Archive
Posts Tagged ‘user profile’
Configuring Windows 7 roaming profiles on a Windows 2008 R2 Server
The last few days I am playing around with Windows 7 and roaming profiles. At first I wrote it down for my own documentation but maybe its usefull for someone else as well.
Requirements
- A Windows 2008 R2 Server with the File Server Resource Manager (FSRM) role
- A Windows 7 Client
- Both machines in the same domain
Creating the home share on the windows 2008 R2 server
- Create a folder called HomeWin7 and rightmouseclick and choose properties
- You should see the following permissions
- Click on the Advanced button and click on Change Permissions
- DEselect Include inheritable permission form this object’s parent and click on ADD
- Select the Users “Special” ACL and then click the Edit Button
- Change the Apply to : This folder Only and click OK
- Select the Users “Read & execute” ACL and then click the Edit Button
- Change the Apply to : This folder Only and click OK
- It should look like this now:
- Click OK to close this screen and click on the “Sharing Tab” on the Users Properties screen and then click on the “Advanced Sharing” button to create a share
- Select share this folder and the sharename should be HomeWin7$
- Click on the caching button and select: no files or programs are avaliable offline
- Click OK and click on the permissions button
- Give the everyone group Full Control on the share and click on OK, OK and Close
- Start the Server Manager and go to File Services, Share and storage management
- Select the HomeWin7$ share, rightmouseclick and select properties, advanced
- Select: enable Enable access-based enumeration and click OK (this results in that users can only see their own folder if the users connect to the \\servername\HomeWin7$ share)
- Lets configure some GPO’s
Configure GPO’s for roaming profiles
- Start the GPMC and browse to the specific user OU
- Create a new GPO and then edit
- Browse to : User Configuration -> Policies -> Windows Settings -> Folder Redirection
- Rightmouseclick Appdata(roaming) and select properties. Configure like this:
- Select the Settings tab and configure like this:
- Make sure you configure all other redirection policies like the above
- Rightmouseclick Desktop and select properties. Configure like this:
- (if needed) Rightmouseclick Start Menu and select properties. We have it redirected to the Teachers startmenu on a different server
- Rightmouseclick Documents and select properties. Configure like this:
- Rightmouseclick Pictures, Music, Videos’. Configure like this:
- Rightmouseclick Favorites and select properties. Configure like this:
- Rightmouseclick Contacts and select properties. Configure like this:
- Rightmouseclick Downloads and select properties. Configure like this:
- Rightmouseclick Links and select properties. Configure like this:
- Rightmouseclick Searches and select properties. Configure like this:
- Rightmouseclick Saved Games and select properties. Configure like this:
Additional Main GPO’s
- Browse to : User Configuration -> Policies -> Administrative Templates-> System -> User Profiles -> Exclude directories in roaming profiles. By default, the Appdata\Local and Appdata\LocalLow folders and all their subfolders like the History, Temp, and Temporary Internet Files folders are excluded from the user’s roaming profile. If you need to exclude additional folders you can add them here.
- Start the GPMC and browse to the specific computer OU and create a new GPO and then edit.
- Browse to : Computer Configuration -> Policies -> Administrative Templates-> System -> User Profiles -> Add the administrators security group to roaming user profiles. Set this to Enabled.
- Browse to : Computer Configuration -> Policies -> Administrative Templates-> System -> User Profiles -> Delete user profiles older than a specified number of days on system restart. Set this to Enabled and 30 days.
- Browse to : Computer Configuration -> Policies -> Administrative Templates-> System -> User Profiles -> Do not check for user ownership of roaming profiles folders. Set this to Enabled.
- Browse to : Computer Configuration -> Policies -> Administrative Templates-> System -> User Profiles -> Delete cached copies of roaming profiles. Can be usefull on student computers. Student profiles get deleted after logoff.
- Browse to : Computer Configuration -> Policies -> Administrative Templates-> System -> User Profiles -> Do not log users on with temporary profiles. Set this to Enabled. Can be usefull to avoid creating a temporary profile if the roaming profiles is corrupt or unavailable.
