Windows Thread, Setting up staff laptops - domain access/profiles/offline files in Technical; (First post here - I usually just read, but could do with some guidance! )
Looking for some ...
23rd May 2010, 11:01 PM #1
- Rep Power
Setting up staff laptops - domain access/profiles/offline files
(First post here - I usually just read, but could do with some guidance! )
Looking for some advice/support with regards to staff laptops. Currently, staff have college issued laptops that do not connect to the domain. They log in using a local account (they aren't set up as local administrators thank God!) and a script maps their network drive for them when they're at work using their domain credentials. When they're at home, they save everything to the local My Documents - transferring files and stuff has been down to them previously/currently, with no automatic syncing or anything. This has led to a bit of a disaster situation. Most staff accounts on the domain are near empty, with hardly any documents etc. as all their junk is stored locally. Also staff are used to using their local log on details so very rarely log on to a domain machine. When they need to log on there's usually a lot of hassle with regards to forgotten user names and passwords and "oh, I forgot, I saved that file on my laptop...". As well as files not being backed up anywhere near enough!
What I am looking to do is to simplify the whole deal by imaging the laptops and adding them to the domain. Then allow staff to log on using their domain credentials only, no local accounts (allowing cached credentials for when they use them at home). I'll transfer all their current "My Documents" to their network U: drive and hopefully enable offline files so they can work on documents off and on-site and have them automatically synced (assuming this works as I understand it, copies will be made locally and then synced back to U: when next connected to the domain?)
Now my main question/issue - profiles. On the domain all users use mandatory profiles. I would like the staff laptops to use local mandatory profiles if possible to help with log on speeds and so we don't add too much extra network traffic. So can I specify the profile path in Active Directory to C:\StaffProfile rather than using a network share? I did try it earlier briefly, and when I logged in it told me that it couldn't find the profile and was going to use a temp local profile... it is possible I made a typo or something though as I was checking on the off-chance and not paying too much attention...
Anyway thanks for any help/advice, just wanting to know if this setup sounds alright... I know this post is long but ah well. I am pretty much a novice with actually setting these things up as 98% of things were already set up when I got here.
In short my plan is:
- add laptops to domain, get staff to log on using domain credentials (and cached credentials from home)
- have staff profiles redirected using AD to a local mandatory profile (e.g. C:\StaffProfile)
- redirect My Documents to U: drive, enable offline files for home use
- lock down laptops using similar GPOs to other domain machines
Cheers! (using Windows Server 2003 and XP Pro clients if it helps).
24th May 2010, 12:22 AM #2
All the luck in the world for you my friend, this is tedious stuff. Did you allow exclusive access to C:\StaffProfile to your users when configuring the GPO in the server? They should have exclusive access to their local profile...I think.
And i said I think because I had a similar problem ages ago with the staff laptops and implemented a similar solution to yours, and in the long run it didn't work. Staff could not wait for sync of their files on the servers, and at the end they end up having the same situation, files not being backup on the laptops and files here and there.
Believe or not, my salvation was a Terminal Server, I enable RDP over the internet and advise staff to access their work from home using RDP. At first we deny access to their local C:\ but with the time I've been a bit more relax and they can now have files on their laptops itself. But they all are full aware that we are not responsible for this data, they should we using RDP all the times on their laptops at home.
I hope some of the members of this forum will give you a better advise.
24th May 2010, 12:34 AM #3
I would recommend using roaming profiles for Staff, purely so it stores things like favourites and various program settings for staff. When logged on off-line, it will use the cached version of the profile, when logged on in school it will merge the network version and local version so changes made offline are updated to the network.
If you wanted to use a mandatory profile however, you can quite easily re-direct the profile path to a locally stored mandatory profile by doing what your described above. I tested this out with our student machines, but found the time it saved loading it locally as oppose to from the network was quite small, so we opted to keep ours networked so making changes to it was easier.
24th May 2010, 12:53 AM #4
- Rep Power
Thanks to OXP from:
maestromasada (24th May 2010)
26th May 2010, 06:16 PM #5
- Rep Power
26th May 2010, 06:44 PM #6
Personally I would try and find out why logon times are so slow - my laptops are on the domain, and the logon time, whilst not super fast, isnt an issue. We have mandatory profiles here just for the reasons that you mention and it all works well. It was changed over last summer and TBH I have had very few issues with the staff.
26th May 2010, 07:17 PM #7
- Rep Power
Well the log on times weren't excruciatingly bad, it's just that because we use mandatory profiles on all domain computers apart from these staff laptops (locally stored too) and because they're wired, GPOs applying/settings being applied/folder redirection is all pretty fast. The log on times for staff laptops on the domain were not dreadfully long but were more than I would have liked/expected. Like I said previously, I think it has to do with offline file syncing (after log in the computers were still sort of unusable for a short while). I did complete the tests by using offline files and making changes/saving new files etc. offline. I don't know... it all just seems a little messy. The main thought behind adding them to the domain was so users files were backed up regularly and for single accounts. I'd still prefer it if users were restricted to one account but I think the backup solution would work just as well with a script.
Originally Posted by witch
Last Post: 16th June 2010, 12:14 PM
By reggiep in forum Windows
Last Post: 18th November 2009, 11:53 AM
By nephilim in forum Windows
Last Post: 13th March 2009, 11:01 AM
By contink in forum Windows
Last Post: 5th June 2008, 01:33 AM
By chrbb in forum Windows
Last Post: 21st December 2006, 02:43 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)