Default Administrator account as roaming profile?

Is it possible for the default Administrator account to be set as a roaming
profile on a home server? With multiple PCs on a home network (each with its
default Administrator account), I would obviously want all of those to become
one roaming account and want to know if it's possible; and if so, how to
'merge' the accounts when changing to roaming profile - and how this is
safely processed.

daztrue wrote:
Is it possible for the default Administrator account to be set as a
roaming profile on a home server? With multiple PCs on a home network
(each with its default Administrator account), I would obviously want
all of those to become one roaming account and want to know if it's
possible; and if so, how to 'merge' the accounts when changing to
roaming profile - and how this is safely processed.

If you don't use AD, there are no roaming profiles possible.

My instant reaction was "What's AD?", but from a combination of another forum
discussion and the help file I'm guessing yo're referring to Active Directory?

I certainly don't have roaming profiles at the moment as I have no server,
but am on the verge of getting one. I've been studying about Group Policy but
need to familiarise myself more with the setting up of OUs, domain and Active
Directory. Plus, of course, my original question. If you can help that'd be
great!

"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
Is it possible for the default Administrator account to be set as a
roaming profile on a home server? With multiple PCs on a home network
(each with its default Administrator account), I would obviously want
all of those to become one roaming account and want to know if it's
possible; and if so, how to 'merge' the accounts when changing to
roaming profile - and how this is safely processed.

If you don't use AD, there are no roaming profiles possible.

On Sep 2, 5:38*pm, daztrue wrote:
My instant reaction was "What's AD?", but from a combination of another forum
discussion and the help file I'm guessing yo're referring to Active Directory?

I certainly don't have roaming profiles at the moment as I have no server,
but am on the verge of getting one. I've been studying about Group Policy but
need to familiarise myself more with the setting up of OUs, domain and Active
Directory. Plus, of course, my original question. If you can help that'd be
great!

"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
Is it possible for the default Administrator account to be set as a
roaming profile on a home server? With multiple PCs on a home network
(each with its default Administrator account), I would obviously want
all of those to become one roaming account and want to know if it's
possible; and if so, how to 'merge' the accounts when changing to
roaming profile - and how this is safely processed.

If you don't use AD, there are no roaming profiles possible.

Not certain on this but to be able to use roaming profile, you may
need:

1) Windows XP Pro installed on the PCs used as "workstations."
2) A true Windows Server version. (Windows 2000 server or Windows
Server 2003/2008.)

If you are going to use a Windows Home Server product, you might not
be able to do this.

Actually, even Windows NT4 Server works for roaming profiles... but it should not be used as Internet gateway.

"smlunatick" ???????/???????? ? ???????? ?????????: ...
On Sep 2, 5:38 pm, daztrue wrote:

My instant reaction was "What's AD?", but from a combination of another forum
discussion and the help file I'm guessing yo're referring to Active Directory?

I certainly don't have roaming profiles at the moment as I have no server,
but am on the verge of getting one. I've been studying about Group Policy but
need to familiarise myself more with the setting up of OUs, domain and Active
Directory. Plus, of course, my original question. If you can help that'd be
great!

"Lanwench [MVP - Exchange]" wrote:


daztrue wrote:

Is it possible for the default Administrator account to be set as a
roaming profile on a home server? With multiple PCs on a home network
(each with its default Administrator account), I would obviously want
all of those to become one roaming account and want to know if it's
possible; and if so, how to 'merge' the accounts when changing to
roaming profile - and how this is safely processed.



If you don't use AD, there are no roaming profiles possible.


Not certain on this but to be able to use roaming profile, you may
need:

1) Windows XP Pro installed on the PCs used as "workstations."
2) A true Windows Server version. (Windows 2000 server or Windows
Server 2003/2008.)

If you are going to use a Windows Home Server product, you might not
be able to do this.

daztrue wrote:
My instant reaction was "What's AD?", but from a combination of
another forum discussion and the help file I'm guessing yo're
referring to Active Directory?

Yes.


I certainly don't have roaming profiles at the moment as I have no
server,

OK.

but am on the verge of getting one. I've been studying about
Group Policy but need to familiarise myself more with the setting up
of OUs, domain and Active Directory. Plus, of course, my original
question. If you can help that'd be great!

I suggest you set up a lab (either physical or virtual) and download an eval
of Windows server, XP Pro, and try setting up an active directory
environment. Without this there's nothing you can test or play with. You
can't use Windows Home Server (if that's what you've got).

MS Small Business Server would be a good place to start if you can get your
hands on a copy.

My boilerplate on roaming profiles is below...

********************
General tips:

1. Set up a share on the server. For example - d:\profiles, shared as
profiles$ to make it hidden from browsing. Make sure this share is *not* set
to allow offline files/caching! (that's on by default - disable it)

2. Make sure the share permissions on profiles$ indicate everyone=full
control. Set the NTFS security to administrators, system, and users=full
control.

3. In the users' ADUC properties, specify \\server\profiles$\%username% in
the profiles field

4. Have each user log into the domain once - if this is an existing user
with a profile you wish to keep, have them log in at their usual
workstationand log out. The profile is now roaming.

5. If you want the administrators group to automatically have permissions to
the profiles folders, you'll need to make the appropriate change in group
policy. Look in computer configuration/administrative templates/system/user
profiles - there's an option to add administrators group to the roaming
profiles permissions. Do this *before* the users' roaming profile folders
are created - it isn't retroactive.

********************
Notes:

Make sure users understand that they should not log into multiple computers
at the same time when they have roaming profiles (unless you make the
profiles mandatory by renaming ntuser.dat to ntuser.man so they can't change
them, which has major disadvantages),. Explain that the 'last one out wins'
when it comes to uploading the final, changed copy of the profile. If you
want to restrict multiple simultaneous network logins, look at LimitLogon
(too much overhead for me), or this:
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768

********************
Keep your profiles TINY. Via group policy, you should be redirecting My
Documents (at the very least) - to a subfolder of the user's home directory
or user folder. Also consider redirecting Desktop & Application Data
similarly..... so the user will end up with:

\\server\users\%username%\My Documents,
\\server\users\%username%\Desktop,
\\server\users\%username%\Application Data.

[Alternatively, just manually re-target My Documents to
\\server\users\%username% (this is not optimal, however!)]

You should use folder redirection even without roaming profiles, but it's
especially critical if you *are* using them.

If you aren't going to also redirect the desktop using policies, tell users
that they are not to store any files on the desktop or you will beat them
with a stick. Big profile=slow login/logout, and possible profile
corruption.

********************
Note that user profiles are not compatible between different OS versions,
even between W2k/XP. Keep all your computers. Keep your workstations as
identical as possible - meaning, OS version is the same, SP level is the
same, app load is (as much as possible) the same.

*********************
If you also have Terminal Services users, make sure you set up a different
TS profile path for them in their ADUC properties - e.g.,
\\server\tsprofiles$\%username%

********************
Do not let people store any data locally - all data belongs on the server.

********************
The User Profile Hive Cleanup Utility should be running on all your
computers. You can download it he
http://www.microsoft.com/downloads/d...displaylang=en

********************
Roaming profile & folder redirection article -
http://www.windowsnetworking.com/art...rver-2003.html



"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
Is it possible for the default Administrator account to be set as a
roaming profile on a home server? With multiple PCs on a home
network (each with its default Administrator account), I would
obviously want all of those to become one roaming account and want
to know if it's possible; and if so, how to 'merge' the accounts
when changing to roaming profile - and how this is safely processed.

If you don't use AD, there are no roaming profiles possible.

I'm not sure what you mean by "set up a lab (either physical or virtual) and
download an eval of Windows server". Can you explain?

You also mentioned that I can't use Windows Home Server, which is what I
envisioned getting. What's the problem there?

Finally, you stressed folder direction (which I've also been looking into)
for all data, which I wasn't planning. My main intention for a home server
(HP MediaSmart) is to redirect shared files to be available across the home
network so other PCs won't need to be on, and as a backup resource. However,
your emphasis on tiny profiles makes me wonder whether roaming profiles are
practical for my intended setup.

Other than wanting to control everything from one profile, I want to be able
to configure/set policies for individual accounts/groups, which I'm lead to
believe can only be done with AD.

