Profiles...

lhatwwp · Dec 30, 2007

Hello,

I'm very new to the world of Windows... so please be patient with me. After 15 years with Netware I'm looking at Windows and I have a bunch of questions (I will make each question a seperate post).

So to start. What is the proper way to manage profiles for mobile users? So far it seems when a user logs into a domain a profile is created and poof everything they have seen on their desktop for the past year is gone, no favourites, no shortcuts, everything is gone.

Is there a way to have the same profile used regardless of the user logging on to the domain or the standalone PC?

I read some stuff about caching offline... but the article (on Microsoft technet website

http://technet2.microsoft.com/windo...327-4e65-879c-c952427578821033.mspx?mfr=true)

suggested not using the offline folders on roaming shares. Maybe that feature wouldn't address my issue... I'm not sure.

At the end of the day what I want is for mobile users to see the same familiar desktop, shortcuts, etc in the office and outside the office. I don't want a flood of complaints about people losing files, bookmarks, etc.

How do I make this happen?

Thanks in advance.
Lou

lhatwwp · Dec 30, 2007

New thought... I've read about the option of disabling roaming profiles... I have tried to disable roaming profiles. But I'm not getting a result I expect.

If I disable roaming profiles will user JDOE\LOCAL have the same profile as JDOE\DOMAIN?

TIA,
Lou

Dublin73 · Dec 30, 2007

With roaming profiles, your users will get the same profile, wherever they log in, provided that they are logging into the same domain all the time.

Regarding your question about JDOE\LOCAL and JDOE\DOMAIN, Windows sees these as two different people... and as a result, will create a seperate profile for each of these.

How are your mobile users connecting, RDP, Citrix?

lhatwwp · Dec 30, 2007

Hi Dublin73,

I should have explained, the mobile users are not connecting to the domain when they are away from the office. They are just taking their laptops with them when they leave the office to continue whatever work they my have. There in is the problem for me. Most of these guys would copy the file to "My Documents" or the "Desktop" and then leave the office. Next time they logon to the laptop only they have an empty "My Documents" folder, the desktop is unfamiliar and all their favourites etc are gone.

Is their anything I can do to force Windows to use JDOE\DOMAIN even when not connected to the domain? Or is there a method of synchronizing the two profiles, JDOE\LOCAL and JDOE\DOMAIN?

TIA,
Lou

mrdenny · Dec 30, 2007

The easiest way is to remove the local account which will force them to use the domain account.

As Windows sees them as two seperate accounts there isn't really any way to sync the accounts.

It's bascially going to come down to user education.

By default Windows will cache the last few domain accounts which logged in, so that you can log onto the domain when you aren't connected for just this purpose.

As dublin said when the users aren't connected to the network and they log into the domain they will see there domain account just as normal. Then when they get back to the office there roaming profile will be synced with the copy on the server and the updates from the laptop will be uploaded (as configured on there next logout).

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

My Blog

lhatwwp · Dec 31, 2007

Hi mrdenny,

Thanks for all your help thus far. I do have more questions. If I remove the local account the user won't be able to logon when they are out of the office... right? That's not going to work for them.

As far as synchronizing folders. What about Microsoft's SyncToy?

http://www.microsoft.com/downloads/...54-C975-4814-9649-CCE41AF06EB7&displaylang=en

I could sync c:\doc&set\LOCAL.ME with C:\doc&set\DOMAIN.ME this is a bit of a hard drive waste... but hard drive space isn't a typical problem.

As for Outlook... I have never tried this but maybe you can stop me before a big mistake... can I have Outlook on LOCAL\ME point to the same file location as Outlook on DOMAIN\ME? Would that keep Outlook synchronized?

Is there anything else I should think of?

Thanks,
Lou

TNGPicard · Dec 31, 2007

Lou,

When you remove the local account we're talking about the account that is on the computer itself and NOT the domain account (which still has to be added to the computer). I..e when they are at the logon screen, they change the "Logon To" part to be the domain EVEN IF THEY ARE NOT IN THE OFFICE. This will use a cached credential on the machine and a cached copy of the profile. If you don't have a user using multiple computers where they need the exact same settings (such as a lab) the profile will be with them on the machine whether or not they're plugged into your corporate network.

you can control offline file synchronization through group policies and where files live in offline / online mode and what gets synced. I redirect users my documents folders to their home directories on the network and this seems to work here for the few of us that have laptops that roam around. You don't have to use anything like synctoy.

Concerning differences between the local machine profile and the new domain profile that will be created on the machine, you can use the moveuser util. You need to login to the machine with another account, run moveuser with the appropriate options and then remove the local machine account; when the user logs in with their domain account, everything that was in the local profile will be in the domain account profile. The utility is part Windows Server Resource Kit tools which is a free download.

Basically - you don't have to maintain two accounts for your users any more - the domain account WILl work for them locally when they are NOT connected to your network as long as they've logged into the computer already. They'll have all ttheir settings, desktop, etc. Regarding your outlook sync - set outlook up to use cached exchange mode and they can work offline and sync back with the exchange server (if you have one). If you're using IMAP or POP/SMTP you don't even have to worry about this as long as their PST files are on their local machine and not the network.

Mark at LMFJ / TNG Picard

lhatwwp · Dec 31, 2007

TNGPicard,

Thank you very much for the explaination. I never would have guessed that a user could choose the domain even when they weren't connected to the domain.

That clears up a lot of stuff for me.

Cheers!
Lou

TNGPicard · Dec 31, 2007

Lou,

It works great and simplifies things. You do need to watch what you do through group policies and what you set as the local security policy on the machines because you are relying on cached credentials. I'm not sure of the impact the settings about "wait for network at computer startup" and user login are or how they will affect this. At my office I filter those GPOs not to apply on laptop computers.

Mark

mrdenny · Dec 31, 2007

I'll simply dito what Mark said.

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

My Blog

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Profiles...

lhatwwp

Technical User

lhatwwp

Technical User

Dublin73

IS-IT--Management

lhatwwp

Technical User

mrdenny

Programmer

lhatwwp

Technical User

TNGPicard

Technical User

lhatwwp

Technical User

TNGPicard

Technical User

mrdenny

Programmer

Similar threads

Part and Inventory Search

Sponsor