Setting up staff laptops - domain access/profiles/offline files
(First post here - I usually just read, but could do with some guidance! :))
Looking for some advice/support with regards to staff laptops. Currently, staff have college issued laptops that do not connect to the domain. They log in using a local account (they aren't set up as local administrators thank God!) and a script maps their network drive for them when they're at work using their domain credentials. When they're at home, they save everything to the local My Documents - transferring files and stuff has been down to them previously/currently, with no automatic syncing or anything. This has led to a bit of a disaster situation. Most staff accounts on the domain are near empty, with hardly any documents etc. as all their junk is stored locally. Also staff are used to using their local log on details so very rarely log on to a domain machine. When they need to log on there's usually a lot of hassle with regards to forgotten user names and passwords and "oh, I forgot, I saved that file on my laptop...". As well as files not being backed up anywhere near enough!
What I am looking to do is to simplify the whole deal by imaging the laptops and adding them to the domain. Then allow staff to log on using their domain credentials only, no local accounts (allowing cached credentials for when they use them at home). I'll transfer all their current "My Documents" to their network U: drive and hopefully enable offline files so they can work on documents off and on-site and have them automatically synced (assuming this works as I understand it, copies will be made locally and then synced back to U: when next connected to the domain?)
Now my main question/issue - profiles. On the domain all users use mandatory profiles. I would like the staff laptops to use local mandatory profiles if possible to help with log on speeds and so we don't add too much extra network traffic. So can I specify the profile path in Active Directory to C:\StaffProfile rather than using a network share? I did try it earlier briefly, and when I logged in it told me that it couldn't find the profile and was going to use a temp local profile... it is possible I made a typo or something though as I was checking on the off-chance and not paying too much attention... :)
Anyway thanks for any help/advice, just wanting to know if this setup sounds alright... I know this post is long but ah well. I am pretty much a novice with actually setting these things up as 98% of things were already set up when I got here.
In short my plan is:
- add laptops to domain, get staff to log on using domain credentials (and cached credentials from home)
- have staff profiles redirected using AD to a local mandatory profile (e.g. C:\StaffProfile)
- redirect My Documents to U: drive, enable offline files for home use
- lock down laptops using similar GPOs to other domain machines
Cheers! (using Windows Server 2003 and XP Pro clients if it helps).