An important point is that I'm also intending to upgrade to Vista Ultimate.
There must be some way I can do this?

"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
My instant reaction was "What's AD?", but from a combination of
another forum discussion and the help file I'm guessing yo're
referring to Active Directory?

Yes.


I certainly don't have roaming profiles at the moment as I have no
server,

OK.

but am on the verge of getting one. I've been studying about
Group Policy but need to familiarise myself more with the setting up
of OUs, domain and Active Directory. Plus, of course, my original
question. If you can help that'd be great!

I suggest you set up a lab (either physical or virtual) and download an eval
of Windows server, XP Pro, and try setting up an active directory
environment. Without this there's nothing you can test or play with. You
can't use Windows Home Server (if that's what you've got).

MS Small Business Server would be a good place to start if you can get your
hands on a copy.

My boilerplate on roaming profiles is below...

********************
General tips:

1. Set up a share on the server. For example - d:\profiles, shared as
profiles$ to make it hidden from browsing. Make sure this share is *not* set
to allow offline files/caching! (that's on by default - disable it)

2. Make sure the share permissions on profiles$ indicate everyone=full
control. Set the NTFS security to administrators, system, and users=full
control.

3. In the users' ADUC properties, specify \\server\profiles$\%username% in
the profiles field

4. Have each user log into the domain once - if this is an existing user
with a profile you wish to keep, have them log in at their usual
workstationand log out. The profile is now roaming.

5. If you want the administrators group to automatically have permissions to
the profiles folders, you'll need to make the appropriate change in group
policy. Look in computer configuration/administrative templates/system/user
profiles - there's an option to add administrators group to the roaming
profiles permissions. Do this *before* the users' roaming profile folders
are created - it isn't retroactive.

********************
Notes:

Make sure users understand that they should not log into multiple computers
at the same time when they have roaming profiles (unless you make the
profiles mandatory by renaming ntuser.dat to ntuser.man so they can't change
them, which has major disadvantages),. Explain that the 'last one out wins'
when it comes to uploading the final, changed copy of the profile. If you
want to restrict multiple simultaneous network logins, look at LimitLogon
(too much overhead for me), or this:
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768

********************
Keep your profiles TINY. Via group policy, you should be redirecting My
Documents (at the very least) - to a subfolder of the user's home directory
or user folder. Also consider redirecting Desktop & Application Data
similarly..... so the user will end up with:

\\server\users\%username%\My Documents,
\\server\users\%username%\Desktop,
\\server\users\%username%\Application Data.

[Alternatively, just manually re-target My Documents to
\\server\users\%username% (this is not optimal, however!)]

You should use folder redirection even without roaming profiles, but it's
especially critical if you *are* using them.

If you aren't going to also redirect the desktop using policies, tell users
that they are not to store any files on the desktop or you will beat them
with a stick. Big profile=slow login/logout, and possible profile
corruption.

********************
Note that user profiles are not compatible between different OS versions,
even between W2k/XP. Keep all your computers. Keep your workstations as
identical as possible - meaning, OS version is the same, SP level is the
same, app load is (as much as possible) the same.

*********************
If you also have Terminal Services users, make sure you set up a different
TS profile path for them in their ADUC properties - e.g.,
\\server\tsprofiles$\%username%

********************
Do not let people store any data locally - all data belongs on the server.

********************
The User Profile Hive Cleanup Utility should be running on all your
computers. You can download it he
http://www.microsoft.com/downloads/d...displaylang=en

********************
Roaming profile & folder redirection article -
http://www.windowsnetworking.com/art...rver-2003.html



"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
Is it possible for the default Administrator account to be set as a
roaming profile on a home server? With multiple PCs on a home
network (each with its default Administrator account), I would
obviously want all of those to become one roaming account and want
to know if it's possible; and if so, how to 'merge' the accounts
when changing to roaming profile - and how this is safely processed.

If you don't use AD, there are no roaming profiles possible.

daztrue wrote:
I'm not sure what you mean by "set up a lab (either physical or
virtual) and download an eval of Windows server". Can you explain?

I'm not sure what's unclear, sorry. A lab is a test network. Physical means
you have a bunch of machines on this test network. Virtual means you use
virtualization software, such as VMWare or MS Virtual Server or
....Workstation. Eval is evaluation. Does that help to clarify?

You also mentioned that I can't use Windows Home Server, which is
what I envisioned getting. What's the problem there?

As far as I'm aware, Windows Home Server can't be used as a domain
controller. I don't use it, though. You'd want to look up documentation or
post in a server group for that.

Finally, you stressed folder direction (which I've also been looking
into) for all data, which I wasn't planning.

If you really do use roaming profiles you must use folder redirection, or it
will barf at some point.

My main intention for a
home server (HP MediaSmart) is to redirect shared files to be
available across the home network so other PCs won't need to be on,
and as a backup resource.

That sounds fine.

However, your emphasis on tiny profiles
makes me wonder whether roaming profiles are practical for my
intended setup.

No, and not possible, as far as I know. Nor are they necessary.

Other than wanting to control everything from one profile, I want to
be able to configure/set policies for individual accounts/groups,
which I'm lead to believe can only be done with AD.

Yes, that's correct.


An important point is that I'm also intending to upgrade to Vista
Ultimate. There must be some way I can do this?

I don't use or support Vista, but I know Vista Business can join a domain.
Don't know about Ultimate.

Good luck

"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
My instant reaction was "What's AD?", but from a combination of
another forum discussion and the help file I'm guessing yo're
referring to Active Directory?

Yes.


I certainly don't have roaming profiles at the moment as I have no
server,

OK.

but am on the verge of getting one. I've been studying about
Group Policy but need to familiarise myself more with the setting up
of OUs, domain and Active Directory. Plus, of course, my original
question. If you can help that'd be great!

I suggest you set up a lab (either physical or virtual) and download
an eval of Windows server, XP Pro, and try setting up an active
directory environment. Without this there's nothing you can test or
play with. You can't use Windows Home Server (if that's what you've
got).

MS Small Business Server would be a good place to start if you can
get your hands on a copy.

My boilerplate on roaming profiles is below...

********************
General tips:

1. Set up a share on the server. For example - d:\profiles, shared as
profiles$ to make it hidden from browsing. Make sure this share is
*not* set to allow offline files/caching! (that's on by default -
disable it)

2. Make sure the share permissions on profiles$ indicate
everyone=full control. Set the NTFS security to administrators,
system, and users=full control.

3. In the users' ADUC properties, specify
\\server\profiles$\%username% in the profiles field

4. Have each user log into the domain once - if this is an existing
user with a profile you wish to keep, have them log in at their usual
workstationand log out. The profile is now roaming.

5. If you want the administrators group to automatically have
permissions to the profiles folders, you'll need to make the
appropriate change in group policy. Look in computer
configuration/administrative templates/system/user profiles -
there's an option to add administrators group to the roaming
profiles permissions. Do this *before* the users' roaming profile
folders are created - it isn't retroactive.

********************
Notes:

Make sure users understand that they should not log into multiple
computers at the same time when they have roaming profiles (unless
you make the profiles mandatory by renaming ntuser.dat to ntuser.man
so they can't change them, which has major disadvantages),. Explain
that the 'last one out wins' when it comes to uploading the final,
changed copy of the profile. If you want to restrict multiple
simultaneous network logins, look at LimitLogon (too much overhead
for me), or this: http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768

********************
Keep your profiles TINY. Via group policy, you should be redirecting
My Documents (at the very least) - to a subfolder of the user's home
directory or user folder. Also consider redirecting Desktop &
Application Data similarly..... so the user will end up with:

\\server\users\%username%\My Documents,
\\server\users\%username%\Desktop,
\\server\users\%username%\Application Data.

[Alternatively, just manually re-target My Documents to
\\server\users\%username% (this is not optimal, however!)]

You should use folder redirection even without roaming profiles, but
it's especially critical if you *are* using them.

If you aren't going to also redirect the desktop using policies,
tell users that they are not to store any files on the desktop or
you will beat them with a stick. Big profile=slow login/logout, and
possible profile corruption.

