Guest Ammar S. Mitoori Posted August 24, 2008 Posted August 24, 2008 hi mandatory profiles and roaming profiles they work only in domain environments or they can be used in workgroup networks ?
Guest Pegasus \(MVP\) Posted August 24, 2008 Posted August 24, 2008 Re: user profies "Ammar S. Mitoori" <ammar_mitoori@hotmail.com> wrote in message news:E974DE6F-FE20-4883-AC31-2557BF2831A6@microsoft.com... > hi > > mandatory profiles and roaming profiles they work only in domain > environments or they can be used in workgroup networks ? Roaming profiles rely on central account management, which is only available in a domain environment.
Guest Dusko Savatovic Posted August 24, 2008 Posted August 24, 2008 Re: user profies If you open lusrmgr.msc (Local User Manager), then open any account's properties, you will notice Profile tab. In this tab you can specify UNC location for the profile (\\server\profiles\%username%) This means that you can have roaming profiles in workgroup environment. After the user's roaming profile is created on a server, you can rename NTUSER.DAT to NTUSER.MAN. This turns roaming profile into mandatory profile. > mandatory profiles and roaming profiles they work only in domain > environments or they can be used in workgroup networks ?
Guest Ammar S. Mitoori Posted August 26, 2008 Posted August 26, 2008 Re: user profies hi i tried to make a roaming profile in a domain environment and it worked fine, but as an administrator when i tried to access that user folder on the server to modify the extension from roaming to mandatory it says access is denied although im emeber of domain admin and the folder is on the domain controler so how can i change the extension then from dat to man ? hi also when i log from a client pc with that roaming user to change the extension from dat to man and i restart i find it back to dat ???? "Dusko Savatovic" <nospam.savatovic@gmail.com> wrote in message news:OXdnkjfBJHA.3496@TK2MSFTNGP03.phx.gbl... > If you open lusrmgr.msc (Local User Manager), then open any account's > properties, you will notice Profile tab. > In this tab you can specify UNC location for the profile > (\\server\profiles\%username%) > This means that you can have roaming profiles in workgroup environment. > After the user's roaming profile is created on a server, you can rename > NTUSER.DAT to NTUSER.MAN. > This turns roaming profile into mandatory profile. > >> mandatory profiles and roaming profiles they work only in domain >> environments or they can be used in workgroup networks ? > >
Guest Pure Heart Posted August 26, 2008 Posted August 26, 2008 Re: user profies hi i tried to make a roaming profile in a domain environment and it worked fine, but as an administrator when i tried to access that user folder on the server to modify the extension from roaming to mandatory it says access is denied although im emeber of domain admin and the folder is on the domain controler so how can i change the extension then from dat to man ? hi also when i log from a client pc with that roaming user to change the extension from dat to man and i restart i find it back to dat ???? -- Ammar S. Mitoori IT Head QIMCO Co. Tel : +9744831199 Mobile : +9745378400 Fax : +9744831643 "Dusko Savatovic" wrote: > If you open lusrmgr.msc (Local User Manager), then open any account's > properties, you will notice Profile tab. > In this tab you can specify UNC location for the profile > (\\server\profiles\%username%) > This means that you can have roaming profiles in workgroup environment. > After the user's roaming profile is created on a server, you can rename > NTUSER.DAT to NTUSER.MAN. > This turns roaming profile into mandatory profile. > > > mandatory profiles and roaming profiles they work only in domain > > environments or they can be used in workgroup networks ? > > >
Guest Dusko Savatovic Posted August 26, 2008 Posted August 26, 2008 Re: user profies "Pure Heart" wrote > also when i log from a client pc with that roaming user to change the > extension from dat to man > and i restart i find it back to dat ???? After you successfuly rename NTUSER.DAT to NTUSER.MAN, make this file read only. If acess to this file is denied when you are logged on as Administrator, you may need to take ownership of entire folder and assign full control permission to administrators group.
