WindowsDevCenter.com
oreilly.comSafari Books Online.Conferences.

advertisement


AddThis Social Bookmark Button

Implementing Mandatory Roaming Profiles

by Mitch Tulloch, Chris Sanders
10/10/2006

Microsoft IntelliMirror technologies have been around since Windows 2000 was released, yet it's surprising how many network administrators fail to use these technologies to make their jobs easier. IntelliMirror is a set of features for configuration and change management that is designed to ensure the availability of users' personal data files, applications, and desktop settings whenever they log onto a computer on the corporate network. IntelliMirror is built upon the following technologies of Windows 2000 and later:

  • Mandatory roaming profiles
  • Offline files
  • Folder redirection
  • Disk quotas
  • Software Installation and Maintenance
  • Remote Installation Services

Learning how to properly implement these technologies is worth the effort, so let's take a detailed look at one of them: implementing mandatory roaming profiles. To learn about this technology, let's talk to someone who has it on the network he supports. Chris Sanders is the network administrator for one of the largest public school systems in Kentucky, and he shows us how he uses mandatory user profiles to make his job easier.

"User profile management can be a complete nightmare for a network administrator. There are literally dozens of ways to manage profiles based on the needs of your particular organization or department. One of the most complicated scenarios to properly administer is a typical lab environment in which you do not want user profiles to be modified at all. This being said, how exactly can we provide an effective means of managing user profiles so that all users are presented with the same profile, allowed to make changes as necessary, but are then presented with a copy of the original unmodified profile when they log back in? The answer to this lies with mandatory profiles.

"In our sample network we have several lab environments, which a multitude of students access via their own unique user accounts. The issue that is arising is that these students have a tendency to change various profile settings and leave files lying around the desktop. Our goal is to present each and every student user with the same profile settings, and disregard all profile changes when a user logs out so that they are presented with the same profile as everyone else when they log back in.

Setting Up the Base Profile

"The first thing you will want to do is set up a model profile on a workstation (preferably an identical one to the workstations in the lab) that will serve as the profile that everyone sees when they log into a computer. Here you will want to make sure you have configured all desktop settings, shortcut icons, and installed printers correctly as to how they will appear on all other workstations.

Copying the Profile to a Server

"Once you have your profile set up how you want it, the next step is to copy the profile to a server. It is important that you set the permissions on the folder holding the profile so that all users accessing it will have complete read-and-write access to it. Once set up, the workstations will pull each user profile from this location. In order to properly copy this profile to a server, there are a few steps you need to complete. Logging in as a user other than the one used to make your model profile, you will need to right-click "My Computer" and then select "Properties." Navigate to the "Advanced" tab and click "Settings" under User Profiles (Figure 1):

Figure 1
Figure 1: Accessing the User Profiles settings

"In the User Profiles dialog box that opens, select your model profile in the list and click the "Copy to" button. You will then be prompted to select the location where you want to store the profile (Figure 2). After you have done this, you must click the "Change" button and add the Authenticated Users group to the profile's ACL. This ensures that all domain users who are authenticated will have rights to access the profile. Proceed to "OK" out of any remaining dialog boxes.

Figure 2
Figure 2: Copying the base profile to a server

Pages: 1, 2

Next Pagearrow