********************
Note that user profiles are not compatible between different OS
versions, even between W2k/XP. Keep all your computers. Keep your
workstations as identical as possible - meaning, OS version is the
same, SP level is the same, app load is (as much as possible) the
same.

*********************
If you also have Terminal Services users, make sure you set up a
different TS profile path for them in their ADUC properties - e.g.,
\\server\tsprofiles$\%username%

********************
Do not let people store any data locally - all data belongs on the
server.

********************
The User Profile Hive Cleanup Utility should be running on all your
computers. You can download it he
http://www.microsoft.com/downloads/d...displaylang=en

********************
Roaming profile & folder redirection article -
http://www.windowsnetworking.com/art...rver-2003.html



"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
Is it possible for the default Administrator account to be set as
a roaming profile on a home server? With multiple PCs on a home
network (each with its default Administrator account), I would
obviously want all of those to become one roaming account and want
to know if it's possible; and if so, how to 'merge' the accounts
when changing to roaming profile - and how this is safely
processed.

If you don't use AD, there are no roaming profiles possible.

As you suggested, I've been looking on other forums and sites regarding
Windows Home Server, and although it's a hot topic, the general/official
concensus appears to be as you described: neither a domain controller, nor
able to join one. I also learnt that it is a "subset" (which I assume means a
smaller version) of MS Small Business Server, which, again, you also
suggested! Naturally, I looked into that, and learnt that 2008 will be
released in November. I don't know if you can shed any light on that version,
or whether it will still backup client data in the same way as Windows Home
Server?

Also, I take it SBS 2008 will still work fine with HP MediaSmart Server? And
is it installed on the server or on each client - like WHS?

Back to the issue of folder redirection: is it possible to redirect various
directories from multiple PCs to one directory? And if so, what is the
process when a directory or file have the same name? I'm thinking primarily
about redirecting the Shared Documents paths of each PC to one 'merged' tree
on the server.

Finally, assuming everything discussed is set up, and I decided roaming
profiles were for me, would it be possible to 'merge' default Administrator
accounts from PCs on the workgroup/LAN? If so, how? If not, what is usually
done with default accounts when a roaming Administrator account is set up?

Thanks, by the way, for all this help!

"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
I'm not sure what you mean by "set up a lab (either physical or
virtual) and download an eval of Windows server". Can you explain?

I'm not sure what's unclear, sorry. A lab is a test network. Physical means
you have a bunch of machines on this test network. Virtual means you use
virtualization software, such as VMWare or MS Virtual Server or
....Workstation. Eval is evaluation. Does that help to clarify?

You also mentioned that I can't use Windows Home Server, which is
what I envisioned getting. What's the problem there?

As far as I'm aware, Windows Home Server can't be used as a domain
controller. I don't use it, though. You'd want to look up documentation or
post in a server group for that.

Finally, you stressed folder direction (which I've also been looking
into) for all data, which I wasn't planning.

If you really do use roaming profiles you must use folder redirection, or it
will barf at some point.

My main intention for a
home server (HP MediaSmart) is to redirect shared files to be
available across the home network so other PCs won't need to be on,
and as a backup resource.

That sounds fine.

However, your emphasis on tiny profiles
makes me wonder whether roaming profiles are practical for my
intended setup.

No, and not possible, as far as I know. Nor are they necessary.

Other than wanting to control everything from one profile, I want to
be able to configure/set policies for individual accounts/groups,
which I'm lead to believe can only be done with AD.

Yes, that's correct.


An important point is that I'm also intending to upgrade to Vista
Ultimate. There must be some way I can do this?

I don't use or support Vista, but I know Vista Business can join a domain.
Don't know about Ultimate.

Good luck

"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
My instant reaction was "What's AD?", but from a combination of
another forum discussion and the help file I'm guessing yo're
referring to Active Directory?

Yes.


I certainly don't have roaming profiles at the moment as I have no
server,

OK.

but am on the verge of getting one. I've been studying about
Group Policy but need to familiarise myself more with the setting up
of OUs, domain and Active Directory. Plus, of course, my original
question. If you can help that'd be great!

I suggest you set up a lab (either physical or virtual) and download
an eval of Windows server, XP Pro, and try setting up an active
directory environment. Without this there's nothing you can test or
play with. You can't use Windows Home Server (if that's what you've
got).

MS Small Business Server would be a good place to start if you can
get your hands on a copy.

My boilerplate on roaming profiles is below...

********************
General tips:

1. Set up a share on the server. For example - d:\profiles, shared as
profiles$ to make it hidden from browsing. Make sure this share is
*not* set to allow offline files/caching! (that's on by default -
disable it)

2. Make sure the share permissions on profiles$ indicate
everyone=full control. Set the NTFS security to administrators,
system, and users=full control.

3. In the users' ADUC properties, specify
\\server\profiles$\%username% in the profiles field

4. Have each user log into the domain once - if this is an existing
user with a profile you wish to keep, have them log in at their usual
workstationand log out. The profile is now roaming.

5. If you want the administrators group to automatically have
permissions to the profiles folders, you'll need to make the
appropriate change in group policy. Look in computer
configuration/administrative templates/system/user profiles -
there's an option to add administrators group to the roaming
profiles permissions. Do this *before* the users' roaming profile
folders are created - it isn't retroactive.

********************
Notes:

Make sure users understand that they should not log into multiple
computers at the same time when they have roaming profiles (unless
you make the profiles mandatory by renaming ntuser.dat to ntuser.man
so they can't change them, which has major disadvantages),. Explain
that the 'last one out wins' when it comes to uploading the final,
changed copy of the profile. If you want to restrict multiple
simultaneous network logins, look at LimitLogon (too much overhead
for me), or this: http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768

********************
Keep your profiles TINY. Via group policy, you should be redirecting
My Documents (at the very least) - to a subfolder of the user's home
directory or user folder. Also consider redirecting Desktop &
Application Data similarly..... so the user will end up with:

\\server\users\%username%\My Documents,
\\server\users\%username%\Desktop,
\\server\users\%username%\Application Data.

[Alternatively, just manually re-target My Documents to
\\server\users\%username% (this is not optimal, however!)]

You should use folder redirection even without roaming profiles, but
it's especially critical if you *are* using them.

If you aren't going to also redirect the desktop using policies,
tell users that they are not to store any files on the desktop or
you will beat them with a stick. Big profile=slow login/logout, and
possible profile corruption.

********************
Note that user profiles are not compatible between different OS
versions, even between W2k/XP. Keep all your computers. Keep your
workstations as identical as possible - meaning, OS version is the
same, SP level is the same, app load is (as much as possible) the
same.

*********************
If you also have Terminal Services users, make sure you set up a
different TS profile path for them in their ADUC properties - e.g.,
\\server\tsprofiles$\%username%

********************
Do not let people store any data locally - all data belongs on the
server.

********************
The User Profile Hive Cleanup Utility should be running on all your
computers. You can download it he
http://www.microsoft.com/downloads/d...displaylang=en

********************
Roaming profile & folder redirection article -
http://www.windowsnetworking.com/art...rver-2003.html



"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
Is it possible for the default Administrator account to be set as
a roaming profile on a home server? With multiple PCs on a home
network (each with its default Administrator account), I would
obviously want all of those to become one roaming account and want
to know if it's possible; and if so, how to 'merge' the accounts
when changing to roaming profile - and how this is safely
processed.

If you don't use AD, there are no roaming profiles possible.

daztrue wrote:
As you suggested, I've been looking on other forums and sites
regarding Windows Home Server, and although it's a hot topic, the
general/official concensus appears to be as you described: neither a
domain controller, nor able to join one. I also learnt that it is a
"subset" (which I assume means a smaller version) of MS Small
Business Server, which, again, you also suggested! Naturally, I
looked into that, and learnt that 2008 will be released in November.

Yes, I believe so.

I don't know if you can shed any light on that version, or whether it
will still backup client data in the same way as Windows Home Server?

No idea, but I find it doubtful. With AD it's far more common to store all
data on the server, and nothing at all on workstations. Workstations should
be viewed as somewhat interchangeable and generic, in my view.

Also, I take it SBS 2008 will still work fine with HP MediaSmart
Server? ]

No idea...the hardware requirements will be pretty extreme.

And is it installed on the server or on each client - like
WHS?

