Jump to content

[help] issues with roaming profiles.

janus zeal
 Share

Recommended Posts

janus zeal

janus zeal

Posted
Posted (edited)

I have a windows 2k3 domain server and im haveing some problems with peoples profiles. (includeing mine :P)

one example is my (and others) wallpapers wont stay. we pick one, log off, log back on, and its gone.

another thing is, one of my users has limewire, and he downloads stuff to %userprofile%/shared/ and its not there when he logs back in, or in to another system.

other then the wallpaper most profiles settings seem to transfer from one system to another...

(another issue is that even people who are members of the admin group dont seem to have admin powers)

Edited by janus zeal
Link to comment
Share on other sites

allen2

allen2

Posted
Posted

If users with roaming profiles loose their wallpaper, it means they don't have the rights to modify their roaming profile or they don't own the files in the roaming profile. For the other problem, if the users are members or the local admin group of their computer, the should be admin of this computer. In AD there are two admin groups entreprise admins and domain admins, the one which has the most of rights is the entreprise admins group. Anyway roaming profiles are allways a bad idea.

Link to comment
Share on other sites
janus zeal

janus zeal

Posted
  • Author
Posted (edited)

The file is named ntuser.dat, so thats not the problem. however, the owner of all the profile folders is alucard/administrators. is there a way to give ownership of the folders to each user without being loged in to their accounts?

Ive managed a domain before, but im new to active directory and roaming profiles. ^_^;

Edited by janus zeal
Link to comment
Share on other sites
InTheWayBoy

InTheWayBoy

Posted
Posted

Can't comment on the permissions issue, but I can chime in on the LimeWire "Shared" folder...roaming profiles only handles certain folders in the profile directory. For example, the "Local Settings" folder isn't involved in the roaming profiles (Hence the name). Since LimeWare has bad habit of using a folder in the profile instead of a folder in your My Documents, that will never be apart of your roaming profile. I don't even think there is a way to include extra folders via AD...you could construct a logon script that would help with this, but I really don't think it's worth the time.

Keep in mind the stress that will be put on your network is your roaming profiles grow large, say from downloads. It's best to keep things like that either local to the computer or have it setup to stay on the server through mapped drives. Each time that user jumps to a new machine it would have to transfer all those files, which not only slows down the logon for the user but will cause issues for other users as well.

Link to comment
Share on other sites
janus zeal

janus zeal

Posted
  • Author
Posted
Keep in mind the stress that will be put on your network is your roaming profiles grow large, say from downloads. It's best to keep things like that either local to the computer or have it setup to stay on the server through mapped drives. Each time that user jumps to a new machine it would have to transfer all those files, which not only slows down the logon for the user but will cause issues for other users as well.
thats what im doing, all downloads go to c:\localdownloads\ i think for some resion that the ACL for my user folders got corrupted.
Link to comment
Share on other sites
JuMz

JuMz

Posted
Posted (edited)
Keep in mind the stress that will be put on your network is your roaming profiles grow large, say from downloads. It's best to keep things like that either local to the computer or have it setup to stay on the server through mapped drives. Each time that user jumps to a new machine it would have to transfer all those files, which not only slows down the logon for the user but will cause issues for other users as well.

I thought the whole idea of roaming profiles is that it doesn't transfer those files LOCALLY but are stored on the server. So it won't matter what machine you go on, you are always indirectly mapping to that server where you can access your mydocs, desktop, exchange store, etc...Or do I have this wrong? In my environment @ work, I know that nothing is copied locally, and I have seen that my MyDocuments is acually being mapped to \\USERSRV\<usernamehere>$\Mydocuments etc...

Edited by JuMz
Link to comment
Share on other sites
janus zeal

janus zeal

Posted
  • Author
Posted
In my environment @ work, I know that nothing is copied locally, and I have seen that my MyDocuments is acually being mapped to \\USERSRV\<usernamehere>$\Mydocuments etc...
I wish i knew how to do that. everything we do is cached locally. copying to the local drive on login, and copying back to server on logout.
Link to comment
Share on other sites
JuMz

JuMz

Posted
Posted
In my environment @ work, I know that nothing is copied locally, and I have seen that my MyDocuments is acually being mapped to \\USERSRV\<usernamehere>$\Mydocuments etc...
I wish i knew how to do that. everything we do is cached locally. copying to the local drive on login, and copying back to server on logout.

I think I have found the solution!

http://www.windowsnetworking.com/articles_...erver-2003.html

Link to comment
Share on other sites
InTheWayBoy

InTheWayBoy

Posted
Posted (edited)

What you are all are looking for is called Folder Redirection, at least in regards to AD/GPO. What that does is tells the local computer to look to the server for various locations. GPO only supports four different properties for Folder Redirection:

Desktop

My Documents

Application Data

Start Menu

All that's really happening is the GPO is editing several registry entries that tell the OS where things are. They are all located here:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

If you look there you will see more than just four entries...a common 'hack' is to use this to redirect the location of your Favorites.

Best way to accomplish this in my opinion:

1. Createa a share with the correct permissions for your users (\\server\share)

2. Each user should have their own folder in that share labeled after their username (\\server\share\username)

3. In each users folder create a folder for each item you want to redirect (\\server\share\username\desktop)

4. Create a script that will map a drive using the username of the current user. I use AutoIt and it looks like this:

MapDriveAdd("X:","\\server\share\"&@UserName)

5. In that same script, but after the drive is mapped, have another line perform a registry edit like so:

RegWrite("HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","Desktop","REG_SZ","X:\desktop")

What this does is map the main folder for the user as a drive (X:\), and from there the script changes the registry to look to the correct folder in that mapped drive. I find that it's more reliable to do this to a drive than an UNC in case you were wondering. You could skip the whole drive mapping portion and just go straight to the server.

This, in combination with roaming profiles is a pretty solid package. Since the major stuff is redirected the files that are transfered with the roaming profile with be small in most cases.

As for the Offline Files question, this has always been a pain for me. I know one thing to look for is the share properties on the server. There should be a section that gives you three caching options...can't remember the exact location, but it's accessable via right-click > properties on the share. There is an option to never allow files to be used online, and I think that will effectively trump the local machines attempts to use offline files. Also, there are GPO settings specifically for Offline Files, and there is also another for disabling the automatic offline files for redirected folders. I can't give locations at the moment so you'll have to dig.

Edited by InTheWayBoy
Link to comment
Share on other sites
janus zeal

janus zeal

Posted
  • Author
Posted

Thanks for the tip on the regkey.

Ive tryed the offline files setting in the share properties for the folder, but it doesnt effect what the workstations do with the folders. useing folder redirection is awesome for speeding up logon/off time, but its sorta pointless if windows has to sync all the offline files folders anyways. i will look around in the group policy editor and on google tomarrow. im at my parrents house for the night and im not about to try VNC over a cellular dialup connection to work on the server.

Thanks for all the help. lol i love MSFN. xD

Link to comment
Share on other sites
allen2

allen2

Posted
Posted

You can change the owner manually when logged with admin rights:

- select the folder, right click, properties

- security tab

- advanced

- owner tab

- other users and groups

- select the user

- check the replace owner on subcontainers and objects.

- click apply.

This is only available on windows 2003.

I didn't found any working tools to do it from command line.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...