Profiles sorta work…

Although I haven’t gotten the mandatory part working yet, I did finally get a working roaming profile.  Unfortunately I don’t really know how I finally got it to work – as with most things windoze I just got frustrated enough to try one thing, if it didn’t work – delete the profile and try something else until it finally started working – yay!

The next road-block was  waiting for me though.  The next part of the project was to have the machines login automagically – and they will if it’s the local account, but I need them to login to the domain so the domain’s group and machine policies will take effect.  But alas, the autologin happens before the machine is registered with the domain, so it konks out saying the domain is not available at this time.  There are a couple “fixes” for this issue that I’ve tried, but again none of them seem to be working: Removing the machine from the domain and re-joining it, implementing a scripted delay prior to the login – which would work but for some reason hangs explorer.exe, actually ANY startup script, even if it’s just comments and no commands seems to hang explorer.exe – so I’m not too sure what’s going on there – Yay MS!

AND of course this week I’ve been updating a lot of our patron XP machines to SP3 where I noticed that there were some left-over turds from the last upgrade of IE7 (runonce – what a F’King annoying POS that is!!! Forcing you to pick a default search engine – if I want a F’ing search engine I go to their F’n site on my own TYVM – almost as bad as WMP10’s insistence on a music vendor).  And while doing those upgrades I was also doing other updates – like JAVA/Flash/Firefox, etc – there’s another piece of work, Adobe and Sun are getting to be just about as annoying as MS!  Continually trying to install extra bloatware “under the radar” like GoogleToolbar and OpenOffice crapWare.  If I want that Sh*t I download it myself, quit trying to foist that crap on my system when I’m just trying to get a GD update!

Is the frustration apparent yet? LOL!  Jeebus, it’s no wonder people are getting so P.O.’d at these idiots.  Well, enough ranting for today, I’m sure I’ll have more to bitch about next week! 

Problem: Domain setup for a group of public use workstations

For example: A computer lab or public library. 

Using the MS Whitepaper referenced in my last article and looking at the scenario comparison table, what I’d like to implement is closest to their provided “App-Station” template with a couple of tweaks. What I’d change are:

• Number of users from Multiple to One (a single “patron” account)
• Profile Persistence from “cached” to “Remove at Logoff”
• Severely limit what’s displayed on the “Task Bar” and “Start Menu”

So in the end, the final template would be as follows:

• Number of Users: 1
• User Profile Type: Roaming/Mandatory
• Profile Persistence: Removed at Logoff
• Folder Redirection: N/A
• User can customize: None
• Task Bar and Start Menu: Severely Restricted
• Assigned Applications: Few (in the 10-15 range, browsers, Office apps, plus a couple custom)
• Published Applications: No (SW install/delete prohibited)
• Security Context: User

The first scenario I tried was the basic “Multi-User” scenario to test the Profile delete at logoff, and of course it didn’t work – so now I’m beginning to wonder if there really is any way to enforce the profile to load from the network – even with mandatory profiles enabled and do not allow login without network profile  and delete local profile on logoff – it still logs in and uses a seemingly locally cached profile from the previous login.  When I re-boot, it DOES pick up the profile from the network at login, but then if I move icons around to change the desktop and logoff – and then log back in again, all the icons and desktop changes are still in place – it hasn’t pulled the “static” user profile from the network.  Very frustrating when you can’t even get the “Common Scenarios” to work.  Any ideas would be grand!

Non-Cached Mandatory Profile

Ok, so I still haven’t gotten this to work “as advertised.”  Supposedly you’re able to set up a non-casheable mandatory profile, but I’ve never been able to make it work.  The best so far has been that it WILL grab the profile off the network after a re-boot, but not after a simple logoff. So I’m now using a Microsofts abstract that I’m hoping will illuminate where I’ve made a bad assumption or two.  I’ll let you know how it goes, and if I get it to work like it’s supposed to I’ll add a “step-by-step” article about how to go about it.

Until then I’ve also got some interesting web development projects going on, including quite a lot of PHP, MySQL, and CSS goodies.  My solutions there may be a bit longer in getting posted here as they’re a little further down my “to do” list than my Active Directory (AD) projects.  Maybe I’ll have something somewhat appetizing to post about during or after the long weekend.  Until then may your servers stay UP!