You install SBS2008 on your server hardware. The client OSes can be Win2k,
WinXP Pro, or Vista Business.

Back to the issue of folder redirection: is it possible to redirect
vaious directories from multiple PCs to one directory?

You don't redirect from a PC - you redirect from a profile folder, such as
My Documents, Application Data, Desktop - to folders on the server, usually
under a parent folder such as \\server\sharename\%username%\My Documents,
etc. .

And if so,
what is the process when a directory or file have the same name? I'm
thinking primarily about redirecting the Shared Documents paths of
each PC to one 'merged' tree on the server.

It doesn't work quite like that. It has nothing to do with local folders.
You can set up shares on the server, and users can access them - instead of
the local shares. I tend to get rid of all local shares and don't let users
create them.

Finally, assuming everything discussed is set up, and I decided
roaming profiles were for me, would it be possible to 'merge' default
Administrator accounts from PCs on the workgroup/LAN?

No....

If so, how? If
not, what is usually done with default accounts when a roaming
Administrator account is set up?

There's no roaming administrator account. There's a domain account (which is
not related to your local accounts). You can set up roaming *profiles* (my
lengthy post described how) but I think you're still a little unclear on AD
and domain profiles - it's hard to know how to answer your questions.


Thanks, by the way, for all this help!

"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
I'm not sure what you mean by "set up a lab (either physical or
virtual) and download an eval of Windows server". Can you explain?

I'm not sure what's unclear, sorry. A lab is a test network.
Physical means you have a bunch of machines on this test network.
Virtual means you use virtualization software, such as VMWare or MS
Virtual Server or ....Workstation. Eval is evaluation. Does that
help to clarify?

You also mentioned that I can't use Windows Home Server, which is
what I envisioned getting. What's the problem there?

As far as I'm aware, Windows Home Server can't be used as a domain
controller. I don't use it, though. You'd want to look up
documentation or post in a server group for that.

Finally, you stressed folder direction (which I've also been looking
into) for all data, which I wasn't planning.

If you really do use roaming profiles you must use folder
redirection, or it will barf at some point.

My main intention for a
home server (HP MediaSmart) is to redirect shared files to be
available across the home network so other PCs won't need to be on,
and as a backup resource.

That sounds fine.

However, your emphasis on tiny profiles
makes me wonder whether roaming profiles are practical for my
intended setup.

No, and not possible, as far as I know. Nor are they necessary.

Other than wanting to control everything from one profile, I want to
be able to configure/set policies for individual accounts/groups,
which I'm lead to believe can only be done with AD.

Yes, that's correct.


An important point is that I'm also intending to upgrade to Vista
Ultimate. There must be some way I can do this?

I don't use or support Vista, but I know Vista Business can join a
domain. Don't know about Ultimate.

Good luck

"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
My instant reaction was "What's AD?", but from a combination of
another forum discussion and the help file I'm guessing yo're
referring to Active Directory?

Yes.


I certainly don't have roaming profiles at the moment as I have no
server,

OK.

but am on the verge of getting one. I've been studying about
Group Policy but need to familiarise myself more with the setting
up of OUs, domain and Active Directory. Plus, of course, my
original question. If you can help that'd be great!

I suggest you set up a lab (either physical or virtual) and
download an eval of Windows server, XP Pro, and try setting up an
active directory environment. Without this there's nothing you can
test or play with. You can't use Windows Home Server (if that's
what you've got).

MS Small Business Server would be a good place to start if you can
get your hands on a copy.

My boilerplate on roaming profiles is below...

********************
General tips:

1. Set up a share on the server. For example - d:\profiles, shared
as profiles$ to make it hidden from browsing. Make sure this share
is *not* set to allow offline files/caching! (that's on by default
- disable it)

2. Make sure the share permissions on profiles$ indicate
everyone=full control. Set the NTFS security to administrators,
system, and users=full control.

3. In the users' ADUC properties, specify
\\server\profiles$\%username% in the profiles field

4. Have each user log into the domain once - if this is an existing
user with a profile you wish to keep, have them log in at their
usual workstationand log out. The profile is now roaming.

5. If you want the administrators group to automatically have
permissions to the profiles folders, you'll need to make the
appropriate change in group policy. Look in computer
configuration/administrative templates/system/user profiles -
there's an option to add administrators group to the roaming
profiles permissions. Do this *before* the users' roaming profile
folders are created - it isn't retroactive.

********************
Notes:

Make sure users understand that they should not log into multiple
computers at the same time when they have roaming profiles (unless
you make the profiles mandatory by renaming ntuser.dat to
ntuser.man so they can't change them, which has major
disadvantages),. Explain that the 'last one out wins' when it
comes to uploading the final, changed copy of the profile. If you
want to restrict multiple simultaneous network logins, look at
LimitLogon (too much overhead for me), or this:
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768

********************
Keep your profiles TINY. Via group policy, you should be
redirecting My Documents (at the very least) - to a subfolder of
the user's home directory or user folder. Also consider
redirecting Desktop & Application Data similarly..... so the user
will end up with:

\\server\users\%username%\My Documents,
\\server\users\%username%\Desktop,
\\server\users\%username%\Application Data.

[Alternatively, just manually re-target My Documents to
\\server\users\%username% (this is not optimal, however!)]

You should use folder redirection even without roaming profiles,
but it's especially critical if you *are* using them.

If you aren't going to also redirect the desktop using policies,
tell users that they are not to store any files on the desktop or
you will beat them with a stick. Big profile=slow login/logout, and
possible profile corruption.

********************
Note that user profiles are not compatible between different OS
versions, even between W2k/XP. Keep all your computers. Keep your
workstations as identical as possible - meaning, OS version is the
same, SP level is the same, app load is (as much as possible) the
same.

*********************
If you also have Terminal Services users, make sure you set up a
different TS profile path for them in their ADUC properties - e.g.,
\\server\tsprofiles$\%username%

********************
Do not let people store any data locally - all data belongs on the
server.

********************
The User Profile Hive Cleanup Utility should be running on all
your computers. You can download it he
http://www.microsoft.com/downloads/d...displaylang=en

********************
Roaming profile & folder redirection article -
http://www.windowsnetworking.com/art...rver-2003.html



"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
Is it possible for the default Administrator account to be set
as a roaming profile on a home server? With multiple PCs on a
home network (each with its default Administrator account), I
would obviously want all of those to become one roaming account
and want to know if it's possible; and if so, how to 'merge'
the accounts when changing to roaming profile - and how this is
safely processed.

If you don't use AD, there are no roaming profiles possible.

On Sep 8, 5:58*pm, daztrue wrote:
As you suggested, I've been looking on other forums and sites regarding
Windows Home Server, and although it's a hot topic, the general/official
concensus appears to be as you described: neither a domain controller, nor
able to join one. I also learnt that it is a "subset" (which I assume means a
smaller version) of MS Small Business Server, which, again, you also
suggested! Naturally, I looked into that, and learnt that 2008 will be
released in November. I don't know if you can shed any light on that version,
or whether it will still backup client data in the same way as Windows Home
Server?

Also, I take it SBS 2008 will still work fine with HP MediaSmart Server? And
is it installed on the server or on each client - like WHS?

Back to the issue of folder redirection: is it possible to redirect various
directories from multiple PCs to one directory? And if so, what is the
process when a directory or file have the same name? I'm thinking primarily
about redirecting the Shared Documents paths of each PC to one 'merged' tree
on the server.

Finally, assuming everything discussed is set up, and I decided roaming
profiles were for me, would it be possible to 'merge' default Administrator
accounts from PCs on the workgroup/LAN? If so, how? If not, what is usually
done with default accounts when a roaming Administrator account is set up?

Thanks, by the way, for all this help!

"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
I'm not sure what you mean by "set up a lab (either physical or
virtual) and download an eval of Windows server". Can you explain?

I'm not sure what's unclear, sorry. A lab is a test network. Physical means
you have a bunch of machines on this test network. Virtual means you use
virtualization software, such as VMWare or MS Virtual Server or
....Workstation. Eval is evaluation. Does that help to clarify?

You also mentioned that I can't use Windows Home Server, which is
what I envisioned getting. What's the problem there?

