Creating Roaming Profiles 2

[haitianfella]

Hello All,
i need help with creating roaming profile for users how do i go about this.

Is it possible to prevent users from changing their setting like backgrounds from the server

 

[pagy]

My advice, do not use roaming profiles. They are bad. But here is info on them

http://technet2.microsoft.com/windo...c982-4bfb-891e-91b47f211e181033.mspx?mfr=true

Paul
MCSE


"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe."
Albert Einstein

 

[haitianfella]

i work for a NYC High School and we have the students with accounts mainly so their information can be accessible in all labs. what do you suggest. do you think roaming profiles shouldn't be used in this enviornment?

 

[SLF74]

Paul - just curious, why do you not recommend roaming profiles?

 

[Cstorms]

We use them extensively and although not the most ideal thing considering the time it takes to pull profiles of various sizes when moving to a different machines, I also am curious what you would recommend as substitute for RP's.

 

[scottew]

Instead of Roaming profiles, you could set up a Terminal Server. Lock down the desktops via GPO and only allow access to the Terminal Server.

You can also use GPO's to prevent things like changing the backgrounds on the desktops.

Scott

 

[porkchopexpress]

I also don't like roaming profiles they tend to become far too large and cause headaches with corrupt files. I find it's easier to use folder redirection to provide a standard desktop and start menu then use group policy to lock down the users session. You can then use either a default profile hosted in netlogon or a roaming profile set to not propagate changes to the server at logoff to provide application settings.

I’ve found this setup to be easier to support than roaming profiles and logons are faster.

 

[Cstorms]

So is it pretty much a standard, since we are so lax here, to redirect the My Docs to a user drive and back that up and have a standard desktop that people cant/wont save files to since they (which they shouldnt assume anyway) will be backed up. Our process isnt the most "best practice" by a long shot, so what is the general consensus on allowing users a place to where files will be backed up, or is it usually only their users drive.

Sorry if this is a bit of a hijack.

 

[porkchopexpress]

That depends on a few factors really like what the PC is used for but certainly for our general clients that many people use we don't allow anyone to save to local drives they have access to shared folders and their own personal folder. We don't let users save to the desktop and most users receive the same desktop as the rest of their department. This has the added benefit of lowering support costs as well.

If they can only save to the network then all work is backed up and if you enable it the users can use the shadow copy service to restore their own work which is a big time saver.

 

[pagy]

Paul - just curious, why do you not recommend roaming profiles?

Exactly the same reasons as porkchopexpress gave

Paul
MCSE


"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe."
Albert Einstein

 

[AckeyG]

I would agree with Porkchop too, easier to create a standard, and if makes changes then will re create when next person log's on.....save disk space to name one but a few, could use that extra space for the personal folders for instance.

A!

 

[DThornton123]

We use roaming profile and haven't had any problems. We redirect the My Documents, Desktop, and Application Data folders. A DFSr replicated share is used for these, the profile, and the user's home drive. With redirection the profiles stay under 10MB.

Outlook pst files, documents, etc. are then all available to be backed up. Before we went with roaming profiles there was a lot of data that wasn't backed up.

Outlook pst files are the worst. The default location is hidden (to users) in the Application Data folder. To ensure they were on a share that was being backed up we had to either change the location on the initial install/setup of Outlook or change it later. User's either couldn't or wouldn't do this so it fell to IT. If a user created another archive it would end up in Application Data so IT had to constantly monitor PCs to ensure no one slipped through the cracks. With redirection we don't have to worry or monitor it.

One of the most desirable features of a properly set up roaming profiles system is that the moving of users or replacement of a PC requires minimal IT intervention. Typically all it consists of is: "Just log onto the PC and you'll see your desktop exactly as it is now." "Yes, use your same login name and password."