How to disable Roaming Profile when not conneccted?

  • Thread starter Thread starter Hank Arnold
  • Start date Start date
H

Hank Arnold

Our domain is running Win2K Server w/AD. We are running a 2 server Citrix
MetaFrame XPa farm that all users log onto to run their office and e-mail
apps. Our medical database (Misys) is running on a SQL200 server.

We have about 30 nurses who use laptops to do patient assessments off line
and they synchronize the databases by connecting to the network (either
directly or via VPN). Currently their laptops are set up for a domain
logon. They use the local copy automatically when they log on in a
disconnected state.

We currently have local profiles in our domain. We are in the process of
migrating users to roaming profiles. This is necessary because trying to
keep the profiles on the two Citrix servers is becoming a problem. Also, we
want the profiles on a server that is part of a High Availability cluster so
that logon will always happen with no problems.

Our problem is with the laptop users who try to log on disconnected. If they
are in that state and they have a roaming profile, then they get error
messages about not being able to download the profile and that a
default/local copy is being used (and won't be saved).

Our concern here is that this will cause confusion and problems with the
nurses. We're talking about people who flooded the Help Desk with calls when
we change the name of an icon..... I need to eliminate these error messages.
But I need to keep their AD account set up for roaming profiles. They often
will log onto a pool computer to log onto the Citrix server at the office.
Local logons are a problem since I lose the GPO settings that are currently
enforced on the laptop users (and
believe me, we need them enforced......).

I'm thinking that there are two possibilities. One is to set the laptop up
as a local logon. The other is to set up the laptop so that it does not
attempt download/upload the profile if it is not network connected.

Any ideas or suggestions would be greatly appreciated....
 
Hank Arnold said:
Our domain is running Win2K Server w/AD. We are running a 2 server Citrix
MetaFrame XPa farm that all users log onto to run their office and e-mail
apps. Our medical database (Misys) is running on a SQL200 server.

We have about 30 nurses who use laptops to do patient assessments off line
and they synchronize the databases by connecting to the network (either
directly or via VPN). Currently their laptops are set up for a domain
logon. They use the local copy automatically when they log on in a
disconnected state.

We currently have local profiles in our domain. We are in the process of
migrating users to roaming profiles. This is necessary because trying to
keep the profiles on the two Citrix servers is becoming a problem. Also, we
want the profiles on a server that is part of a High Availability cluster so
that logon will always happen with no problems.

Our problem is with the laptop users who try to log on disconnected. If they
are in that state and they have a roaming profile, then they get error
messages about not being able to download the profile and that a
default/local copy is being used (and won't be saved).

Our concern here is that this will cause confusion and problems with the
nurses. We're talking about people who flooded the Help Desk with calls when
we change the name of an icon..... I need to eliminate these error messages.
But I need to keep their AD account set up for roaming profiles. They often
will log onto a pool computer to log onto the Citrix server at the office.
Local logons are a problem since I lose the GPO settings that are currently
enforced on the laptop users (and
believe me, we need them enforced......).

I'm thinking that there are two possibilities. One is to set the laptop up
as a local logon. The other is to set up the laptop so that it does not
attempt download/upload the profile if it is not network connected.

Any ideas or suggestions would be greatly appreciated....
Click to expand...

I believe that when a computer logs onto a domain one can choose to logon to
the local domain or onto the local computer in the logon screen. Is this
not the case for you? Right on the screen where they enter the username and
password there's a box that shows up below it if you click the details
button that allows you to choose which domain to logon to and one of the
choices is the local computer. Once you logon to the local computer it'll
use the local profile. At least that's the way I understand it and I know
that it happens because one of the companies I do system administration for
has their computers working that way. I was part of setting them up with
the domain and roaming profiles and we didn't do anything special. The only
possible difference I can think of is that they actually had local profiles
first then we moved them over to roaming profiles later. Try that sequence
and see if that makes you life easier.

Joe
 
Hi Arnold,

if it can help you, I can tell you my own experience with laptops and
roaming profiles.

We use roaming profiles for both desktop and laptop users according to
following details (W2K AD Native Mode domain, XP Pro SP1-2).

Desktop Users:

- roaming profiles stored on server
- local profile is always deleted after logoff (through GP)

Laptop Users:

- roaming profiles stored on server (same as desktop users)
- local profile is NOT deleted after logoff
- warning message time value: 1sec
- home folder adminitratively available offline

This way, when laptop users connect offline, they will be able to use
the latest local copy of their profile and will not be annoyed by the
typical warning message that appears when the server copy of the
profile cannot be reached. Home folder and other network drives can be
made available offline through GP.

This is what we did and it seems to work fine for our laptop users.

Bye Bar
 
Could you post the details on how you accomplished this? Sounds like
something worth looking at...
 
I'm not exactly sure what you are talking about..... When we log onto the
laptop, there are two choices, a domain logon and a local logon.

My concerns are:

1) That the user does not have to deal with repeated messages about not
being able to download the profile (requiring actions on their part)
2) That the domain GPO is applied to their logon.
 
Hank,

What I would recommend is that for the users who use desktop/laptops, keep
their profiles local to those machines (ie don't make them roaming). Based
on your post, I believe what you need are roaming terminal server profiles
which are not the same as user profiles. They are mainteained on a separate
page within the user account properties in AD.
Specifically, what you want is to set up the roaming terminal server profile
for each user who logs onto TS/Citrix and have it stored on a share somewhere
on a file server. This will not impact the laptop users the way they log in
today. It only affects users when they log on to a terminal server/Citrix
server.
Any GPO's that you want to apply to the users when they logon to a terminal
server can be enforced by putting the terminal servers into their own OU,
creating a GPO at that OU and enabling loopback policy processing (merge
mode) within that GPO.

Hope that helps,

Mike.
 
Back
Top