As far as I'm aware, Windows Home Server can't be used as a domain
controller. I don't use it, though. You'd want to look up documentation or
post in a server group for that.

Finally, you stressed folder direction (which I've also been looking
into) for all data, which I wasn't planning.

If you really do use roaming profiles you must use folder redirection, or it
will barf at some point.

My main intention for a
home server (HP MediaSmart) is to redirect shared files to be
available across the home network so other PCs won't need to be on,
and as a backup resource.

That sounds fine.

However, your emphasis on tiny profiles
makes me wonder whether roaming profiles are practical for my
intended setup.

No, and not possible, as far as I know. Nor are they necessary.

Other than wanting to control everything from one profile, I want to
be able to configure/set policies for individual accounts/groups,
which I'm lead to believe can only be done with AD.

Yes, that's correct.

An important point is that I'm also intending to upgrade to Vista
Ultimate. There must be some way I can do this?

I don't use or support Vista, but I know Vista Business can join a domain.
Don't know about Ultimate.

Good luck

"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
My instant reaction was "What's AD?", but from a combination of
another forum discussion and the help file I'm guessing yo're
referring to Active Directory?

Yes.

I certainly don't have roaming profiles at the moment as I have no
server,

OK.

but am on the verge of getting one. I've been studying about
Group Policy but need to familiarise myself more with the setting up
of OUs, domain and Active Directory. Plus, of course, my original
question. If you can help that'd be great!

I suggest you set up a lab (either physical or virtual) and download
an eval of Windows server, XP Pro, and try setting up an active
directory environment. Without this there's nothing you can test or
play with. You can't use Windows Home Server (if that's what you've
got).

MS Small Business Server would be a good place to start if you can
get your hands on a copy.

My boilerplate on roaming profiles is below...

********************
General tips:

1. Set up a share on the server. For example - d:\profiles, shared as
profiles$ to make it hidden from browsing. Make sure this share is
*not* set to allow offline files/caching! (that's on by default -
disable it)

2. Make sure the share permissions on profiles$ indicate
everyone=full control. Set the NTFS security to administrators,
system, and users=full control.

3. In the users' ADUC properties, specify
\\server\profiles$\%username% in the profiles field

4. Have each user log into the domain once - if this is an existing
user with a profile you wish to keep, have them log in at their usual
workstationand log out. The profile is now roaming.

5. If you want the administrators group to automatically have
permissions to the profiles folders, you'll need to make the
appropriate change in group policy. Look in computer
configuration/administrative templates/system/user profiles -
there's an option to add administrators group to the roaming
profiles permissions. Do this *before* the users' roaming profile
folders are created - it isn't retroactive.

********************
Notes:

Make sure users understand that they should not log into multiple
computers at the same time when they have roaming profiles (unless
you make the profiles mandatory by renaming ntuser.dat to ntuser.man
so they can't change them, which has major disadvantages),. Explain
that the 'last one out wins' when it comes to uploading the final,
changed copy of the profile. If you want to restrict multiple
simultaneous network logins, look at LimitLogon (too much overhead
for me), or this:http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768

********************
Keep your profiles TINY. Via group policy, you should be redirecting
My Documents (at the very least) - to a subfolder of the user's home
directory or user folder. Also consider redirecting Desktop &
Application Data similarly..... so the user will end up with:

\\server\users\%username%\My Documents,
\\server\users\%username%\Desktop,
\\server\users\%username%\Application Data.

[Alternatively, just manually re-target My Documents to
\\server\users\%username% (this is not optimal, however!)]

You should use folder redirection even without roaming profiles, but
it's especially critical if you *are* using them.

If you aren't going to also redirect the desktop using policies,
tell users that they are not to store any files on the desktop or
you will beat them with a stick. Big profile=slow login/logout, and
possible profile corruption.

********************
Note that user profiles are not compatible between different OS
versions, even between W2k/XP. Keep all your computers. Keep your
workstations as identical as possible - meaning, OS version is the
same, SP level is the same, app load is (as much as possible) the
same.

*********************
If you also have Terminal Services users, make sure you set up a
different TS profile path for them in their ADUC properties - e.g.,
\\server\tsprofiles$\%username%

********************
*Do not let people store any data locally - all data belongs on the
server.

********************
*The User Profile Hive Cleanup Utility should be running on all your
computers. *You can download it he
http://www.microsoft.com/downloads/d...d=1B286E6D-891...

********************
Roaming profile & folder redirection article -
http://www.windowsnetworking.com/art...file-Folder-Re....

"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
Is it possible for the default Administrator account to be set as
a roaming profile on a home server? With multiple PCs on a home
network (each with its default Administrator account), I would
obviously want all of those to become one roaming account and want
to know if it's possible; and if so, how to 'merge' the accounts
when changing to roaming profile - and how this is safely
processed.

If you don't use AD, there are no roaming profiles possible.

The HP server may / may not work, or work well , with SBS 2008. Small
Business Server usually may require more powerful hardware to run
well. The HP server was designed for the Home Server requirements.

Hi again! Hope you're still out there!

Been on different forums/sites and certainly looks like MediaSmart Server
not compatible with SBS 2008. The more I delve into this (which I'm okay
with) the more I'm hoping I can find a solution to simply use WHS and
MediaSmart Server.

I just want to be able to have 'proper' admin control over the system and
individual user accounts so I can control what runs, what's accesible etc on
each account. Especially with kids in mind.

I know you said you didn't support Vista, and although I've looked into it,
I'm sure you'll know more and could refer me to a similar forum, as it claims
to have better admin control.

Anyway, just to recap on your last reply: you explained about setting up
shares on the server, so you must then redirect folders/files from numerous
PCs to that share. This still leaves me wondering about duplicate
folders/files because if paths are being redirected from different PCs then
there's the possibility of folders/files with the same name. What am I
missing?

You mentioned getting rid of the local shares and preventing them being
created. How?

Finally, thanks for explaining about the Domain Administrator, although you
didn't tell me what is usually done with the local default Administrator
accounts within the domain - or whether anything can be done.

"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
As you suggested, I've been looking on other forums and sites
regarding Windows Home Server, and although it's a hot topic, the
general/official concensus appears to be as you described: neither a
domain controller, nor able to join one. I also learnt that it is a
"subset" (which I assume means a smaller version) of MS Small
Business Server, which, again, you also suggested! Naturally, I
looked into that, and learnt that 2008 will be released in November.

Yes, I believe so.

I don't know if you can shed any light on that version, or whether it
will still backup client data in the same way as Windows Home Server?

No idea, but I find it doubtful. With AD it's far more common to store all
data on the server, and nothing at all on workstations. Workstations should
be viewed as somewhat interchangeable and generic, in my view.

Also, I take it SBS 2008 will still work fine with HP MediaSmart
Server? ]

No idea...the hardware requirements will be pretty extreme.

And is it installed on the server or on each client - like
WHS?

You install SBS2008 on your server hardware. The client OSes can be Win2k,
WinXP Pro, or Vista Business.

Back to the issue of folder redirection: is it possible to redirect
vaious directories from multiple PCs to one directory?

You don't redirect from a PC - you redirect from a profile folder, such as
My Documents, Application Data, Desktop - to folders on the server, usually
under a parent folder such as \\server\sharename\%username%\My Documents,
etc. .

And if so,
what is the process when a directory or file have the same name? I'm
thinking primarily about redirecting the Shared Documents paths of
each PC to one 'merged' tree on the server.

It doesn't work quite like that. It has nothing to do with local folders.
You can set up shares on the server, and users can access them - instead of
the local shares. I tend to get rid of all local shares and don't let users
create them.

Finally, assuming everything discussed is set up, and I decided
roaming profiles were for me, would it be possible to 'merge' default
Administrator accounts from PCs on the workgroup/LAN?

No....

If so, how? If
not, what is usually done with default accounts when a roaming
Administrator account is set up?

There's no roaming administrator account. There's a domain account (which is
not related to your local accounts). You can set up roaming *profiles* (my
lengthy post described how) but I think you're still a little unclear on AD
and domain profiles - it's hard to know how to answer your questions.


Thanks, by the way, for all this help!

"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
I'm not sure what you mean by "set up a lab (either physical or
virtual) and download an eval of Windows server". Can you explain?

