1. Set up a share on the server. For example - d:\profiles, shared as
profiles$ to make it hidden from browsing. Make sure this share is not set
to allow offline files/caching!
2. Make sure the share permissions on profiles$ indicate everyone=full
control. Set the NTFS security to administrators, system, and users=full
control.
3. In the users' ADUC properties, specify \\server\profiles$\%username% in
the profiles field
4. Have each user log into the domain once from their usual workstation
(where their existing profile lives) and log out. The profile is now
roaming.
5. If you want the administrators group to automatically have permissions to the profiles folders, you'll need to make the appropriate change in group
policy. Look in computer configuration/administrative templates/system/user profiles - there's an option to add administrators group to the roaming profiles permissions.
Notes:
* Make sure users understand that they should never log into multiple
computers at the same time when they have roaming profiles (unless you make
the profiles mandatory by renaming ntuser.dat to ntuser.man so they can't
change them). Explain that the last one out wins, when it comes to uploading
the final, changed copy of the profile.
* Keep your profiles TINY. Redirect My Documents at the very least; usually
best done to the user's home directory on the server - either via group
policy (folder redirection) or manually (far less advisable). If you aren't
going to also redirect the desktop using policies, tell users that
they are not to store any files on the desktop or you will beat them with a
stick. Big profile=slow login/logout, and possible profile corruption.
Ideally, redirect all three - app data, my docs, and desktop....to
subfolders of a user's personal folder on the server.
\\server\home$\%username% and the relevant subfolders created within.
* Note that user profiles are not compatible between different OS versions,
even between W2k/XP. Keep all your computers. Keep your workstations as
identical as possible - meaning, OS version is the same, SP level is the
same, app load is (as much as possible) the same.
* Do not let people store any data locally - all data belongs on the server.
* The User Profile Hive Cleanup Utility should be running on all your
computers. You can download it here:
From:
http://www.itnewsgroups.net/group/microsoft.public.windows.server.general/topic25145.aspx
***************************************************************
The other useful information about setup roaming user profiles:
* Group Policy Recommendations for Roaming User Profiles
http://technet.microsoft.com/en-us/library/cc781862%28WS.10%29.aspx
* Group Policy Settings for Roaming User Profiles
http://technet.microsoft.com/es-es/library/cc758768%28WS.10%29.aspx
http://windows-internal.net/MS.Press-Microsoft.Windows.XP/32ch10d.htm
No comments:
Post a Comment