B
Barney Mowder
All-
This has got me barking at the walls.
I manage a heterogenous network with NT 4.0 PDC and BDC servers
maintaining a single NT domain for clients logging in from Win98 and
NT 40 workstations.
I have been trying to add an XP Pro laptop to the network in such a
way that the user profile for a user logged onto the laptop is the
same whether or not the laptop is connected to the LAN.
This laptop is going to be used by people travelling abroad, and will
not always be connected to the LAN. I manage this portion of the
function of the machine through Globesoft's Multinetwork Manager 6.5.
I have tried using the 'profile sharing' feature of Multinetwork
manager to share a local user profile between a local, standalone
account on the machine, and a LAN domain user, but without success.
The behaviour I am seeing is this:
Whenever a member of the LAN domain logs onto the XP Pro laptop, a
local, temporary profile is created, and when the user logs off, the
profile is discarded.
The only way I can get the profile to be non-ephemeral is to grant
the LAN user local admin rights on the XP Pro laptop, which
effectively contravenes any attempt to secure the machine.
I do NOT want to set up a roaming profile, because my users move
from machine to machine on my network, and all the machines are
different, so the profile updating will hose up the user's environment
on some other machine.
How can I make the created profiles stay on the XP machine between
sessions WITHOUT granting admin privilege to the LAN domain users?
I have been dallying with a hack to the registry which resets the
state of the created local profile from 644 to 256,
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList\<Profile-ID>]
"State"=dword:00000100
which seems to preserve the profile through 1 reboot, but which must
be forced before each logoff. This seems kludgy in the extreme- Is
there a better answer?
This has got me barking at the walls.
I manage a heterogenous network with NT 4.0 PDC and BDC servers
maintaining a single NT domain for clients logging in from Win98 and
NT 40 workstations.
I have been trying to add an XP Pro laptop to the network in such a
way that the user profile for a user logged onto the laptop is the
same whether or not the laptop is connected to the LAN.
This laptop is going to be used by people travelling abroad, and will
not always be connected to the LAN. I manage this portion of the
function of the machine through Globesoft's Multinetwork Manager 6.5.
I have tried using the 'profile sharing' feature of Multinetwork
manager to share a local user profile between a local, standalone
account on the machine, and a LAN domain user, but without success.
The behaviour I am seeing is this:
Whenever a member of the LAN domain logs onto the XP Pro laptop, a
local, temporary profile is created, and when the user logs off, the
profile is discarded.
The only way I can get the profile to be non-ephemeral is to grant
the LAN user local admin rights on the XP Pro laptop, which
effectively contravenes any attempt to secure the machine.
I do NOT want to set up a roaming profile, because my users move
from machine to machine on my network, and all the machines are
different, so the profile updating will hose up the user's environment
on some other machine.
How can I make the created profiles stay on the XP machine between
sessions WITHOUT granting admin privilege to the LAN domain users?
I have been dallying with a hack to the registry which resets the
state of the created local profile from 644 to 256,
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList\<Profile-ID>]
"State"=dword:00000100
which seems to preserve the profile through 1 reboot, but which must
be forced before each logoff. This seems kludgy in the extreme- Is
there a better answer?