I'm not sure what's unclear, sorry. A lab is a test network.
Physical means you have a bunch of machines on this test network.
Virtual means you use virtualization software, such as VMWare or MS
Virtual Server or ....Workstation. Eval is evaluation. Does that
help to clarify?

You also mentioned that I can't use Windows Home Server, which is
what I envisioned getting. What's the problem there?

As far as I'm aware, Windows Home Server can't be used as a domain
controller. I don't use it, though. You'd want to look up
documentation or post in a server group for that.

Finally, you stressed folder direction (which I've also been looking
into) for all data, which I wasn't planning.

If you really do use roaming profiles you must use folder
redirection, or it will barf at some point.

My main intention for a
home server (HP MediaSmart) is to redirect shared files to be
available across the home network so other PCs won't need to be on,
and as a backup resource.

That sounds fine.

However, your emphasis on tiny profiles
makes me wonder whether roaming profiles are practical for my
intended setup.

No, and not possible, as far as I know. Nor are they necessary.

Other than wanting to control everything from one profile, I want to
be able to configure/set policies for individual accounts/groups,
which I'm lead to believe can only be done with AD.

Yes, that's correct.


An important point is that I'm also intending to upgrade to Vista
Ultimate. There must be some way I can do this?

I don't use or support Vista, but I know Vista Business can join a
domain. Don't know about Ultimate.

Good luck

"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
My instant reaction was "What's AD?", but from a combination of
another forum discussion and the help file I'm guessing yo're
referring to Active Directory?

Yes.


I certainly don't have roaming profiles at the moment as I have no
server,

OK.

but am on the verge of getting one. I've been studying about
Group Policy but need to familiarise myself more with the setting
up of OUs, domain and Active Directory. Plus, of course, my
original question. If you can help that'd be great!

I suggest you set up a lab (either physical or virtual) and
download an eval of Windows server, XP Pro, and try setting up an
active directory environment. Without this there's nothing you can
test or play with. You can't use Windows Home Server (if that's
what you've got).

MS Small Business Server would be a good place to start if you can
get your hands on a copy.

My boilerplate on roaming profiles is below...

********************
General tips:

1. Set up a share on the server. For example - d:\profiles, shared
as profiles$ to make it hidden from browsing. Make sure this share
is *not* set to allow offline files/caching! (that's on by default
- disable it)

2. Make sure the share permissions on profiles$ indicate
everyone=full control. Set the NTFS security to administrators,
system, and users=full control.

3. In the users' ADUC properties, specify
\\server\profiles$\%username% in the profiles field

4. Have each user log into the domain once - if this is an existing
user with a profile you wish to keep, have them log in at their
usual workstationand log out. The profile is now roaming.

5. If you want the administrators group to automatically have
permissions to the profiles folders, you'll need to make the
appropriate change in group policy. Look in computer
configuration/administrative templates/system/user profiles -
there's an option to add administrators group to the roaming
profiles permissions. Do this *before* the users' roaming profile
folders are created - it isn't retroactive.

********************
Notes:

Make sure users understand that they should not log into multiple
computers at the same time when they have roaming profiles (unless
you make the profiles mandatory by renaming ntuser.dat to
ntuser.man so they can't change them, which has major
disadvantages),. Explain that the 'last one out wins' when it
comes to uploading the final, changed copy of the profile. If you
want to restrict multiple simultaneous network logins, look at
LimitLogon (too much overhead for me), or this:
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768

********************
Keep your profiles TINY. Via group policy, you should be
redirecting My Documents (at the very least) - to a subfolder of
the user's home directory or user folder. Also consider
redirecting Desktop & Application Data similarly..... so the user
will end up with:

\\server\users\%username%\My Documents,
\\server\users\%username%\Desktop,
\\server\users\%username%\Application Data.

[Alternatively, just manually re-target My Documents to
\\server\users\%username% (this is not optimal, however!)]

You should use folder redirection even without roaming profiles,
but it's especially critical if you *are* using them.

If you aren't going to also redirect the desktop using policies,
tell users that they are not to store any files on the desktop or
you will beat them with a stick. Big profile=slow login/logout, and
possible profile corruption.

********************
Note that user profiles are not compatible between different OS
versions, even between W2k/XP. Keep all your computers. Keep your
workstations as identical as possible - meaning, OS version is the
same, SP level is the same, app load is (as much as possible) the
same.

*********************
If you also have Terminal Services users, make sure you set up a
different TS profile path for them in their ADUC properties - e.g.,
\\server\tsprofiles$\%username%

********************
Do not let people store any data locally - all data belongs on the
server.

********************
The User Profile Hive Cleanup Utility should be running on all
your computers. You can download it he
http://www.microsoft.com/downloads/d...displaylang=en

********************
Roaming profile & folder redirection article -
http://www.windowsnetworking.com/art...rver-2003.html



"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
Is it possible for the default Administrator account to be set
as a roaming profile on a home server? With multiple PCs on a
home network (each with its default Administrator account), I
would obviously want all of those to become one roaming account
and want to know if it's possible; and if so, how to 'merge'
the accounts when changing to roaming profile - and how this is
safely processed.

If you don't use AD, there are no roaming profiles possible.

daztrue wrote:
Hi again! Hope you're still out there!

Been on different forums/sites and certainly looks like MediaSmart
Server not compatible with SBS 2008. The more I delve into this
(which I'm okay with) the more I'm hoping I can find a solution to
simply use WHS and MediaSmart Server.

I just want to be able to have 'proper' admin control over the system
and individual user accounts so I can control what runs, what's
accesible etc on each account. Especially with kids in mind.

You'll have to deal with that on the workstation level, then.

I know you said you didn't support Vista, and although I've looked
into it, I'm sure you'll know more and could refer me to a similar
forum, as it claims to have better admin control.

Microsoft.public.vista.* These aren't forums, note - they're usenet groups,
or newsgroups. Try using a newsreader instead of the web interface - it's a
lot better. The following is from a post by MVP Malke ...

-------------------------------------------------------
Here's information on Usenet and using a newsreader:

http://www.elephantboycomputers.com/page3.html#12-09-02 - a brief
explanation of newsgroups
http://michaelstevenstech.com/outlo...ssnewreader.htm
http://rickrogers.org/setupoe.htm
http://support.microsoft.com/defaul...wto/default.asp
- Set Up Newsreader

http://www.dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html
http://aumha.org/nntp.htm - list of MS newsgroups
microsoft.public.test.here - MS group to test if your newsreader is
working properly
http://www.mailmsg.com/SPAM_munging.htm - how to munge email address
http://www.blakjak.demon.co.uk/mul_crss.htm - multiposting vs.
crossposting

Some newsreaders for Windows
http://www.forteinc.com/agent/index.php - for Forte
http://www.mozilla.org (Thunderbird does newsgroups)
http://gravity.tbates.org/

-------------------------------------

Anyway, just to recap on your last reply: you explained about setting
up shares on the server, so you must then redirect folders/files from
numerous PCs to that share.

Close. You set up shares on the server, and redirect the user profile My
Documents folder (and possibly others, such as desktop etc) there.

This still leaves me wondering about
duplicate folders/files because if paths are being redirected from
different PCs then there's the possibility of folders/files with the
same name. What am I missing?

Each user would have their own parent folder on the server, such as
\\server\share$\%username%\My Documents, etc. . But you can't do this
without active directory.

You mentioned getting rid of the local shares and preventing them
being created. How?

There would be none by default besides the default admin share, and you
would not let your users have admin rights to create shares or folders on
the local hard drive.

Finally, thanks for explaining about the Domain Administrator,
although you didn't tell me what is usually done with the local
default Administrator accounts within the domain - or whether
anything can be done.

You give them very good passwords



"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
As you suggested, I've been looking on other forums and sites
regarding Windows Home Server, and although it's a hot topic, the
general/official concensus appears to be as you described: neither a
domain controller, nor able to join one. I also learnt that it is a
"subset" (which I assume means a smaller version) of MS Small
Business Server, which, again, you also suggested! Naturally, I
looked into that, and learnt that 2008 will be released in November.

Yes, I believe so.

I don't know if you can shed any light on that version, or whether
it will still backup client data in the same way as Windows Home
Server?

