Ian Toltz said:
Thanks for the advice!
I haven't seen any KB articles saying it was possible, but I have seen
forum postings linking to deleted KB articles suggesting it was
possible. Actually, in my research, it seems like a lot of KB links
regarding adm files (including links from Microsoft's site itself)
have been deleted.
Also, the limit seems to be much higher under Windows Vista. I tried
it on a Vista machine and was able to set it to 999,999 KB (didn't try
any higher, just typed in a big number). Of course, it's entirely
likely that they changed the code that adjudicates that in Vista, so
that doesn't mean it would necessarily port over to XP.
The annoying thing is this: Most of our machines DO use Vista, but our
server is server 2003, and that's where the GP comes from.
Well, that makes sense - where else would it come from? ;-)
But you really don't want profiles that large anyway.
Our main problem is some software. We're an educational institution,
and certain programs (the current complaint is in regards to NetBeans)
apparently like to dump lots of stuff in the profile which is taking
the students over the 30 megabyte limit for profile size. From what I
understand this is not a simple thing to change from within the
program itself.
Nor should you, I'd think.
I've no experience with folder redirection, but it sounds like a good
answer.
Oh, absolutely.
All our users are given a network drive, so if there was some
way to subtly redirect whatever it is NetBeans is doing to that
network folder it seems all the problems would go away. Of course,
that's assuming there's not some new issue brought up with network
drives... (for example, .Net applications and Visual Studio don't work
well off of a network drive due to security restrictions)
I'm sure your software is putting its data in Application Data. Redirect
that, my documents, and desktop, and you'll be a happier camper. Your users
profiles will all be smaller, your login/logout times will be faster. Set up
a GPO and link it to a test OU you create - play with this on a single
workstation first.
----General tips:
1. Set up a share on the server. For example - d:\profiles, shared as
profiles$ to make it hidden from browsing. Make sure this share is *not* set
to allow offline files/caching! (that's on by default - disable it)
2. Make sure the share permissions on profiles$ indicate everyone=full
control. Set the NTFS security to administrators, system, and users=full
control.
3. In the users' ADUC properties, specify \\server\profiles$\%username% in
the profiles field
4. Have each user log into the domain once from their usual workstation
(where their existing profile lives) and log out. The profile is now
roaming.
5. If you want the administrators group to automatically have permissions to
the profiles folders, you'll need to make the appropriate change in group
policy. Look in computer configuration/administrative templates/system/user
profiles - there's an option to add administrators group to the roaming
profiles permissions.
Notes:
* Make sure users understand that they should not log into multiple
computers at the same time when they have roaming profiles (unless you make
the profiles mandatory by renaming ntuser.dat to ntuser.man so they can't
change them). Explain that the
last one out wins,
when it comes to uploading the final, changed copy of the profile.
* Keep your profiles TINY. Via group policy, redirect My Documents at the
very least - to a subfolder of the user's home directory or user folder.
Also consider redirecting Desktop & Application Data similarly..... so the
user will have:
\\server\home$\%username%\My Documents,
\\server\home$\%username%\Desktop,
\\server\home$\%username%\Application Data.
Alternatively, just manually re-target My Documents to
\\server\home$\%username% (this is not optimal, however!)
If you aren't going to also redirect the desktop using policies, tell users
that
they are not to store any files on the desktop or you will beat them with a
stick. Big profile=slow login/logout, and possible profile corruption.
* Note that user profiles are not compatible between different OS versions,
even between W2k/XP. Keep all your computers. Keep your workstations as
identical as possible - meaning, OS version is the same, SP level is the
same, app load is (as much as possible) the same.
* Do not let people store any data locally - all data belongs on the server.
* The User Profile Hive Cleanup Utility should be running on all your
computers. You can download it here:
http://www.microsoft.com/downloads/...6D-8912-4E18-B570-42470E2F3582&displaylang=en
Roaming profile & folder redirection article -
http://www.windowsnetworking.com/ar...e-Folder-Redirection-Windows-Server-2003.html
Here's my boilerplate onroaming profiles,
