Re: Roaming Profile
- From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 29 Aug 2007 10:04:02 -0400
Scott <Scott@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I'm confused on the "timing" of setting roaming profiles.
If I set the profile path *before* a user logs in, isn't the XP
workstation looking for something that is not there?
Wouldn't the requirement be to set to roaming *after* a user logs in?
Thanks.
Hmm - I think you may be a bit confused. You don't actuallychange anything
on the workstation at all, for a roaming profile to work - before or after
login.
If a user logs into the domain and there's a profile path defined in ADUC
for him, his profile is a roaming profile.
The only thing you could change on the workstation is whether that cached
profile is something you want to be updated or not - you can change that
cached copy to a "local" profile, so new logins/logouts won't affect it. I
sometimes do this on a laptop if I don't want the user's desktop to be
modified by laptop-specific stuff.
Here's my boilerplate on roaming profiles -
1. Set up a share on the server. For example - d:\profiles, shared as
profiles$ to make it hidden from browsing. Make sure this share is not set
to allow offline files/caching!
2. Make sure the share permissions on profiles$ indicate everyone=full
control. Set the NTFS security to administrators, system, and users=full
control.
3. In the users' ADUC properties, specify \\server\profiles$\%username% in
the profiles field
4. Have each user log into the domain once from their usual workstation
(where their existing profile lives) and log out. The profile is now
roaming.
5. If you want the administrators group to automatically have permissions to
the profiles folders, you'll need to make the appropriate change in group
policy. Look in computer configuration/administrative templates/system/user
profiles - there's an option to add administrators group to the roaming
profiles permissions.
Notes:
* Make sure users understand that they should never log into multiple
computers at the same time when they have roaming profiles (unless you make
the profiles mandatory by renaming ntuser.dat to ntuser.man so they can't
change them). Explain that the
last one out
wins, when it comes to uploading the final, changed copy of the profile.
* Keep your profiles TINY. Redirect My Documents at the very least; usually
best done to the user's home directory on the server - either via
group policy (folder redirection) or manually (far less advisable). If you
aren't going to also redirect the desktop using policies, tell users that
they are not to store any files on the desktop or you will beat them with a
stick. Big profile=slow login/logout, and possible profile corruption.
* Note that user profiles are not compatible between different OS versions,
even between W2k/XP. Keep all your computers. Keep your workstations as
identical as possible - meaning, OS version is the same, SP level is the
same, app load is (as much as possible) the same.
* Do not let people store any data locally - all data belongs on the server.
* The User Profile Hive Cleanup Utility should be running on all your
computers. You can download it here:
http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en
.
- Follow-Ups:
- Re: Roaming Profile
- From: Scott
- Re: Roaming Profile
- Prev by Date: Multi-port modem on SBS 2003
- Next by Date: Re: Folder Redirection and Remote Site-Site VPN Clients
- Previous by thread: Multi-port modem on SBS 2003
- Next by thread: Re: Roaming Profile
- Index(es):
Relevant Pages
|
