Re: Local/Domain Logon
- From: "M. Turk" <nospam@xxxxxxxxxxxxxxxx>
- Date: Sun, 28 Jan 2007 03:46:43 GMT
"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23cr3YoiQHHA.464@xxxxxxxxxxxxxxxxxxxxxxx
In IfJuh.1091$Pk5.90@trndny04">news:IfJuh.1091$Pk5.90@trndny04,
M. Turk <nospam@xxxxxxxxxxxxxxxx> typed:
Could someone please tell me the advantages/disadvantages of a
workstation logging on locally vs logging on to a domain?
I am trying to sort out a network in my new office and found that
some of the workstations are logging on locally but do share network
resources such as a drive letters that are mapped to network/server
file folders. Any easy what to change this configuration and
preserve the user settings? Thank you.
No users should have local workstation accounts - there's no value in it,
and it makes management / admin / security much more of a pain, and your
user-based group policy pretty useless.
You can copy the local user's profile to the corresponding domain user's
profile, and then disable the local user account.
The connectcomputer script migrates localprofiles to domain profiles when
you run it the first time, but as computers have already been joined to
the domain (apparently) you can't run connectcomputer on them unless you
*disjoin* the domain. If you have more than one user on a workstation and
need to retain (copy) all their local profile data, don't do this.
Log into the domain as the user at least once on this PC
Log out, and log back in as any account with local admin rights.
Go to control panel, system, advanced, and find the profiles settings
Find the local user's profile, select it, and click "copy to...." and
browse to the domain user's profile path ( \documents and
settings\domainuser )
Log back in as the domain user and make sure it looks like it's got the
profile settings you expect - test thoroughly.
Disable the old local user account (and eventually delete it).
Rinse, lather, repeat.
All data should be stored on the server, and you should be using folder
redirection for My Documents at least (I do this to the user's home
directory), but perhaps also Desktop. If you find that there are 'missing'
or otherwise inaccessible data files or folders, you may need to take
ownership of them (as an administrator) and then reset the NTFS security
on them.....and then move them to the appropriate places on the server.
Thank you very much, this is very helpful. It also make apparent a big
mistake that I have done in the past, namely manually joining the domain and
then running connect computer (which seemed to do nothing - and now I
understand why). If running connect computer transfers the users local
settings to the server does that mean they are now have a roaming profile or
is there another step to enable roaming profiles. Thanks again!
.
- Follow-Ups:
- Re: Local/Domain Logon
- From: Lanwench [MVP - Exchange]
- Re: Local/Domain Logon
- References:
- Local/Domain Logon
- From: M. Turk
- Re: Local/Domain Logon
- From: Lanwench [MVP - Exchange]
- Local/Domain Logon
- Prev by Date: Remove/re-create domain?
- Next by Date: Re: after restore on client machine unable to connect to the serve
- Previous by thread: Re: Local/Domain Logon
- Next by thread: Re: Local/Domain Logon
- Index(es):
Relevant Pages
|