No idea, but I find it doubtful. With AD it's far more common to
store all data on the server, and nothing at all on workstations.
Workstations should be viewed as somewhat interchangeable and
generic, in my view.

Also, I take it SBS 2008 will still work fine with HP MediaSmart
Server? ]

No idea...the hardware requirements will be pretty extreme.

And is it installed on the server or on each client - like
WHS?

You install SBS2008 on your server hardware. The client OSes can be
Win2k, WinXP Pro, or Vista Business.

Back to the issue of folder redirection: is it possible to redirect
vaious directories from multiple PCs to one directory?

You don't redirect from a PC - you redirect from a profile folder,
such as My Documents, Application Data, Desktop - to folders on the
server, usually under a parent folder such as
\\server\sharename\%username%\My Documents, etc. .

And if so,
what is the process when a directory or file have the same name? I'm
thinking primarily about redirecting the Shared Documents paths of
each PC to one 'merged' tree on the server.

It doesn't work quite like that. It has nothing to do with local
folders. You can set up shares on the server, and users can access
them - instead of the local shares. I tend to get rid of all local
shares and don't let users create them.

Finally, assuming everything discussed is set up, and I decided
roaming profiles were for me, would it be possible to 'merge'
default Administrator accounts from PCs on the workgroup/LAN?

No....

If so, how? If
not, what is usually done with default accounts when a roaming
Administrator account is set up?

There's no roaming administrator account. There's a domain account
(which is not related to your local accounts). You can set up
roaming *profiles* (my lengthy post described how) but I think
you're still a little unclear on AD and domain profiles - it's hard
to know how to answer your questions.


Thanks, by the way, for all this help!

"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
I'm not sure what you mean by "set up a lab (either physical or
virtual) and download an eval of Windows server". Can you explain?

I'm not sure what's unclear, sorry. A lab is a test network.
Physical means you have a bunch of machines on this test network.
Virtual means you use virtualization software, such as VMWare or MS
Virtual Server or ....Workstation. Eval is evaluation. Does that
help to clarify?

You also mentioned that I can't use Windows Home Server, which is
what I envisioned getting. What's the problem there?

As far as I'm aware, Windows Home Server can't be used as a domain
controller. I don't use it, though. You'd want to look up
documentation or post in a server group for that.

Finally, you stressed folder direction (which I've also been
looking into) for all data, which I wasn't planning.

If you really do use roaming profiles you must use folder
redirection, or it will barf at some point.

My main intention for a
home server (HP MediaSmart) is to redirect shared files to be
available across the home network so other PCs won't need to be
on, and as a backup resource.

That sounds fine.

However, your emphasis on tiny profiles
makes me wonder whether roaming profiles are practical for my
intended setup.

No, and not possible, as far as I know. Nor are they necessary.

Other than wanting to control everything from one profile, I want
to be able to configure/set policies for individual
accounts/groups, which I'm lead to believe can only be done with
AD.

Yes, that's correct.


An important point is that I'm also intending to upgrade to Vista
Ultimate. There must be some way I can do this?

I don't use or support Vista, but I know Vista Business can join a
domain. Don't know about Ultimate.

Good luck

"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
My instant reaction was "What's AD?", but from a combination of
another forum discussion and the help file I'm guessing yo're
referring to Active Directory?

Yes.


I certainly don't have roaming profiles at the moment as I have
no server,

OK.

but am on the verge of getting one. I've been studying about
Group Policy but need to familiarise myself more with the
setting up of OUs, domain and Active Directory. Plus, of
course, my original question. If you can help that'd be great!

I suggest you set up a lab (either physical or virtual) and
download an eval of Windows server, XP Pro, and try setting up an
active directory environment. Without this there's nothing you
can test or play with. You can't use Windows Home Server (if
that's what you've got).

MS Small Business Server would be a good place to start if you
can get your hands on a copy.

My boilerplate on roaming profiles is below...

********************
General tips:

1. Set up a share on the server. For example - d:\profiles,
shared as profiles$ to make it hidden from browsing. Make sure
this share is *not* set to allow offline files/caching! (that's
on by default - disable it)

2. Make sure the share permissions on profiles$ indicate
everyone=full control. Set the NTFS security to administrators,
system, and users=full control.

3. In the users' ADUC properties, specify
\\server\profiles$\%username% in the profiles field

4. Have each user log into the domain once - if this is an
existing user with a profile you wish to keep, have them log in
at their usual workstationand log out. The profile is now
roaming.

5. If you want the administrators group to automatically have
permissions to the profiles folders, you'll need to make the
appropriate change in group policy. Look in computer
configuration/administrative templates/system/user profiles -
there's an option to add administrators group to the roaming
profiles permissions. Do this *before* the users' roaming profile
folders are created - it isn't retroactive.

********************
Notes:

Make sure users understand that they should not log into multiple
computers at the same time when they have roaming profiles
(unless you make the profiles mandatory by renaming ntuser.dat to
ntuser.man so they can't change them, which has major
disadvantages),. Explain that the 'last one out wins' when it
comes to uploading the final, changed copy of the profile. If you
want to restrict multiple simultaneous network logins, look at
LimitLogon (too much overhead for me), or this:
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768

********************
Keep your profiles TINY. Via group policy, you should be
redirecting My Documents (at the very least) - to a subfolder of
the user's home directory or user folder. Also consider
redirecting Desktop & Application Data similarly..... so the user
will end up with:

\\server\users\%username%\My Documents,
\\server\users\%username%\Desktop,
\\server\users\%username%\Application Data.

[Alternatively, just manually re-target My Documents to
\\server\users\%username% (this is not optimal, however!)]

You should use folder redirection even without roaming profiles,
but it's especially critical if you *are* using them.

If you aren't going to also redirect the desktop using policies,
tell users that they are not to store any files on the desktop or
you will beat them with a stick. Big profile=slow login/logout,
and possible profile corruption.

********************
Note that user profiles are not compatible between different OS
versions, even between W2k/XP. Keep all your computers. Keep your
workstations as identical as possible - meaning, OS version is
the same, SP level is the same, app load is (as much as
possible) the same.

*********************
If you also have Terminal Services users, make sure you set up a
different TS profile path for them in their ADUC properties -
e.g., \\server\tsprofiles$\%username%

********************
Do not let people store any data locally - all data belongs on
the server.

********************
The User Profile Hive Cleanup Utility should be running on all
your computers. You can download it he
http://www.microsoft.com/downloads/d...displaylang=en

********************
Roaming profile & folder redirection article -
http://www.windowsnetworking.com/art...rver-2003.html



"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
Is it possible for the default Administrator account to be set
as a roaming profile on a home server? With multiple PCs on a
home network (each with its default Administrator account), I
would obviously want all of those to become one roaming
account and want to know if it's possible; and if so, how to
'merge' the accounts when changing to roaming profile - and
how this is safely processed.

If you don't use AD, there are no roaming profiles possible.

Hi. Yeah, I'm still at it! Although almost resigning to the fact that I'm
probably not going to have the set up I envisioned, still not quite given up!

I read a bit about ADAM (which I understand is now called AD LDS), although
I couldn't really get a clear picture of the 'nuts and bolts' of it, and
thought you might be able to shed some light on it, and give me an idea
whether or not it may be of use to me.

Also, regarding the issue of newsreaders: when I followed instructions to
set up in Outlook 2003, it then opens Outlook Express (which is the only
option available in IE options) and won't let me proceed any further.

"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
Hi again! Hope you're still out there!

Been on different forums/sites and certainly looks like MediaSmart
Server not compatible with SBS 2008. The more I delve into this
(which I'm okay with) the more I'm hoping I can find a solution to
simply use WHS and MediaSmart Server.

I just want to be able to have 'proper' admin control over the system
and individual user accounts so I can control what runs, what's
accesible etc on each account. Especially with kids in mind.

You'll have to deal with that on the workstation level, then.

I know you said you didn't support Vista, and although I've looked
into it, I'm sure you'll know more and could refer me to a similar
forum, as it claims to have better admin control.

Microsoft.public.vista.* These aren't forums, note - they're usenet groups,
or newsgroups. Try using a newsreader instead of the web interface - it's a
lot better. The following is from a post by MVP Malke ...

