Re: Roaming Profile Problems with XP Home
From: Torgeir Bakken (MVP) (Torgeir.Bakken-spam@hydro.com)
Date: 02/11/03
- Next message: sw: "ip address"
- Previous message: Rich: "enable long pathnames in winXP ???"
- In reply to: michael: "Roaming Profile Problems with XP Home"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Torgeir Bakken (MVP)" <Torgeir.Bakken-spam@hydro.com> Date: Tue, 11 Feb 2003 03:54:14 +0100
michael wrote:
> Hey there everyone,
>
> First I will explain my environment and then explain the problem, hopefully
> someone will have an idea!
>
> A small home network with three WINXPPRO SP1 workstations and one WINXPHOME
> SP1 workstation. I do not have a server (Yet lol). I created a profile
> folder (shared with everyone and admin having full control) on one WINXPRO
> SP1 system. I created identical user accounts on all computers. I modified
> the path to the profile folder on all systems (I used NET USER on XP HOME).
> All accounts show the type of profile to be roaming (that's good). All
> roaming profiles work correctly from any WINXPPRO workstation, the only one
> that does not load the roaming profile is the XP Home system. I get the
> following error:
>
> Event ID: 1526
> Severity: Error
> (snip)
Hi
The article below from Synapse Syndrome indicates that it should be doable for
WinXP Home as well, it states e.g. "A client computer (not the one where the
profile is stored) can run Windows XP Home Edition."
<quote>
Using Roaming User Profiles
A roaming user profile allows a user to log on to a workstation and
see his or her familiar settings on the desktop, the Start menu, and
so on. Roaming user profiles work by storing the user profile in a
shared network folder. When the user logs on, the profile information
is copied from the shared network folder to the local hard disk. When
the user logs off, the profile information (which might have changed
during the computing session) is then copied back to the shared folder.
If you use more than one computer, you might find roaming user
profiles useful. For example, if you have a small business with a
front office and a back office, you might find yourself spending equal
time in each location. Although it's relatively easy to set up your
data files in a shared network location for easy access, you'll
probably find that your productivity suffers because little changes in
settings (your personal spell-checking dictionary in Word, for example,
or your list of Favorite Web sites) are different in the two locations.
Using roaming user profiles solves this problem.
Ordinarily, roaming user profiles are a feature of domain-based
networks (that is, a network that uses a member of the Windows .NET
Server, Windows 2000 Server, or Windows NT Server family as a domain
controller). With a bit of extra work, however, you can enjoy some of
the same benefits in a workgroup environment. In a domain environment,
user accounts and computer accounts are centrally managed at the
domain level, so you need to make settings only one time and in only
one place. Accessing a profile for the first time from a new computer
happens automatically. By contrast, with a workgroup, you must
explicitly create similar user accounts on each computer where you
want to log on before you're allowed to log on.
To make this work in a workgroup environment, each user whom you want
to set up with a roaming profile must have an account on each computer
where that user will log on, plus an account on the computer that
contains the shared profiles folder. The user account on each computer
must have the same user name and password.
caution
---------------------------------------------------------------------
Our own experimentation showed that configuring roaming profiles and
mandatory profiles in a Windows XP only workgroup environment is
difficult, at best. Because of the way settings are applied
(particularly settings related to the new theme engine and new Start
menu), not all settings roam properly, and operation is somewhat
unpredictable if you don't configure everything correctly. If having
these features perform perfectly is important to you and your
business, you should seriously consider upgrading to Windows .NET
Server, which makes user configuration much easier and more reliable.
Setting Up the Shared Folder for Roaming Profiles
Because you'll need to view and modify permissions, the computer where
you're planning to store roaming profiles must be running Windows XP
Professional, and Simple File Sharing must be disabled.
To set up the shared folder, follow these steps:
1. Log on as a member of the computer's Administrators group.
2. Using Windows Explorer, create a folder called Profiles.
3. In Windows Explorer, right-click the folder and choose Sharing
And Security.
4. On the Sharing tab of the Profiles Properties dialog box that
appears, select Share This Folder. The default sharing
permissions, which provide Full Control share access to Everyone,
are appropriate.
5. Click the Security tab (if you created the folder on an NTFS
volume), and be sure that Everyone has Full Control permission.
Setting Up User Accounts
To set up the user accounts, follow these steps:
1. On each computer (including the "server" that you set up in the
preceding procedure), log on as a member of the Administrators
group.
2. Right-click My Computer and choose Manage.
3. In Computer Management, go to System Tools\Local Users And
Groups\Users.
4. If the user account you want doesn't already exist, choose
Action, New User, and create a user account. Be sure to use the
same user name and password on each computer. Clear the User Must
Change Password At Next Logon check box before you click Create.
5. In the right pane of the Computer Management window, double-click
the name of the user to display the properties dialog box.