ADUC
- Open the user properties and configure the profile path like this:
- If you check the profile folder structure it will look like this:
Extra information
Advertisements
Categories: Windows 2008 (R2), Windows 7
Tags: roaming profiles, user profile, windows 2008, windows 7
Creating one mandatory user profile for all students
Creating and maintaining thousands of user profiles can chew up alot of time in an systems administrators daily job. Maintaining thousands of individual student user profiles even more. Wouldn’t be cool to have just one student profile that is locked and can thus cannot be modified by students. Lets explain on how to create such a mandatory user profile.
- First make sure you have an cleanly installed Windows XP operating system with all latest patches.
- Copy the ENTIRE content of c:\documents and settings\default user\ to your local machine
OR - Login to that XP machine and configure all needed settings
- Logout and copy that ENTIRE profile content to you local machine
- Now start regedit.exe on your machine
- Click on HKEY_LOCAL_MACHINE
- Goto File -> Load Hive
- Select USER.DAT residing in the profile folder
- Give the new hive a name. Lets say: test
- Click on HKEY_LOCAL_MACHINE\test en select permissions
- Remove all groups and users except SYSTEM
- Add an Active Directory group to your liking (students or so) or just everyone
- Make sure you click the advanced button and propagate the permissions to all subfolders
- When your done then you need to unload the hive
- Now click on HKEY_USERS and repeat the same process
- When you are done with that rename USER.DAT to USER.MAN
- Create an profile structure on a central server like \\server\d$\Profiles\student\
- Copy the entire profile folder content to \\server\d$\Profiles\student\
- Create a share named Profiles$ on \\server\d$\Profiles\
- Share permision should be : authenticated users, SYSTEM, SERVER\administrators = FULL CONTROL
- NTFS permissions should be : SYSTEM, SERVER\administrators = FULL CONTROL and authenticated users and for the Authenticated users group special permissions
- The NTFS permissions for the \\server\d$\Profiles\student\ folder should be:
SYSTEM, SERVER\administrators = FULL CONTROL
the active directory group named students = READ - Now start the active directory users and computers MMC and select all student accounts
- Point the profile location to \\SERVER\profiles$\student
- Now you are done.
Categories: Windows 2008 (R2)
Tags: education, hive, mandatory profile, regedit, student, user profile, user.dat, user.man, windows 2008, windows xp sp3
SEARCH
CATEGORIES
- Cisco (1)
- Exchange 2003 (2)
- Exchange 2010 (4)
- Forefront TMG 2010 (12)
- Landesk (1)
- Linux (1)
- Scripting (5)
- Windows 2008 (R2) (9)
- Windows 7 (1)
- Wireshark (2)
TAGS
Activesync
alvira
Back to Back
blackhole
cacti
Cisco
education
epoint
excel
Exchange 2010
FBA
FBAeditor
Forefront
Forefront TMG 2010
Form Based Authentication
generate password
hive
HP
icacls
ipad
Landesk LDMS 9 SP2
Linux
mandatory profile
monitoring
Multicast
nbns
NLB
NO-REPLY
NTLM
Outlook Anywhere
OWA
plugin architecture
Powershell
RDP
regedit
roaming profiles
scripting
SMB
snmp monitoring
student
TMG
ubuntu
Unicast
user.dat
user.man
user profile
User Profile Hive Cleanup Service
vbs
windows 7
windows 2008
Windows Live Essentials 2011
windows xp sp3
wireshark
youtube app
ARCHIVES
- September 2012 (1)
- June 2012 (2)
- October 2011 (1)
- April 2011 (1)
- March 2011 (2)
- February 2011 (5)
- January 2011 (3)
- November 2010 (5)
- October 2010 (4)
CALENDAR
M | T | W | T | F | S | S |
---|---|---|---|---|---|---|
« Sep | ||||||
1 | 2 | 3 | ||||
4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 | 12 | 13 | 14 | 15 | 16 | 17 |
18 | 19 | 20 | 21 | 22 | 23 | 24 |
25 | 26 | 27 | 28 |
BLOG STATS
- 526,965 hits
TOP RATED
Advertisements