Laptops XP Logins

[Patrick Dunford]

OK, everyone on a corporate network must have faced this one. Your users
have laptops and are joined to the domain so that they can log into the
server just as if they were working at a desktop PC.

The problem is that they need a local login to use when they are not
plugged into the network, and this gives them a different profile from
the roaming one that gets downloaded from the server.

The server is set up to deliver roaming profiles automatically, can it be
overridden in a local machine? And then can I make the two different
logins, the server one and the local one, use the same local profile?

 

[T-Boy]

OK, everyone on a corporate network must have faced this one. Your users
have laptops and are joined to the domain so that they can log into the
server just as if they were working at a desktop PC.

The problem is that they need a local login to use when they are not
plugged into the network, and this gives them a different profile from
the roaming one that gets downloaded from the server.

The server is set up to deliver roaming profiles automatically, can it be
overridden in a local machine? And then can I make the two different
logins, the server one and the local one, use the same local profile?

What's wrong with logging on to the domain when you're not physically
connected to it? (The logon goes fine - uses cached credentials). VPN
to the domain (if req'd). OWA to exchange. Where's the prob ???

The only thing (domain wise) is that it might be prudent to have some AD
OU's like: "Desktop" and "Portable" (or whatever) and apply a tighter
lockdown for portable users. (MS have something on that somewhere on
their website - and MS's Security Guidance Kit (I think that's what it's
called).

 

[Dave - Dave.net.nz]

The problem is that they need a local login to use when they are not
plugged into the network, and this gives them a different profile from
the roaming one that gets downloaded from the server.

If they have already logged in once to the laptop, it should load a
cached copy of their network profile.
Is there a specific need for them to have local logons too? assuming
that they have already done above and can use it as what is effectivly a
"local logon" anyway.

 

[Patrick Dunford]

20:23:52 +1200, Dave - Dave.net.nz

If they have already logged in once to the laptop, it should load a
cached copy of their network profile.
Is there a specific need for them to have local logons too? assuming
that they have already done above and can use it as what is effectivly a
"local logon" anyway.

So you can "log into the domain" even when you're not physically
connected?

 

[K T T]

20:23:52 +1200, Dave - Dave.net.nz



So you can "log into the domain" even when you're not physically
connected?

Yes

 

[Nathan Mercer]

OK, everyone on a corporate network must have faced this one. Your users
have laptops and are joined to the domain so that they can log into the
server just as if they were working at a desktop PC.

The problem is that they need a local login to use when they are not
plugged into the network, and this gives them a different profile from
the roaming one that gets downloaded from the server.

The server is set up to deliver roaming profiles automatically, can it be
overridden in a local machine? And then can I make the two different
logins, the server one and the local one, use the same local profile?

Windows XP has cached credentials. Logon when plugged into the LAN,
and then you can login offline with the same account
Perhaps you have disabled it? I'm pretty sure its on by default

Cheers
Nathan

 

[Patrick Dunford]

Windows XP has cached credentials. Logon when plugged into the LAN,
and then you can login offline with the same account
Perhaps you have disabled it? I'm pretty sure its on by default

Probably on, but we never tried it

Does it just use the local cached version of the profile?

 

[Patrick Dunford]

on Mon, 16 Aug 2004 23:10:42 +1200, Patrick Dunford

Probably on, but we never tried it

Does it just use the local cached version of the profile?

I just remembered the other reason why we don't want to use a roaming
profile.

We don't want to cache their desktop and all the subfolders in the
profile because it takes too long to send it back to the server at
logoff. Also there is a quota limitation on the server for profile size.

 

[T-Boy]

on Mon, 16 Aug 2004 23:10:42 +1200, Patrick Dunford


I just remembered the other reason why we don't want to use a roaming
profile.

We don't want to cache their desktop and all the subfolders in the
profile because it takes too long to send it back to the server at
logoff. Also there is a quota limitation on the server for profile size.

*Cached logon credentials* - nothing to do with the profile - per se.

 

[Lanwench [MVP - Exchange]]

nz.comp on Mon, 16 Aug 2004 23:10:42 +1200, Patrick Dunford


I just remembered the other reason why we don't want to use a roaming
profile.

We don't want to cache their desktop and all the subfolders in the
profile because it takes too long to send it back to the server at
logoff. Also there is a quota limitation on the server for profile
size.

Profiles should be small anyway - for desktops, use folder redirection to
point My Documents at the user's home directory, tell people not to store
files on their desktops, etc. A 10MB profile presents no real problems.
Roaming profiles are a godsend and I strongly recommend that you use them.

However, there are other things in the roaming profile that you won't want
on a laptop - for laptops, if the user will also sometimes use a desktop,
when the user logs in for the first time w/their domain/roaming profile, you
can go to control panel, system, advanced, and change the roaming profile
settings for that user to "local" so changes won't be uploaded.

For laptop users, to give them access to their data while on the road, I
usually set up a folder like c:\data and point My Documents at it - and
since I dislike offline files, I use an inexpensive third party utility
called SecondCopy from www.centered.com. That way, when they're on the LAN
or working remotely via VPN, it can synchronize c:\data with their home
directory so the data is on the server & can be backed up, administered,
etc.

 

[Dave - Dave.net.nz]

So you can "log into the domain" even when you're not physically
connected?

nope, but you can logon using the cached credentials.

 

[Disco Stu]

I just remembered the other reason why we don't want to use a roaming
profile.

We don't want to cache their desktop and all the subfolders in the
profile because it takes too long to send it back to the server at
logoff. Also there is a quota limitation on the server for profile size.

I create local user accounts for use when off network.

Users need to be trained to change domains at logon, but that's about it.

 

[Lanwench [MVP - Exchange]]

I create local user accounts for use when off network.

Not necessary - see my reply above....

 

[Patrick Dunford]

I create local user accounts for use when off network.

Users need to be trained to change domains at logon, but that's about it.

But your user now has two user profiles. Each profile has its own
settings.

 

[Dave - Dave.net.nz]

But your user now has two user profiles. Each profile has its own
settings.

and permissions.

 

[Rob]

and permissions.

Login as the local user and set their domain credentials in the
Control Panel:


In Control Panel, go User Accounts -> User Accounts -> Advanced (tab)
-> Manage Passwords -> Add

Put in "domainname\*" for the Server field and the other credentials
are self-explanatory.

Now they can login locally but access all domain resources as if they
had logged in to the domain. I've done this for a few laptop users
and they can use Exchange and everything whilst only having one
profile.

 

[Lanwench [MVP - Exchange]]

Login as the local user and set their domain credentials in the
Control Panel:


In Control Panel, go User Accounts -> User Accounts -> Advanced (tab)
-> Manage Passwords -> Add

Put in "domainname\*" for the Server field and the other credentials
are self-explanatory.

Now they can login locally but access all domain resources as if they
had logged in to the domain. I've done this for a few laptop users
and they can use Exchange and everything whilst only having one
profile.

Have never tried this - but what's the point, since they don't need to log
in locally at all in order to do anything?

 

[Guest]

Ok as a user I have had this problem come up recently and we can not figure
out how to fix it. When I am at the office I get to plug into the network
and it do my job. WHen I am away the laptop comes up and it lists the server
"xxx" and my user id. When I go to plug in my pass work it tealls me the
server is not found and will not allow me to login. How would I reset the
logon cashed information so I can log on as you all discribe with out having
a new account?