-------------------------------------------------------
Here's information on Usenet and using a newsreader:

http://www.elephantboycomputers.com/page3.html#12-09-02 - a brief
explanation of newsgroups
http://michaelstevenstech.com/outlo...ssnewreader.htm
http://rickrogers.org/setupoe.htm
http://support.microsoft.com/defaul...wto/default.asp
- Set Up Newsreader

http://www.dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html
http://aumha.org/nntp.htm - list of MS newsgroups
microsoft.public.test.here - MS group to test if your newsreader is
working properly
http://www.mailmsg.com/SPAM_munging.htm - how to munge email address
http://www.blakjak.demon.co.uk/mul_crss.htm - multiposting vs.
crossposting

Some newsreaders for Windows
http://www.forteinc.com/agent/index.php - for Forte
http://www.mozilla.org (Thunderbird does newsgroups)
http://gravity.tbates.org/

-------------------------------------

Anyway, just to recap on your last reply: you explained about setting
up shares on the server, so you must then redirect folders/files from
numerous PCs to that share.

Close. You set up shares on the server, and redirect the user profile My
Documents folder (and possibly others, such as desktop etc) there.

This still leaves me wondering about
duplicate folders/files because if paths are being redirected from
different PCs then there's the possibility of folders/files with the
same name. What am I missing?

Each user would have their own parent folder on the server, such as
\\server\share$\%username%\My Documents, etc. . But you can't do this
without active directory.

You mentioned getting rid of the local shares and preventing them
being created. How?

There would be none by default besides the default admin share, and you
would not let your users have admin rights to create shares or folders on
the local hard drive.

Finally, thanks for explaining about the Domain Administrator,
although you didn't tell me what is usually done with the local
default Administrator accounts within the domain - or whether
anything can be done.

You give them very good passwords



"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
As you suggested, I've been looking on other forums and sites
regarding Windows Home Server, and although it's a hot topic, the
general/official concensus appears to be as you described: neither a
domain controller, nor able to join one. I also learnt that it is a
"subset" (which I assume means a smaller version) of MS Small
Business Server, which, again, you also suggested! Naturally, I
looked into that, and learnt that 2008 will be released in November.

Yes, I believe so.

I don't know if you can shed any light on that version, or whether
it will still backup client data in the same way as Windows Home
Server?

No idea, but I find it doubtful. With AD it's far more common to
store all data on the server, and nothing at all on workstations.
Workstations should be viewed as somewhat interchangeable and
generic, in my view.

Also, I take it SBS 2008 will still work fine with HP MediaSmart
Server? ]

No idea...the hardware requirements will be pretty extreme.

And is it installed on the server or on each client - like
WHS?

You install SBS2008 on your server hardware. The client OSes can be
Win2k, WinXP Pro, or Vista Business.

Back to the issue of folder redirection: is it possible to redirect
vaious directories from multiple PCs to one directory?

You don't redirect from a PC - you redirect from a profile folder,
such as My Documents, Application Data, Desktop - to folders on the
server, usually under a parent folder such as
\\server\sharename\%username%\My Documents, etc. .

And if so,
what is the process when a directory or file have the same name? I'm
thinking primarily about redirecting the Shared Documents paths of
each PC to one 'merged' tree on the server.

It doesn't work quite like that. It has nothing to do with local
folders. You can set up shares on the server, and users can access
them - instead of the local shares. I tend to get rid of all local
shares and don't let users create them.

Finally, assuming everything discussed is set up, and I decided
roaming profiles were for me, would it be possible to 'merge'
default Administrator accounts from PCs on the workgroup/LAN?

No....

If so, how? If
not, what is usually done with default accounts when a roaming
Administrator account is set up?

There's no roaming administrator account. There's a domain account
(which is not related to your local accounts). You can set up
roaming *profiles* (my lengthy post described how) but I think
you're still a little unclear on AD and domain profiles - it's hard
to know how to answer your questions.


Thanks, by the way, for all this help!

"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
I'm not sure what you mean by "set up a lab (either physical or
virtual) and download an eval of Windows server". Can you explain?

I'm not sure what's unclear, sorry. A lab is a test network.
Physical means you have a bunch of machines on this test network.
Virtual means you use virtualization software, such as VMWare or MS
Virtual Server or ....Workstation. Eval is evaluation. Does that
help to clarify?

You also mentioned that I can't use Windows Home Server, which is
what I envisioned getting. What's the problem there?

As far as I'm aware, Windows Home Server can't be used as a domain
controller. I don't use it, though. You'd want to look up
documentation or post in a server group for that.

Finally, you stressed folder direction (which I've also been
looking into) for all data, which I wasn't planning.

If you really do use roaming profiles you must use folder
redirection, or it will barf at some point.

My main intention for a
home server (HP MediaSmart) is to redirect shared files to be
available across the home network so other PCs won't need to be
on, and as a backup resource.

That sounds fine.

However, your emphasis on tiny profiles
makes me wonder whether roaming profiles are practical for my
intended setup.

No, and not possible, as far as I know. Nor are they necessary.

Other than wanting to control everything from one profile, I want
to be able to configure/set policies for individual
accounts/groups, which I'm lead to believe can only be done with
AD.

Yes, that's correct.


An important point is that I'm also intending to upgrade to Vista
Ultimate. There must be some way I can do this?

I don't use or support Vista, but I know Vista Business can join a
domain. Don't know about Ultimate.

Good luck

"Lanwench [MVP - Exchange]" wrote:

daztrue wrote:
My instant reaction was "What's AD?", but from a combination of
another forum discussion and the help file I'm guessing yo're
referring to Active Directory?

Yes.


I certainly don't have roaming profiles at the moment as I have
no server,

OK.

but am on the verge of getting one. I've been studying about
Group Policy but need to familiarise myself more with the
setting up of OUs, domain and Active Directory. Plus, of
course, my original question. If you can help that'd be great!

I suggest you set up a lab (either physical or virtual) and
download an eval of Windows server, XP Pro, and try setting up an
active directory environment. Without this there's nothing you
can test or play with. You can't use Windows Home Server (if
that's what you've got).

MS Small Business Server would be a good place to start if you
can get your hands on a copy.

My boilerplate on roaming profiles is below...

********************
General tips:

1. Set up a share on the server. For example - d:\profiles,
shared as profiles$ to make it hidden from browsing. Make sure
this share is *not* set to allow offline files/caching! (that's
on by default - disable it)

2. Make sure the share permissions on profiles$ indicate
everyone=full control. Set the NTFS security to administrators,
system, and users=full control.

3. In the users' ADUC properties, specify
\\server\profiles$\%username% in the profiles field

4. Have each user log into the domain once - if this is an
existing user with a profile you wish to keep, have them log in
at their usual workstationand log out. The profile is now
roaming.

5. If you want the administrators group to automatically have
permissions to the profiles folders, you'll need to make the
appropriate change in group policy. Look in computer
configuration/administrative templates/system/user profiles -
there's an option to add administrators group to the roaming
profiles permissions. Do this *before* the users' roaming profile
folders are created - it isn't retroactive.

********************
Notes:

Make sure users understand that they should not log into multiple
computers at the same time when they have roaming profiles
(unless you make the profiles mandatory by renaming ntuser.dat to
ntuser.man so they can't change them, which has major
disadvantages),. Explain that the 'last one out wins' when it
comes to uploading the final, changed copy of the profile. If you
want to restrict multiple simultaneous network logins, look at
LimitLogon (too much overhead for me), or this:
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768

********************
Keep your profiles TINY. Via group policy, you should be
redirecting My Documents (at the very least) - to a subfolder of
the user's home directory or user folder. Also consider
redirecting Desktop & Application Data similarly..... so the user
will end up with:

\\server\users\%username%\My Documents,
\\server\users\%username%\Desktop,
\\server\users\%username%\Application Data.

[Alternatively, just manually re-target My Documents to
\\server\users\%username% (this is not optimal, however!)]

You should use folder redirection even without roaming profiles,
but it's especially critical if you *are* using them.

If you aren't going to also redirect the desktop using policies,
tell users that they are not to store any files on the desktop or
you will beat them with a stick. Big profile=slow login/logout,
and possible profile corruption.

********************
Note that user profiles are not compatible between different OS