Newbie - Enable User Profile Away from Network

[TheScullster]

Hi all

This is probably the most basic question ever asked on this group (so
apologies in advance!)

I have an XP client on Win2003 server network, accessing email via exchange,
shared network resources etc.

So when this user logs on using his domain username and password, his access
to the machine is (as I understand it) controlled by rights granted via the
server route. That is, he does not have a user profile accessible on the
machine without the network connection being present.
How do I enable his network presented profile so that he has access to local
software, files etc and doesn't have to use a separate profile?

TIA

Phil

 

[george]

inline

Hi all

This is probably the most basic question ever asked on this group (so
apologies in advance!)

I have an XP client on Win2003 server network, accessing email via
exchange,
shared network resources etc.

So when this user logs on using his domain username and password, his
access
to the machine is (as I understand it) controlled by rights granted via
the
server route. That is, he does not have a user profile accessible on the
machine without the network connection being present.

That depends.
Normally when a domainuser logs on to his/her workstation a so called local
profile is created and stored on the workstation.
Everything he is allowed to do (maybe install software, change settings,
desktop background, screen saver, etc.) gets stored in this local profile.

Now if the domain admin decided that domain users will have what is known as
a roaming profile, then definitions on the server have been made to ensure
that a copy of the users local profile gets stored on the server upon logoff
and made available upon logon. Chenges are then kept in the local profile as
well as in the roaming one.
Unless: the domain admin also decided that there will be no copies of
roaming profiles kept on the workstations (ie local) in which case there is
onle 1 profile, that on the server.
In this particular case, no network connection means no copy of your (last)
profile available. You might end up with a completely new, and dare I say,
rather *empty* local copy that gets chucked away again upon logoff.

How do I enable his network presented profile so that he has access to
local
software, files etc and doesn't have to use a separate profile?

Enabling the roaming profile is a setting in the Profile tab of the User
definition (object) in Active Directory.
You specify the profile path in terms of:
\\<servername>\<profile-folder-sharename>\%username%.

This being the very bare basics of the beast, hth

george

 

[TheScullster]

George

Thanks for your response.
Yes we have roaming profiles enabled, but I'm not clear on how these operate
when the equipment is mobile as opposed to the user.
I understand that a user can log onto any client and see the same desktop,
personal files etc.

I have just disconnected a PC from the network and tried to logon to the
domain.
This gives the usual message about profile settings not being saved back to
the network at the end of the session.

So, my question is:

If someone takes a laptop away and logs on as normal, what happens to any
changes he makes?
If he installs software for example, will the change be made to his local
profile and then writted back to the server when he next logs on? OR Will
the modified profile be overwritten by the version coming down from the
server?

Oh yes:

Also there seems to be a permissions thing with XP and memory sticks!
Even if I give a user administration rights, memory sticks won't work!
I have to logon as the local machine administrator to get them to work. Is
there a solution for this?

TIA

Phil

 

[george]

inline

George

Thanks for your response.
Yes we have roaming profiles enabled, but I'm not clear on how these
operate
when the equipment is mobile as opposed to the user.
I understand that a user can log onto any client and see the same desktop,
personal files etc.

I have just disconnected a PC from the network and tried to logon to the
domain.
This gives the usual message about profile settings not being saved back
to
the network at the end of the session.

So, my question is:

If someone takes a laptop away and logs on as normal, what happens to any
changes he makes?
If he installs software for example, will the change be made to his local
profile and then writted back to the server when he next logs on? OR Will
the modified profile be overwritten by the version coming down from the
server?

This depends.
If the machine has been configured (probably through Group Policies) *not*
to cache (ie. store) copies of Roaming Profiles locally then changes will
not be kept. If this setting does not apply, then changes made will be kept
in the local copy of the profile.
If the next logon is then made where the roaming profile (server version) is
available again, the local one will be 'newer' then the roaming one and the
roaming one gets updated.

Don't know about the memory stick one.


george

 

[TheScullster]

Thanks George

Looking at a trial machine, I have logged on as a domain user connected to
the network.
I have then logged off and back on without a network connection.
Everything seems OK and a folder is created under Documents and Settings for
this user.
Presumably this means that there is no policy to block client based local
profiles?
Does this also mean that a laptop user can log on with same
username/password as on the domain when away from the office?
I looked on my trial PC, but didn't see a local user account created for the
domain user! So how can a domain user log on locally with no network
available to authenticate and no local user account?
Assuming that it is possible to log on remotely with domain username, does
XP give an alert about the latest profile version being the local one as did
NT?

Sorry there's so many questions, but I've searched and searched for what I
feel is information on a basic requirement. If you have any links I would
be mighty grateful.

Thanks again

Phil

 

[george]

There is a lot to this subject, much more then easily covered in these
posts.
Maybe these can be startingpoints to get more information:
http://www.microsoft.com/resources/...3/all/techref/en-us/W2K3TR_Sec_Authn_Over.asp

See Cached Credentials on the following page:
http://www.microsoft.com/resources/...v/2003/all/techref/en-us/w2k3tr_intlg_how.asp

hth

george

 

[george]

forgot to answer some of your Q's.
inline.

Thanks George

Looking at a trial machine, I have logged on as a domain user connected to
the network.
I have then logged off and back on without a network connection.
Everything seems OK and a folder is created under Documents and Settings
for
this user.
Presumably this means that there is no policy to block client based local
profiles?

Looks like it.

Does this also mean that a laptop user can log on with same
username/password as on the domain when away from the office?

Yep, that's what cached credentials are about.

I looked on my trial PC, but didn't see a local user account created for
the
domain user!

There will not be a local account created for that user.
There will however be a local user profile present in documents and
settings.

So how can a domain user log on locally with no network
available to authenticate and no local user account?

again, that's what cached credentials are about.
in short, the logon action when he logged on in a 'domain situation' is
cached (ie. recorded and kept) in the registry on the machine.
that info is reused when logging on and no domain avaiable.
default, the last 10 domain logons are cached that way.

Assuming that it is possible to log on remotely with domain username, does
XP give an alert about the latest profile version being the local one as
did
NT?

dunno, haven't tried this in a long while.

 

[TheScullster]

George

Many many thanks!
I am still amazed/annoyed/frustrated at how difficult it can be to find
information about some fairly fundamental topics.

Phil