%23LCL6OPGHA.648@xxxxxxxxxxxxxxxxxxxxxxx
I can't imagine managing 10 PCs under these conditions, let alone 70!
practices--
1. Do not allow users to save data to C:. Ever. On pain of death.
specificWillthem a deadline to move data to the server after which you use Group
Policy to hide drive C:. This requires a lot of political finesse
and/or
buy-in from the boss, but it's essential. To sell it, they need to
understand that their data is MORE secure on the server. Use NTFS to
its
fullest potential to make that happen. And if you're backing up data
on
workstations, stop, because it's making you what the shrinks call an
"enabler".
2. Purchase a volume license for Office and stop buying PCs with OEM
Office. Office installed with a volume license (via Group
Policy...hands-free) does not require activation or any of your time.
it'slikely be more expensive, but cost-benefit analysis will likely show
hardware.worth it.
3. Enable roaming profiles and folder redirection. This will capture
Favorites and everything else of interest. Especially since you will
no
longer allow users to save to C:. Users will be able to log on to
their
computer or any other available computer and see exactly the same
thing
they'd see on their own.
4. Make your users members of ComputerName\Users and NOT
ComputerName\Power Users or ComputerName\Administrators and you will
seldom, if ever, have a machine "go South" unless it's caused by
toIf you have permissions issues (you won't with Office, but maybe you
run
something else written to prehistoric standards, like AutoCAD, for
example) that keep users from running an app, try to track down the
problem and hack registry and/or file permissions until it runs.
Methodology for doing this is far beyond the amount of time I'm
willing
devote on speculation that this is an issue for you, but post
doquestions again in support boards for the software in question, or
2ka
web/usenet search, and you may find an answer.
Good luck!
--
Jeff Vandervoort
JRVsystems
"Andrew Vital" <AndrewVital@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:13D77723-0CB2-4D3A-83A1-DB8F640A92C4@xxxxxxxxxxxxxxxx
I've got about 70 workstations i'm responsible for - Mix of XP and
on
worka
Domain with SBS2003. I'm looking for a way to minimize downtime (and
withfor
me). Now when a computer goes south I usually backup their data (if
the
user
isn't saving files to their network drive) & Favorites, swap it out
ata
loaner box (an older machine) and wipe / reinstall windows, install
office,
call microsoft to activate Office and someimes windows as it's
already
been
activated and sometimes wont' activate via net - then install any
other
software - restore their data & favorites and swap it back out to
their
desk.
needless to say this is a PITA - nevermind if you have 1 or more to
do
haveonce. (and it seems as when one person's OS starts acting up others
needto
actup at the same time to give me more work).
I've contemplated Symantec Ghost, but know i'd have to setup a
sysprep
file
and i'd still have to call microsoft to activate office and perhaps
windows.
Also i'd have to keep images specific to machine types as some will
to
have drivers configured for them.
I could go on... but are there any proven methods of doing this?
Thanks for any and all suggestions.
Andy
.
- References:
- Re: How do you all manage employee workstations? Looking for suggestio
- From: Gregg Hill
- Re: How do you all manage employee workstations? Looking for suggestio
- From: "Jenny wu [MSFT]"
- Re: How do you all manage employee workstations? Looking for sugge
- From: Andrew Vital
- Re: How do you all manage employee workstations? Looking for suggestio
- Prev by Date: RE: Problems with fax on sbs2003
- Next by Date: Re: SBS 2003 KB909544 Sharepoint
- Previous by thread: Re: How do you all manage employee workstations? Looking for sugge
- Next by thread: Re: How do you all manage employee workstations? Looking for suggestio
- Index(es):
Relevant Pages
|
