Re: How do I get roaming profiles to work??
- From: Rene Brehmer <rene@xxxxxxxxxxxxxx>
- Date: Wed, 27 Feb 2008 11:40:44 -0700
On Tue, 26 Feb 2008 17:40:32 -0500, Lanwench [MVP - Exchange] wrote:
Rene Brehmer <rene@xxxxxxxxxxxxxx> wrote:{snip}
I edited the user templates to link drive U: to
\\server1\userdata\%username%\, but this is not applied to new users.
I've had to manually edit every single user to make this work. On a
couple new users I've been experimenting getting the roaming profile
to work, but still have some ways to go. I set the profile path to
\profiles\%username%,
No - don't use a path like that (the share doesn't exist, won't, and doesn't
need to). Read below....
but when user switches computer, on login
windows complains that "Roaming profile cannot be found on the
server", and this message repeats twice. After login, U-drive is
present as it should be, and contains roaming links to My Documents
with sub-folders, as well as all network drives set up for that user.
Also available for these users are all the network printers, and the
default printer for that user is remembered as well.
I checked the \profiles folder, and there isn't actually a folder for
these users, so I added that for each of them. Probably should've
done that first, but oh well.
What else do I need to do to get the roaming profiles to work? I want
it to save desktop settings, star menu settings, and whatever else
preferences these users change on their user.
Also if possible, if there's any way to make it possible for these
users to login, and use Outlook, without having to create them as a
user on the domain on every single computer first. Right now, the
only way to get Outlook to work for them, is to set them up as
administrator on every machine. I have not yet figured out how to get
around that, but would really like to be able to just set them up on
the computer, and then let them use whatever computer they want. We
do have a license issue that means not all programs are on all
computers, but we're hoping to get that rectified.
Here's my boilerplate on roaming profiles. Can't help you now with the user
template, but you do not need to map a drive for My Documents or for
profiles to work. You should not mix up your user data & your profile paths,
and you should not map a drive to the profile share/folder.
General tips:
1. Set up a share on the server. For example - d:\profiles, shared as
profiles$ to make it hidden from browsing. Make sure this share is *not* set
to allow offline files/caching! (that's on by default - disable it)
2. Make sure the share permissions on profiles$ indicate everyone=full
control. Set the NTFS security to administrators, system, and users=full
control.
3. In the users' ADUC properties, specify \\server\profiles$\%username% in
the profiles field
4. Have each user log into the domain once from their usual workstation
(where their existing profile lives) and log out. The profile is now
roaming.
5. If you want the administrators group to automatically have permissions to
the profiles folders, you'll need to make the appropriate change in group
policy. Look in computer configuration/administrative templates/system/user
profiles - there's an option to add administrators group to the roaming
profiles permissions.
Notes:
* Make sure users understand that they should not log into multiple
computers at the same time when they have roaming profiles (unless you make
the profiles mandatory by renaming ntuser.dat to ntuser.man so they can't
change them). Explain that the
last one out wins,
when it comes to uploading the final, changed copy of the profile.
* Keep your profiles TINY. Via group policy, redirect My Documents at the
very least - to a subfolder of the user's home directory or user folder.
Also consider redirecting Desktop & Application Data similarly..... so the
user will have:
\\server\home$\%username%\My Documents,
\\server\home$\%username%\Desktop,
\\server\home$\%username%\Application Data.
Alternatively, just manually re-target My Documents to
\\server\home$\%username% (this is not optimal, however!)
If you aren't going to also redirect the desktop using policies, tell users
that
they are not to store any files on the desktop or you will beat them with a
stick. Big profile=slow login/logout, and possible profile corruption.
* Note that user profiles are not compatible between different OS versions,
even between W2k/XP. Keep all your computers. Keep your workstations as
identical as possible - meaning, OS version is the same, SP level is the
same, app load is (as much as possible) the same.
* Do not let people store any data locally - all data belongs on the server.
* The User Profile Hive Cleanup Utility should be running on all your
computers. You can download it here:
http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en
Roaming profile & folder redirection article -
http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html
Ok ... I did all of this... now I only have 1 question left: I had to
create a new GPO (called Roaming Users) to create the roaming profiles,
because the current GPO set is a bit of a mess. But how do I apply the GPO
to the appropriate Security Group? I created a new security group (also
named Roaming Users) as well, to avoid all users becoming roaming, when
only some of them need to be. But I can't figure out how you apply the GPO
to the SG.
.
- Follow-Ups:
- Re: How do I get roaming profiles to work??
- From: Lanwench [MVP - Exchange]
- Re: How do I get roaming profiles to work??
- References:
- How do I get roaming profiles to work??
- From: Rene Brehmer
- Re: How do I get roaming profiles to work??
- From: Lanwench [MVP - Exchange]
- How do I get roaming profiles to work??
- Prev by Date: Re: ADUC and Mailbox REcovery Center
- Next by Date: Re: ADUC and Mailbox REcovery Center
- Previous by thread: Re: How do I get roaming profiles to work??
- Next by thread: Re: How do I get roaming profiles to work??
- Index(es):
Relevant Pages
|
