Go Back   TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Roaming profile and administrator problem - Help

Windows Server Help


Reply
 
Thread Tools Search this Thread
  #1  
Old 21-11-2007
North Coast Sea Foods
 
Posts: n/a
Roaming profile and administrator problem - Help

Using Windows Server 2003 Enterprise with Clients that are XP Professional.

I have several users setup in the Domain Admin group.

They all have Roaming Profiles. When I remove them from the Domain Admin
group, their roaming profiles do not show up on the client computer
correctly?

Question 1 - Why does it matter whether or not they are in the Domain Admin
group?

Question 2 - Shouldn't their profile follow them from computer to
computer - thats basic!?

Comment - When I add them back to the Domain Admin Group - all is perfect??

Any thoughts appreciated, I have been trying to figure this one out for a
couple months now.

thx




Reply With Quote
  #2  
Old 21-11-2007
Lanwench [MVP - Exchange]
 
Posts: n/a
Re: Roaming profile and administrator problem - Help

North Coast Sea Foods <jleonard@northcoastseafoods.com> wrote:
> Using Windows Server 2003 Enterprise with Clients that are XP
> Professional.
> I have several users setup in the Domain Admin group.
>
> They all have Roaming Profiles. When I remove them from the Domain
> Admin group, their roaming profiles do not show up on the client
> computer correctly?
>
> Question 1 - Why does it matter whether or not they are in the Domain
> Admin group?
>
> Question 2 - Shouldn't their profile follow them from computer to
> computer - thats basic!?
>
> Comment - When I add them back to the Domain Admin Group - all is
> perfect??
> Any thoughts appreciated, I have been trying to figure this one out
> for a couple months now.
>
> thx


Some initial comments-

1. I'd be wary of having that many domain admins. If you have IT staff who
need to perform specific tasks, delegate them in AD. Don't give the keys to
the kingdom to so many....they don't need it to do their jobs.

2. Nobody should be using an "admin-level" account for their daily use. They
should have another account for that purpose.....and it shouldn't have a
roaming profile on it. Certainly, no account that ever logs into a DC (or
file server or whatnot) should ever have a roaming profile on it.

In my book, admins shouldn't have roaming profiles, login scripts, or group
policy settings that other, regular "user" accounts, have. Keep things
simple.

That said - this is most likely a permissions issue. Here's my boilerplate
on roaming profiles; you might review your setup to see where it varies.

-----
General tips:

1. Set up a share on the server. For example - d:\profiles, shared as
profiles$ to make it hidden from browsing. Make sure this share is *not* set
to allow offline files/caching! (that's on by default - disable it)

2. Make sure the share permissions on profiles$ indicate everyone=full
control. Set the NTFS security to administrators, system, and users=full
control.

3. In the users' ADUC properties, specify \\server\profiles$\%username% in
the profiles field

4. Have each user log into the domain once from their usual workstation
(where their existing profile lives) and log out. The profile is now
roaming.

5. If you want the administrators group to automatically have permissions to
the profiles folders, you'll need to make the appropriate change in group
policy. Look in computer configuration/administrative templates/system/user
profiles - there's an option to add administrators group to the roaming
profiles permissions.

Notes:

* Make sure users understand that they should not log into multiple
computers at the same time when they have roaming profiles (unless you make
the profiles mandatory by renaming ntuser.dat to ntuser.man so they can't
change them). Explain that the
last one out wins,
when it comes to uploading the final, changed copy of the profile.

* Keep your profiles TINY. Via group policy, redirect My Documents at the
very least - to a subfolder of the user's home directory or user folder.
Also consider redirecting Desktop & Application Data similarly..... so the
user will have:

\\server\home$\%username%\My Documents,
\\server\home$\%username%\Desktop,
\\server\home$\%username%\Application Data.

Alternatively, just manually re-target My Documents to
\\server\home$\%username% (this is not optimal, however!)

If you aren't going to also redirect the desktop using policies, tell users
that
they are not to store any files on the desktop or you will beat them with a
stick. Big profile=slow login/logout, and possible profile corruption.

* Note that user profiles are not compatible between different OS versions,
even between W2k/XP. Keep all your computers. Keep your workstations as
identical as possible - meaning, OS version is the same, SP level is the
same, app load is (as much as possible) the same.

* Do not let people store any data locally - all data belongs on the server.

* The User Profile Hive Cleanup Utility should be running on all your
computers. You can download it here:
http://www.microsoft.com/downloads/d...displaylang=en


Roaming profile & folder redirection article -
http://www.windowsnetworking.com/art...rver-2003.html


Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Tags: , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Roaming profile and administrator problem - Help"
Thread Thread Starter Forum Replies Last Post
Vista and Roaming Profile: error when loading...temp profile used YLo Vista Help 10 25-08-2009 12:55 AM
Problems with roaming profile smary Operating Systems 3 01-07-2009 08:35 AM
XP Client does not create user profile on server for Roaming Profile ChrisParker02134 Active Directory 3 08-01-2009 08:14 PM
Convert local profile to roaming profile on SBS Drewski Small Business Server 2 12-07-2008 03:26 AM
roaming profile ..access denied..canot load ur roaming profile @lo tektech Windows Server Help 2 18-12-2006 06:24 PM


All times are GMT +5.5. The time now is 01:33 PM.