|
| If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|||||||
|
|
Thread Tools | Display Modes |
|
#1
October 1st 08, 06:57 PM
posted to microsoft.public.windowsxp.basics,microsoft.public.windowsxp.security_admin
|
|||
|
|||
Enable roaming profiles and folder redirection...
I currently have everyones My Documents saved on the network.
Everyone has a "U" drive mapped to their \\server\servershare\%username%\My Documents folder. I'm trying to figure out how to keep XP from pulling the users My Documents over to the workstation. If I do roaming profiles would I leave the users My Documents where they are, on U: I would think to store the users profile in \\server\servershare\%username% Any advice on how to reduce the amount of data being updated on the workstation every time someone logs in? Thanks Kelvin 
|
| Ads |
|
#2
October 2nd 08, 03:31 AM
posted to microsoft.public.windowsxp.basics,microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Enable roaming profiles and folder redirection...
Kelvin wrote:
I currently have everyones My Documents saved on the network. Everyone has a "U" drive mapped to their \\server\servershare\%username%\My Documents folder. I'm trying to figure out how to keep XP from pulling the users My Documents over to the workstation. What exactly do you mean by "pulling" ? If you're using folder redirection, the data lives on the server. Perhaps you have offline files enabled? If so, I'd disable them. There's no value in having them on LAN-connected computers & they can cause problems. You can do that in group policy...post in microsoft.public.windows.group_policy for more specific help with that. If I do roaming profiles would I leave the users My Documents where they are, on U: Yes - and I'd also redirect Desktop & Application Data. I would think to store the users profile in \\server\servershare\%username% No - it would have to be \\server\anothershare\%username%. Any advice on how to reduce the amount of data being updated on the workstation every time someone logs in? Keep the profiles tiny & don't use offline files. Thanks Kelvin Here's my boilerplate on roaming profiles.... ******************** General tips: 1. Set up a share on the server. For example - d:\profiles, shared as profiles$ to make it hidden from browsing. Make sure this share is *not* set to allow offline files/caching! (that's on by default - disable it) 2. Make sure the share permissions on profiles$ indicate everyone=full control. Set the NTFS security to administrators, system, and users=full control. 3. In the users' ADUC properties, specify \\server\profiles$\%username% in the profiles field 4. Have each user log into the domain once - if this is an existing user with a profile you wish to keep, have them log in at their usual workstationand log out. The profile is now roaming. 5. If you want the administrators group to automatically have permissions to the profiles folders, you'll need to make the appropriate change in group policy. Look in computer configuration/administrative templates/system/user profiles - there's an option to add administrators group to the roaming profiles permissions. Do this *before* the users' roaming profile folders are created - it isn't retroactive. ******************** Notes: Make sure users understand that they should not log into multiple computers at the same time when they have roaming profiles (unless you make the profiles mandatory by renaming ntuser.dat to ntuser.man so they can't change them, which has major disadvantages),. Explain that the 'last one out wins' when it comes to uploading the final, changed copy of the profile. If you want to restrict multiple simultaneous network logins, look at LimitLogon (too much overhead for me), or this: http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768 ******************** Keep your profiles TINY. Via group policy, you should be redirecting My Documents (at the very least) - to a subfolder of the user's home directory or user folder. Also consider redirecting Desktop & Application Data similarly..... so the user will end up with: \\server\users\%username%\My Documents, \\server\users\%username%\Desktop, \\server\users\%username%\Application Data. [Alternatively, just manually re-target My Documents to \\server\users\%username% (this is not optimal, however!)] You should use folder redirection even without roaming profiles, but it's especially critical if you *are* using them. If you aren't going to also redirect the desktop using policies, tell users that they are not to store any files on the desktop or you will beat them with a stick. Big profile=slow login/logout, and possible profile corruption. ******************** Note that user profiles are not compatible between different OS versions, even between W2k/XP. Keep all your computers. Keep your workstations as identical as possible - meaning, OS version is the same, SP level is the same, app load is (as much as possible) the same. ********************* If you also have Terminal Services users, make sure you set up a different TS profile path for them in their ADUC properties - e.g., \\server\tsprofiles$\%username% ******************** Do not let people store any data locally - all data belongs on the server. ******************** The User Profile Hive Cleanup Utility should be running on all your computers. You can download it he http://www.microsoft.com/downloads/d...displaylang=en ******************** Roaming profile & folder redirection article - http://www.windowsnetworking.com/art...rver-2003.html
|
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