6. Click the Profile tab. In the Profile Path box, type the network
path to the shared profiles folder, as shown in Figure 34-4. The
advantage of using the %UserName% environment variable is merely
convenience: You can use the same string for every user, without
having to pause to figure out the correct name of the profile
folder.
[Figure 34-4. The %UserName% environment variable is expanded to
the user name when you move to another field or click OK.]
Figure 34-4. The %UserName% environment variable is expanded to
the user name when you move to another field or click OK.
note
---------------------------------------------------------------------
A client computer (not the one where the profile is stored) can run
Windows XP Home Edition. Although Home Edition does not include the
Local Users And Groups snap-in, you can use other tools to achieve the
same results. If necessary, create a new user account and assign a
password with User Accounts in Control Panel. To assign a profile
path, use the Net User command. For example, to make the same
assignment shown in Figure 34-4, at a command prompt type net user
josie /profilepath:\\badlands\ profiles\josie.
Windows doesn't use the shared profile.
If you forget to set up a user account on the computer with the shared
profiles folder, Windows displays a warning when the user attempts to
log on. If a local copy of the user profile already exists, Windows
uses that copy; if not, Windows creates a temporary profile (based on
the Default User profile) in a folder called Temp, which is not saved
when the user logs off.
Creating the Profile
To create a profile to be used as a roaming user profile and copy it
to the shared profiles folder, follow these steps:
1. Create a profile by logging on (ideally with a temporary user
account you create for the purpose) and making the settings you
want.
2. Log off and then log back on as a member of the Administrators
group.
note
----------------------------------------------------------------
If you are copying a profile from a computer other than the one
that contains the shared profiles folder, the account you log on
with must have the same name and password as an account that has
administrative privileges on the target computer.
3. Right-click My Computer and choose Properties. In the System
Properties dialog box, click the Advanced tab and then click
Settings under User Profiles.
4. Select the profile you created and click Copy To.
[Image]
5. In the Copy Profile To box, type the full path of the destination
profile folder. For example, if you want to create a profile for
a user named Josie in the Profiles share on the computer named
Badlands, type \\badlands\profiles\josie. Be sure the destination
folder you specify doesn't exist; if it does, Windows deletes its
contents before copying the profile.
6. Under Permitted To Use, click Change and then type the name of
the user who will use the profile.
When you click OK in the Copy To dialog box, Windows copies the user
profile to the specified folder and sets permissions on the
destination folder and its contents. Windows gives Full Control
permission to the Administrators group, the user or group you entered
in the Permitted To Use box, and the System account. This prevents
nonadministrative users from accessing a profile other than their own.
If you copied the profile from one computer to a shared folder on
another computer, the permissions that Windows creates are not exactly
right, and you must take one
Using Mandatory User Profiles
A mandatory user profile works much like a roaming user profile: When
a user logs on, the profile is copied from a network location to a
local folder, thereby providing familiar settings. The difference is
that a mandatory profile isn't updated with user changes when the user
logs off.
To assign a mandatory user profile to one or more users, follow the
same procedures as described for using roaming user profiles. Then, on
the computer where the shared profile is stored, make the following
changes:
1. Change the folder permissions to remove Full Control, Modify, and
Write permissions for the user account (or accounts) that will
use the profile leaving them with only Read & Execute, List
Folder Contents, and Read permissions.
2. Change the name of the hidden Ntuser.dat file (in the profile's
top-level folder) to Ntuser.man. (Be sure you change Ntuser.dat,
not Ntuser.dat.log, which ordinarily has a hidden extension.) The
.man extension identifies a mandatory profile.
more step to correct them. On the computer with the shared profiles
folder, right-click the new profile folder, choose Properties, and
click Security. If one of the names shows the security identifier of
an unknown user, as shown in Figure 34-5, you must add the correct
user account (Josie, in this case) and give it Full Control
permission. You can remove the unknown user, although it's not
necessary to do so. (The unknown account is actually the correct user
name, but it's the account from the source computer, not the account
on the local computer. This is one of the hazards and annoyances of
relying on separate security databases (as the workgroup model
does) rather than using the centralized security database used by
domains. For more information, see "Local Accounts and Groups vs.
Domain Accounts and Groups.")
[Figure 34-5. If the permissions for the profile folder don't include
the local user account, the user won't be able to log on.]
Figure 34-5. If the permissions for the profile folder don't include
the local user account, the user won't be able to log on.
Certain files are unavailable to the roaming profile.
You might encounter problems if certain user profile settings rely on
files that are stored on the local hard drive. For example, you might
set the desktop background to a file stored on drive C. When you log
on at another computer, the background doesn't appear (unless the same
file happens to be in the same location on the other computer). You
can alleviate such problems by redirecting My Documents to a
sharednetwork folder and then using it to store documents and other
files that you want to access from different computers.
</quote>
-- torgeir Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and a ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scriptcenter
- Next message: sw: "ip address"
- Previous message: Rich: "enable long pathnames in winXP ???"
- In reply to: michael: "Roaming Profile Problems with XP Home"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