Guest Pure Heart Posted August 27, 2008 Posted August 27, 2008 Re: user profies hi i took ownership then the client user couldnt sync its roaming profile, then i gave that user full control but faild to sync also -- Ammar S. Mitoori IT Head QIMCO Co. Tel : +9744831199 Mobile : +9745378400 Fax : +9744831643 "Dusko Savatovic" wrote: > "Pure Heart" wrote > > also when i log from a client pc with that roaming user to change the > > extension from dat to man > > and i restart i find it back to dat ???? > > After you successfuly rename NTUSER.DAT to NTUSER.MAN, make this file read > only. > > If acess to this file is denied when you are logged on as Administrator, you > may need to take ownership of entire folder and assign full control > permission to administrators group. > > >
Guest Dusko Savatovic Posted August 29, 2008 Posted August 29, 2008 Re: user profies Hm, you've got me confused with your requirements, so let's recap how profiles work. 1. Roaming profiles. Roaming profiles use NTUSER.DAT and are "two-way sync". That is: a) User logs in, profile is copied to user's local profile on local disk b) User logs off, the profile is copied from local profile to the shared folder on the server. c) User logs in on another workstation, the profile is copied again from the server to the local profile. etc 2. Mandatory profiles. mandatory profiles use NTUSER.MAN and are "one-way sync". That is a) User logs in, profile is copied from server to the users's local profile, overwriting whatever is fond there. b) User logs off, changes are not saved to the server. c) user logs in again, the profile is copied again from the server, practicaly restoring the profile settings to the consistent state. IOW, mandatory profile is read-only variant of roaming profile. So IOW, a) If you need to enable users to keep their profile regardless of the workstation they use, then use roaming profiles. b) If you want to enforce uniform profile, use mandatory profiles. These are used mainly for kiosks or other applications that need to revert to default state after being used. c) If you want to enforce only few settings, such as company wallpaper and screensaver, then use local policy setttings (in workgroup) or group policy settings (in domain). HTH, Dush "Pure Heart" <ammar.s.mitoori@msdn.com> wrote in message news:FA75D2F9-5B34-495A-8E82-9879CC411C96@microsoft.com... > hi > > i took ownership then the client user couldnt sync its roaming profile, > then > i gave that user full control but faild to sync also > -- > Ammar S. Mitoori > IT Head QIMCO Co. > Tel : +9744831199 > Mobile : +9745378400 > Fax : +9744831643 > > > "Dusko Savatovic" wrote: > >> "Pure Heart" wrote >> > also when i log from a client pc with that roaming user to change the >> > extension from dat to man >> > and i restart i find it back to dat ???? >> >> After you successfuly rename NTUSER.DAT to NTUSER.MAN, make this file >> read >> only. >> >> If acess to this file is denied when you are logged on as Administrator, >> you >> may need to take ownership of entire folder and assign full control >> permission to administrators group. >> >> >>
Guest Pure Heart Posted August 29, 2008 Posted August 29, 2008 Re: user profies hi dusko thanks for the replay but see this is not the problem, the problem is i made a roaming profile from active directory for a domain user it worked fine, so i decided to make it mandatory so simple as it says go to d:\profiles\user directory then change the ntuser.dat to ntuser.man the problem is as an administrator i couldnt enter the folder of the user so how cn i change the extenstion ? i made some search and some help says enable the policy computer>admin templates>profiles>add admins to roaming i did but still didnt have access to that folder so what to do to have access to it ? i tried to take owner ship but then the user couldnt sync with its folder cuz it didnt have permissions although the group everyone i gave it full control got the picture now ? -- Ammar S. Mitoori IT Head QIMCO Co. Tel : +9744831199 Mobile : +9745378400 Fax : +9744831643 "Dusko Savatovic" wrote: > Hm, you've got me confused with your requirements, so let's recap how > profiles work. > > 1. Roaming profiles. > Roaming profiles use NTUSER.DAT and are "two-way sync". That is: > a) User logs in, profile is copied to user's local profile on local disk > b) User logs off, the profile is copied from local profile to the shared > folder on the server. > c) User logs in on another workstation, the profile is copied again from the > server to the local profile. > etc > > 2. Mandatory profiles. > mandatory profiles use NTUSER.MAN and are "one-way sync". That is > a) User logs in, profile is copied from server to the users's local profile, > overwriting whatever is fond there. > b) User logs off, changes are not saved to the server. > c) user logs in again, the profile is copied again from the server, > practicaly restoring the profile settings to the consistent state. > IOW, mandatory profile is read-only variant of roaming profile. > > So IOW, > a) If you need to enable users to keep their profile regardless of the > workstation they use, then use roaming profiles. > b) If you want to enforce uniform profile, use mandatory profiles. These are > used mainly for kiosks or other applications that need to revert to default > state after being used. > c) If you want to enforce only few settings, such as company wallpaper and > screensaver, then use local policy setttings (in workgroup) or group policy > settings (in domain). > > HTH, Dush > > "Pure Heart" <ammar.s.mitoori@msdn.com> wrote in message > news:FA75D2F9-5B34-495A-8E82-9879CC411C96@microsoft.com... > > hi > > > > i took ownership then the client user couldnt sync its roaming profile, > > then > > i gave that user full control but faild to sync also > > -- > > Ammar S. Mitoori > > IT Head QIMCO Co. > > Tel : +9744831199 > > Mobile : +9745378400 > > Fax : +9744831643 > > > > > > "Dusko Savatovic" wrote: > > > >> "Pure Heart" wrote > >> > also when i log from a client pc with that roaming user to change the > >> > extension from dat to man > >> > and i restart i find it back to dat ???? > >> > >> After you successfuly rename NTUSER.DAT to NTUSER.MAN, make this file > >> read > >> only. > >> > >> If acess to this file is denied when you are logged on as Administrator, > >> you > >> may need to take ownership of entire folder and assign full control > >> permission to administrators group. > >> > >> > >> > >
Guest Dusko Savatovic Posted August 29, 2008 Posted August 29, 2008 Re: user profies "Pure Heart" wrote > i tried to take owner ship but then the user couldnt sync with its folder > cuz it didnt have permissions although the group everyone i gave it full > control > > got the picture now ? > -- Yeah, I've got the picture now. When you took the ownership you should assign permission to yourself and to the user and propagate this permission to the child objects. You could then test to see if the user can write something to the shared folder. Also, when you set the GPO "add admins to roaming", it means that the permissions will be applied to new users and their profiles. It will happen when the computers next time refresh their policy, which is by default every 90 minutes +- 30 minutes. You can refresh policy sooner by issuing command "gpupdate /force" at the computer whose policy you wish to refresh.
Recommended Posts