Ok i need to get a roaming profiles up and running. I have 3 computers
that need to be able to have these profiles on it. I am running
windows 2003 server. I have been able to get one profile to be roaming
on one computer. I have also errors when trying to log in with other
users. They are telling me that my domain is not available and also i
get that a message telling me that my local policy on this system does
not allow me to logon interactively. Can some one help asap
First things first - check your DNS settings. You need to set up forwarders
in the DNS server running on your W2k3 box (or rely only on root hints) -
and all servers/clients should point *only* at the internal DNS server IP,
not your ISP's/any other external DNS servers. AD relies heavily on DNS and
if that isn't working right, a lot of other stuff won't work right either.
Re roaming profiles, here's my boilerplate:
1. Set up a share on the server. For example - d:\profiles, shared as
profiles$ to make it hidden from browsing.
2. Make sure the share permissions on profiles$ indicate everyone=full
control. Set the NTFS security to administrators, system, and users=full
control.
3. In the users' ADUC properties, specify \\server\profiles$\%username% in
the profiles field
4. Have each user log into the domain once from their usual workstation
(where their existing profile lives) and log out. The profile is now
roaming.
Notes:
* Make sure users understand that they should never log into multiple
computers at the same time when they have roaming profiles (unless you make
the profiles mandatory by renaming ntuser.dat to ntuser.man so they can't
change them). Explain that the
last one out
wins, when it comes to uploading the final, changed copy of the profile.
* Keep your profiles TINY. Redirect My Documents
to a subfolder of each user's home directory on the server - either via
group policy (folder redirection) or manually (less advisable). If you
aren't going to also redirect the desktop using policies, tell people that
they are not to store any files on the desktop or you will beat them with a
stick. Big profile=slow login/logout, and possible profile corruption.
* Note that user profiles are not compatible between different OS versions,
even between W2k/XP. Keep all your computers. Keep your workstations as
identical as possible - meaning, OS version is the same, SP level is the
same, app load is (as much as possible) the same.
* Do not let people store any data locally - all data belongs on the server.
