Q: "Best" way to handle (mostly) disconnected laptop on SBS 2003 domain

[Jeff Bernstein]

Greetings:

I have a Windows Small Business Server 2003 domain set up. Almost all
of my users are using desktops. I have two users with laptops. I'd say
90% of the time the laptops don't need to be connected to the domain.
Desktop users are using local domain profiles.

I'm trying to figure out the best way to set up the profiles on the
laptops. Credential caching sounds like a security hazard in addition
to the fact that eventually the number of counts will reach zero and
the laptop user will be unable to log onto her laptop.

Ideally the laptop users will be able to use one profile that happens
to have the "ability" to be used whether connected or not connected to
the domain.

When the user logs in will she have to switch between the domain and
the computer "domain" while still being able to use one and the same
profile (so all her settings, desktop, Outlook, etc. stays the same
whether she's connected to the local network or not)?

Will anyone direct me to some specific reference material, give me the
answer, or give me some better words to google than "laptop,"
"domain," and "profile?"

Thanks!

 

[Guest]

Hi, I have the same in my company however with 4 laptop users including
myself. The solution I have was to use roaming profiles, this way the laptop
will sync my documents, exchange etc every time its plugged into the network
and then when not the user will just log on as normally and it will use the
latest cached profile. It does increase the boot and shutdown times but its
the safest way. The user can then have his My Documents synced everytime he
logs on so the SBS server will always have the most up to date profile.
Hope this helps.

 

[Lanwench [MVP - Exchange]]

Greetings:

I have a Windows Small Business Server 2003 domain set up. Almost all
of my users are using desktops. I have two users with laptops. I'd say
90% of the time the laptops don't need to be connected to the domain.
Desktop users are using local domain profiles.

I'm trying to figure out the best way to set up the profiles on the
laptops. Credential caching sounds like a security hazard in addition
to the fact that eventually the number of counts will reach zero and
the laptop user will be unable to log onto her laptop.

Not sure what you mean by "number of counts". They can use cached
credentials for a long time. I don't use local logins even for laptop
users - will there be any sort of VPN access? What are the laptops going to
be used for?

Ideally the laptop users will be able to use one profile that happens
to have the "ability" to be used whether connected or not connected to
the domain.
Yep.

When the user logs in will she have to switch between the domain and
the computer "domain" while still being able to use one and the same
profile (so all her settings, desktop, Outlook, etc. stays the same
whether she's connected to the local network or not)?

No, not if you only use one login/profile, which is advised.

Will anyone direct me to some specific reference material, give me the
answer, or give me some better words to google than "laptop,"
"domain," and "profile?"

Really might be best if you specified what the predicted use of these
laptops will be.

 

[Torgeir Bakken \(MVP\)]

Greetings:

I have a Windows Small Business Server 2003 domain set up. Almost all
of my users are using desktops. I have two users with laptops. I'd say
90% of the time the laptops don't need to be connected to the domain.
Desktop users are using local domain profiles.

I'm trying to figure out the best way to set up the profiles on the
laptops. Credential caching sounds like a security hazard

It is not.

in addition
to the fact that eventually the number of counts will reach zero and
the laptop user will be unable to log onto her laptop.

There is no countdown.

The number you have seen referred is a number indicating for how many
users the computer should remember cached credentials for, and not how
many times a user can log on with cached credentials in a row (because
that is unlimited and cannot be changed).

Ideally the laptop users will be able to use one profile that happens
to have the "ability" to be used whether connected or not connected to
the domain.

Logging on with cached domain credentials when offline is the best
option that exists for this, and it works very well.

 

[Jeff Bernstein]

It is not.



There is no countdown.

The number you have seen referred is a number indicating for how many
users the computer should remember cached credentials for, and not how
many times a user can log on with cached credentials in a row (because
that is unlimited and cannot be changed).



Logging on with cached domain credentials when offline is the best
option that exists for this, and it works very well.

Excellent. My issue now is how to move the current local profile to a
domain profile w/o losing her email, settings, etc.

Thanks!

Jeff

 

[Torgeir Bakken \(MVP\)]

Excellent. My issue now is how to move the current local profile to a
domain profile w/o losing her email, settings, etc.

Hi

We solve this by (in the registry) changing the profile path for
the new user to point to the old user's profile folder (the user
needs to log on at least once first).


From: Bruce Sanderson ([email protected])
Subject: Re: Moving a W2K PC between domains
Newsgroups: microsoft.public.win2000.general
Date: 2002-08-05 17:32:49 PST
http://groups.google.com/groups?selm=uz48D$NPCHA.612@tkmsftngp08

If the user is not a local admin, you might need to to something on the
permission side. Use tip 4631 and 2240 in the 'Tips & Tricks' at
http://www.jsiinc.com as a guide.


More here as well:

Subject: Re: Lost profile when domain name changes
Newsgroups: microsoft.public.win2000.active_directory
http://groups.google.com/groups?th=262e40881c856d53


HOW TO: Restore a User Profile in Windows 2000
http://support.microsoft.com/default.aspx?scid=KB;en-us;314045