Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Mobile User login with no DC

Status
Not open for further replies.
Paul318

Paul318

Technical User
Aug 10, 2001
53
GB
Scenario:
There are mobile users dotted all over the globe, they all use the same laptops with exactly the same install. The installs are imaged (Ghost or Power Quest) and put onto a CD. This gives the user a quick recovery option if anything goes wrong. The users need to login to the Windows 2000 Professional machines as the domain users, (if they login as a local user, when they return to the office and login to the domain they will receive a different profile).

In order to login as the domain user they must have logged onto the domain with that machine at least once. W2K Pro will then remember the login credentials if a DC is unavailable.

The only way this seems possible is to login to the machine with ALL the mobile user accounts, then creating the universal image, but this causes a problem when users change their passwords (and have to restore from the image) causing mass confusion among the users!

Question: Is there any way of logging onto a W2K Pro machine (as a domain user) that is a member of a domain without first authenticating on a DC.
 
Sort by date Sort by votes
I think the answer to your question is NO, but I have a question back to you. Why will the users receive a different profile when they logon to the domain? Are you using roaming profiles/manadatory profiles?

I can see where you're coming from, I suspect you may find that there is a workaround but it may be too difficult to deploy and expect non-technical users to use.

RosieBsDad
 
Upvote 0 Downvote
RosieBsDad
Sorry I missed a bit....
The way it was done in the past was to create a universal login for all mobile users, this was with a Novell system so all logins were local to the machine, now if we keep the universal login, when they return to the office they will be logging in as a different user and receive a different profile.

Thanks
Paul
 
Upvote 0 Downvote
Do I take it then that the Novell has gone? (Sad day at Red Rock in that case, I'm actually a "red-head" believe it or not!)

You may need to get a bit clever with roaming profiles, local logins and the like. If you can do it fairly quickly (like before lunchtime Friday BST), put together a brief synopsis of your environment and I can have a quick look at it.



RosieBsDad
 
Upvote 0 Downvote
Paul,

You may find that some of the following may help. It's from a site that I've found useful in the past.

Ian


How do I use my Windows 2000 domain profile on my laptop, while traveling?

Assumptions:

1. Your Windows 2000 installation is a clean install. If your Windows 2000 install was an upgrade, the folders involved are a combination from this and tip 0552.

2. Your domain account is a member of the local Administrators group.

3. Your domain account has a local profile, or you must be very careful to select your local profile when you receive the warning message that your local profile is newer than your roaming profile, otherwise, changes made while traveling will be lost.

To create a local account that shares your domain profile:

01. Log on as the local Administrator and create a local account with the same UserName as your domain account.

NOTE: Your PC can not be a domain controller.

02. Logon as this new account and logoff.

03. Logon as your domain account.

04. Use Regedt32 and select the HKEY_CURRENT_USER key.

05. On the Security menu, press Permissions.

06. Press the Add button.

07. In the Look in: box, toggle your local computer name. Select the new UserName account you created in step 01.

08. Press Add and then press OK.

09. On the Security tab, select the new ComputerName\UserName account and check both Read and Full Control.

10. Press the Advanced button and check both boxes at the bottom of the Permissions tab.

11. Press Apply and Press OK until all dialog boxes are closed.

12. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList and locate the new SID by inspecting each ProfileImagePath for <Drive:>\Documents and Settings\UserName.ComputerName.

13. Double click this ProfileImagePath and remove the .ComputerName, so it is equal to your domain profile.

14. Exit Regedt32.

15. Delete the <Drive:>\Documents and Settings\UserName.ComputerName folder.

16. Grant the local UserName full control on the <Drive:>\Documents and Settings\UserName folder / sub-folders.

17. Logoff and logon locally as UserName. You will see your domain (and local) profile.
 
Upvote 0 Downvote
mapleleaf: - sweet work, but I think the initial problem is how to set up in the first place...

If understand the question properly, the issue is how to get a remote user's account onto a &quot;clean&quot; laptop if there is no DC available.

While this may not be a solution, may trigger some other thoughts. The only requirement is that the remote users have an exisitng account on the domain BEFORE they start this process.

If every [newly imaged] laptop is sent out with a default user account - say, &quot;register&quot; - get the remote users to log into the local laptop with this account. Now create a dial-up session to corporate network and (this is the bit that will need thinking about) log in to (say) a Web interface using the remote users REAL credentials. This will then trigger an action from the server-side which will remotely create the user details on the laptop.

Don't know how practical (or even possible) this is, bu tmay be the approach needed.

RosieBsDad
 
Upvote 0 Downvote
mapleleaf
Thanks for the feedback but as RosieBsDad has written, it's more to do with getting the users to logon to a clean install without a DC available.

RosieBsDad
I'll have to look into your idea, it seems feasable but on the down side sometimes they cannot get a dial-up connection (most of our mobile users are often offshore), but I agree that with some tweaking it could work.

Thanks for your feedback

Paul
 
Upvote 0 Downvote
Paul

OK, if the users receive a new &quot;clean&quot; laptop and they have no [dial-up or otherwise] access to the domain, then you're going to have be extremely clever to get their profile onto the laptop anyway :)

So why not make the &quot;register&quot; user profile good enough to get them going until they can go through the proper registration process, whatever that may be?

Just a thought.....



RosieBsDad
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

VicM
  • Locked
  • Question
Change name not showing in user account 1
Replies
13
Views
375
guitarzan
guitarzan
Diane Sandstrom
  • Locked
  • Question
PDF with highlighting
Replies
2
Views
139
Diane Sandstrom
Diane Sandstrom
theConjurian
  • Locked
  • Question
No administrator rights after upgrading to Windows 11
Replies
19
Views
769
goombawaho
goombawaho
Flinx
  • Locked
  • Question
continuing issues with Windows 10 slow transfer to NAS
Replies
6
Views
330
pmonett
pmonett
Shengfu
  • Locked
  • Question
PROBLEM WITH FILES IN FLASHDRIVE
Replies
3
Views
181
mikrom
mikrom

Part and Inventory Search

Sponsor

Back
Top