Archive | May, 2008

Problem: Domain setup for a group of public use workstations

23 May

For example: A computer lab or public library. 

Using the MS Whitepaper referenced in my last article and looking at the scenario comparison table, what I’d like to implement is closest to their provided “App-Station” template with a couple of tweaks. What I’d change are:

  • Number of users from Multiple to One (a single “patron” account)
  • Profile Persistence from “cached” to “Remove at Logoff”
  • Severely limit what’s displayed on the “Task Bar” and “Start Menu”

So in the end, the final template would be as follows:

  • Number of Users: 1
  • User Profile Type: Roaming/Mandatory
  • Profile Persistence: Removed at Logoff
  • Folder Redirection: N/A
  • User can customize: None
  • Task Bar and Start Menu: Severely Restricted
  • Assigned Applications: Few (in the 10-15 range, browsers, Office apps, plus a couple custom)
  • Published Applications: No (SW install/delete prohibited)
  • Security Context: User

The first scenario I tried was the basic “Multi-User” scenario to test the Profile delete at logoff, and of course it didn’t work – so now I’m beginning to wonder if there really is any way to enforce the profile to load from the network – even with mandatory profiles enabled and do not allow login without network profile  and delete local profile on logoff – it still logs in and uses a seemingly locally cached profile from the previous login.  When I re-boot, it DOES pick up the profile from the network at login, but then if I move icons around to change the desktop and logoff – and then log back in again, all the icons and desktop changes are still in place – it hasn’t pulled the “static” user profile from the network.  Very frustrating when you can’t even get the “Common Scenarios” to work.  Any ideas would be grand!

Non-Cached Mandatory Profile

22 May

Ok, so I still haven’t gotten this to work “as advertised.”  Supposedly you’re able to set up a non-casheable mandatory profile, but I’ve never been able to make it work.  The best so far has been that it WILL grab the profile off the network after a re-boot, but not after a simple logoff. So I’m now using a Microsofts abstract that I’m hoping will illuminate where I’ve made a bad assumption or two.  I’ll let you know how it goes, and if I get it to work like it’s supposed to I’ll add a “step-by-step” article about how to go about it.

Until then I’ve also got some interesting web development projects going on, including quite a lot of PHP, MySQL, and CSS goodies.  My solutions there may be a bit longer in getting posted here as they’re a little further down my “to do” list than my Active Directory (AD) projects.  Maybe I’ll have something somewhat appetizing to post about during or after the long weekend.  Until then may your servers stay UP!