[Samba] Creating mandatory profiles (not making profiles
mandatory)
Ilia Chipitsine
ilia at paramon.ru
Thu Feb 3 05:40:00 GMT 2005
> Ilia Chipitsine schrieb:
>
>>> Hi,
>>> is it possible to create the user profiles by copying a template, change
>>> file ownership and modify the SID in NTUSER.DAT using the profile tool?
>>> We have many problems with broken profiles. This has become time consuming
>>
>> ^^^^^^^^^^^^^^^
>> there're few tips which I came to after using roaming profiles for several
>> years, those tips will significately reduce number of problems with roaming
>> profiles:
>>
>> 1) watch that profiles are less than 30Mb (number of files also is
>> important)
>>
>> 2) when user first logs in, if there no profile exists, "Default User"
>> profile is taken from \\$LOGONSERVER\NETLOGON, so you can have special
>> default profile for new users. otherwise local "Default User" profile is
>> taken.
>>
>> 3) redirect common folders like Desktop, My Documents out of roaming
>> profile. they can live on network share in user's home directory, but not
>> in the roaming profile. this can be achived either by manipulating registry
>> directly or by using nt4 style domain policies, I can even send You custom
>> ADM template for that.
>>
>> Outlook.pst can also be redirected out of roaming profile.
>> simply move it to another place and start MS Outlook, it will ask You where
>> to find outlook.pst
>>
>> 4) be careful with terminal services. samba doesn't understand separate
>> profiles for terminal services, so you can ruin roaming profile.
>>
>> 5) make sure you are using the same version of Windows on all computers.
>> w2k <--> xp can also break many things in profile
>>
>> 6) make sure other things than Windows are the same on all computers.
>> particularly MS Office.
>>
>> 7) You can create "profile backup system",
>>
>> put, for example
>>
>> regedit /e \\SERVER\share\%UserName%-of2k3.reg
>> "HKEY_CURRENT_USER\Software\Microsoft\Office\11.0"
>>
>> at logon script and after that You can easily delete broken profile and
>> restore required things from backup.
>>
>> 8) xp behave weird on roaming profiles.
>> even if You reqiure "delete cached copies of roaming profiles on exit", xp
>> leaves copy and !!! if You delete network copy of roaming profile (in order
>> to create profile from "Default User"), xp picks up local cached copy. so,
>> in such case You need to remove both network and local cached copy of
>> profile. no idea how to make xp delete it on exit.
>>
>>> and frustrating - when a user experiences an error or weird behaviour of
>>> an application I can never be sure wether the cause is a "wrong user
>>> error", a broken profile or defect in installation. If I want all users or
>>> groups of users to have the same profile I should be able to create it for
>>> them.
>>> I already use the "default user", but with that I only can make a profile
>>> mandatory after the user's first logoff.
>>> I could try myself, but I sometimes experience that "tricks" that work at
>>> first and look good have some side effects I didn't think of, so I would
>>> appreciate comments from people who tried that, or maybe someone knows why
>>> this is rather a bad idea.
>>>
>>> With kind regards,
>>> Malte Mueller
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/listinfo/samba
>>>
>>
>>
> Thanks a lot Ilia!
>
> We have 200 PC and nearly all have a reborn-card or such, which prevents any
> lokal changes, so local copies of profiles do not exist. Users log in very
> often to different Computers and need to have a defined environment i.e. an
> available profile. I already use a "default user"-profile and redirected
> folders (thanks John, the book helped a lot). Nevertheless I feel that I
> cannot rely on the profiles' integrety once a user had a chance to modify it.
> Making a registry copy is a good tip, i will use that, at least for some
> users. But rather than backing up I would very much appreciate to set up a
> defined profile for each user. I think it would make life a lot easier for me
> (and the users).
I would left capability of changing profiles for users.
there's some VFS module for faking read-only access. but I'm afraid You
will have even more problems this way.
Just regular registry backup (as I suggested) and it will work like charm.
You already did the rest :-)
>
> With kind regards
> Malte Mueller
>
More information about the samba
mailing list