[Samba] Creating mandatory profiles (not making profiles mandatory)

Ilia Chipitsine ilia at paramon.ru
Thu Feb 3 05:40:00 GMT 2005

> Ilia Chipitsine schrieb:
>>> Hi,
>>> is it possible to create the user profiles by copying a template, change 
>>> file ownership and modify the SID in NTUSER.DAT using the profile tool?
>>> We have many problems with broken profiles. This has become time consuming
>>                           ^^^^^^^^^^^^^^^
>> there're few tips which I came to after using roaming profiles for several 
>> years, those tips will significately reduce number of problems with roaming 
>> profiles:
>> 1) watch that profiles are less than 30Mb (number of files also is 
>> important)
>> 2) when user first logs in, if there no profile exists, "Default User" 
>> profile is taken from \\$LOGONSERVER\NETLOGON, so you can have special 
>> default profile for new users. otherwise local "Default User" profile is 
>> taken.
>> 3) redirect common folders like Desktop, My Documents out of roaming 
>> profile. they can live on network share in user's home directory, but not 
>> in the roaming profile. this can be achived either by manipulating registry 
>> directly or by using nt4 style domain policies, I can even send You custom 
>> ADM template for that.
>> Outlook.pst can also be redirected out of roaming profile.
>> simply move it to another place and start MS Outlook, it will ask You where 
>> to find outlook.pst
>> 4) be careful with terminal services. samba doesn't understand separate 
>> profiles for terminal services, so you can ruin roaming profile.
>> 5) make sure you are using the same version of Windows on all computers.
>> w2k <--> xp can also break many things in profile
>> 6) make sure other things than Windows are the same on all computers.
>> particularly MS Office.
>> 7) You can create "profile backup system",
>> put, for example
>> regedit /e \\SERVER\share\%UserName%-of2k3.reg 
>> "HKEY_CURRENT_USER\Software\Microsoft\Office\11.0"
>> at logon script and after that You can easily delete broken profile and 
>> restore required things from backup.
>> 8) xp behave weird on roaming profiles.
>> even if You reqiure "delete cached copies of roaming profiles on exit", xp 
>> leaves copy and !!! if You delete network copy of roaming profile (in order 
>> to create profile from "Default User"), xp picks up local cached copy. so, 
>> in such case You need to remove both network and local cached copy of 
>> profile. no idea how to make xp delete it on exit.
>>> and frustrating - when a user experiences an error or weird behaviour of 
>>> an application I can never be sure wether the cause is a "wrong user 
>>> error", a broken profile or defect in installation. If I want all users or 
>>> groups of users to have the same profile I should be able to create it for 
>>> them.
>>> I already use the "default user", but with that I only can make a profile 
>>> mandatory after the user's first logoff.
>>> I could try myself, but I sometimes experience that "tricks" that work at 
>>> first and look good have some side effects I didn't think of, so I would 
>>> appreciate comments from people who tried that, or maybe someone knows why 
>>> this is rather a bad idea.
>>> With kind regards,
>>> Malte Mueller
>>> -- 
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/listinfo/samba
> Thanks a lot Ilia!
> We have 200 PC and nearly all have a reborn-card or such, which prevents any 
> lokal changes, so local copies of profiles do not exist. Users log in very 
> often to different Computers and need to have a defined environment i.e. an 
> available profile. I already use a "default user"-profile and redirected 
> folders (thanks John, the book helped a lot). Nevertheless I feel that I 
> cannot rely on the profiles' integrety once a user had a chance to modify it. 
> Making a registry copy is a good tip, i will use that, at least for some 
> users. But rather than backing up I would very much appreciate to set up a 
> defined profile for each user. I think it would make life a lot easier for me 
> (and the users).

I would left capability of changing profiles for users.

there's some VFS module for faking read-only access. but I'm afraid You 
will have even more problems this way.

Just regular registry backup (as I suggested) and it will work like charm.
You already did the rest :-)

> With kind regards
> Malte Mueller

More information about the samba mailing list