Advice on WIn2000/XP roaming profiles needed

[Bruce]

Hi,

We are in the process of upgrading our network to Win2000 Servers and
XP clients as are probably 1000's of other organisations. Our original
network was based on NT4 Servers and Win95 clients in a single domain.

Anyway, we have upgaded the servers to Win2000 and are in the process
of upgrading the clients to XP. We didn't have roving profiles on our
old network and we would like to enable them on our new network.

We are going to store the profiles in subdirectory in each users home
network drive. My question is, how are the profiles setup? Do we need
to setup a profile that we would like all the users to have and then
copy that profile to all the users home drives?

Or is there any easier way, ie. I am thinking there might be a default
profile share we could setup on the server. If a user logs in and the
profile doesn't exist (in the profile path in the user account eg.
\\server\users\jbloggs\profile) then the server creates a new profile
based on the a default profile on the share and is copied to the the
users profile directory. Then all we would need to do is setup a
perfect profile on a PC (with everything setup have we want) and copy
it to the default profile folder on the server.

Any advice appreciated.

Thanks,

Bruce.

PS. I heard that the user's profile is copied in the client when the
user logs in. I know that ntuser.dat would need to be copied but would
it aslo include the contents \desktop and \my documents etc.? Wouldn't
that be a bit crazy? It could take ages to copy the files. Surely they
are best left on the server. Also, I heard that the profile can be
cached on the client. Wouldn't this be a a bit insecure if the users
\desktop and \my documents folder remains on the PC for the next
person to logon and look at (albeit with NTFS protection). Also,
wouldn't the cumulation of users profiles fill up the harddrive (if
lots of different people use a single PC)?

 

[Lanwench [MVP - Exchange]]

For the profile share, don't use a subdir of the home directory - keep
things clean, and create a folder for all profiles. Make it a hidden share
like PROFILES$. The security will take care of itself once the profiles are
created...

Specify \\servername\profiles$\%username% in each user's profile path.

Note - don't let W2k users roam to XP PCs or vice versa - the profiles are
OS-specific

 

[Bruce]

Bruce,

I had some fun myself setting up roaming profiles on a Win
2000 server environment. It is really quite simple, when
you know how. Microsoft tried to make this step easier
than it has been in the past, however most people get
confused with change.

I assume that you are running active directory and have
all the users, groups and OU's set up. If you go the the
properties for a user you will see a "Profile" tab, in
this tab there is an option to enter a path for a profile.
If you enter a valid network path that all nodes have
access to, then that users profile will become roaming
automatically. I recomend using \\server\share\%username%
to automatically create a seperate profile for each user.
If the network user that has been set up has the same
details as the local profile, then it should automatically
copy the local profile to the roaming profile.

I think the Network Manager decided to put the profiles in the home
drive so that we only need one disk quota set per user, otherwise we
would need 2 (one for the profile directory and one for the home
drive).

If the user credentials differ, or you want to have a
standard profile used amoung the domain, then once roaming
profiles are set up (assuming you havn't set them all to
have the one profile location, because they will then
already be the using the same profile) you can go into
System Properties, go to the profile tab, and use the copy
option to copy a set profile that you want to use to the
roaming profile for each user

Yes we want each user to have their own profile but we would like to
be able to decide that everyone's initial profile is. I sounds from
what you are saying, as it is they will all end up with (as their
roaming profile) a copy of the "Default profile" that was on the
client machines.

When you say we could use system properties -> profile tab to copy a
set profile (on a client machine), would we have to copy a set profile
for every user manually (possibly having to ask them login first)?
This would be impractical.

What's really annoying me is that it looks like all users are going to
end up with the default Windows XP "Telly Tubby" Theme which I think
is aweful. I wonder if there is a way we can change all user's themes
using group policy (after we have moved everyone over to roaming
profiles)? Of course, there are other parts of the profile that need
changing too eg. show extensions of known file types).

.. If you are to do it this

way users will be able to make changes that will be unique
to themselves, rather than a completly set profile.

I also suggest that for your own control, before
activating roaming profiles, to set a GPO to allow for the
administrator to be added to each profile permisions,
otherwise by default only that user can have access to
their profile on the share. I wanted to add a shortcut to
each users desktop and found that even the top level
administrator doesn't have permission to do so, only the
user. If you have trouble finding the GPO option for this
then use help, it is quite good for this.

Good luck with it all.

Ben.

Thanks for your advice,

Bruce.

 

[Lanwench [MVP - Exchange]]

I think the Network Manager decided to put the profiles in the home
drive so that we only need one disk quota set per user, otherwise we
would need 2 (one for the profile directory and one for the home
drive).

Bad idea from a management standpoint if you ask me. For disk quotas by
folder size, get third party quota software that can operate on a folder
size basis.
If you need to manage a lot of profiles all at once, like to move them to
another server, having them all in one separate location is the only way to
go. And in the home directory, users are bound to screw something up - trust
me.

Yes we want each user to have their own profile but we would like to
be able to decide that everyone's initial profile is. I sounds from
what you are saying, as it is they will all end up with (as their
roaming profile) a copy of the "Default profile" that was on the
client machines.

When you say we could use system properties -> profile tab to copy a
set profile (on a client machine), would we have to copy a set profile
for every user manually (possibly having to ask them login first)?
This would be impractical.

It's a pain to copy profiles. I don't bother. They get the default and can
customize what they like.

What's really annoying me is that it looks like all users are going to
end up with the default Windows XP "Telly Tubby" Theme which I think
is aweful. I wonder if there is a way we can change all user's themes
using group policy (after we have moved everyone over to roaming
profiles)? Of course, there are other parts of the profile that need
changing too eg. show extensions of known file types).

I think you can turn off the Fisher-Price interface with a GPO. Might also
want to look into cloning machines with the settings you like.