How to manage profiles???

  • Thread starter Thread starter bondo
  • Start date Start date
B

bondo

Guest
What I am faced with is a network with a central location with 11 satelite
locations. I hope to explain this the best way I can.
We run a script when a user logs on that maps their "home" drive. Simple, no
problem. Most, 95% use only one machine. But that is at our central location.
Outlook becomes an issue when they try to use another computer. I can deal
with that. I also thru our script can map the shared drives by department and
again simple. Like I said, 95% of our employess do not change departments.
This is manageable.
Here is my problem. The people working at the other 11 satelite locations
need access to the shared drives for that particular location. But they are
constantly changing.
For example, a manager of 4 of those satelites needs access to all 4 of them
no matter what satelite she logs on to. Without my script looking like the
government bailout, how do I do this? How do I script multiple drives per
person?
And then how do I manage those shared drives per person down to the satelite
itself. How do I script that? It has become UNmanageable.
I need help.

As a side note, we have implemented the 42 day password rule as per NYS
laws. Now, as a network admin, how in the world am I to administer my
network? If I need to do work on someones machine and make sure that it works
with them logged on, I have to change the password.

Thanks in advance
 
RE: How to manage profiles???

Outlook is always a problem for roaming access, becuase it is not a proper
network-aware program, and stores its data an dsettings in disparate
locations.

Thereare two ways you can make Outlook work for roaming users, and those are
roaming profiles and profgen/newprof scripts. Roaming profiles would probably
bog-down a system like yours. Scripting the Outlook settings is complex but
does work.

Other options are a proper network-aware email client, or webmail.

>As a side note, we have implemented the 42 day password rule as per NYS
> laws.

I have always thought that this dictate results from 'soapboxing' rather
than rational thought. It certainly causes a number of security issues,
namely that it forces users to have simple passwords or else to write them
down, and it means that engineers doing maintenance have to forcibly reset
those passwords. I wonder if anyone has given thought to the issue that
forcibly-reset passwords are a major security risk, since they almost always
reset to a known value? Probably not.

As for shares, you may be able to do something with a more sophisticated
language like AutoIt or KixStart. I would suggest that this is the route to
take.

"bondo" wrote:

> What I am faced with is a network with a central location with 11 satelite
> locations. I hope to explain this the best way I can.
> We run a script when a user logs on that maps their "home" drive. Simple, no
> problem. Most, 95% use only one machine. But that is at our central location.
> Outlook becomes an issue when they try to use another computer. I can deal
> with that. I also thru our script can map the shared drives by department and
> again simple. Like I said, 95% of our employess do not change departments.
> This is manageable.
> Here is my problem. The people working at the other 11 satelite locations
> need access to the shared drives for that particular location. But they are
> constantly changing.
> For example, a manager of 4 of those satelites needs access to all 4 of them
> no matter what satelite she logs on to. Without my script looking like the
> government bailout, how do I do this? How do I script multiple drives per
> person?
> And then how do I manage those shared drives per person down to the satelite
> itself. How do I script that? It has become UNmanageable.
> I need help.
>
> As a side note, we have implemented the 42 day password rule as per NYS
> laws. Now, as a network admin, how in the world am I to administer my
> network? If I need to do work on someones machine and make sure that it works
> with them logged on, I have to change the password.
>
> Thanks in advance
 
Re: How to manage profiles???

bondo <bondo@discussions.microsoft.com> wrote:
> What I am faced with is a network with a central location with 11
> satelite locations. I hope to explain this the best way I can.
> We run a script when a user logs on that maps their "home" drive.
> Simple, no problem. Most, 95% use only one machine. But that is at
> our central location. Outlook becomes an issue when they try to use
> another computer. I can deal with that. I also thru our script can
> map the shared drives by department and again simple. Like I said,
> 95% of our employess do not change departments. This is manageable.
> Here is my problem. The people working at the other 11 satelite
> locations need access to the shared drives for that particular
> location. But they are constantly changing.
> For example, a manager of 4 of those satelites needs access to all 4
> of them no matter what satelite she logs on to. Without my script
> looking like the government bailout, how do I do this? How do I
> script multiple drives per person?
> And then how do I manage those shared drives per person down to the
> satelite itself. How do I script that? It has become UNmanageable.
> I need help.
>
> As a side note, we have implemented the 42 day password rule as per
> NYS laws. Now, as a network admin, how in the world am I to
> administer my network? If I need to do work on someones machine and
> make sure that it works with them logged on, I have to change the
> password.
>
> Thanks in advance

If you use AD, and Exchange, this isn't such a big deal. You can use roaming
profiles, folder redirection, & DFS.

You could also show your manager how to access things via UNC path....
 
RE: How to manage profiles???

Thanks for the input.

"Anteaus" wrote:

> Outlook is always a problem for roaming access, becuase it is not a proper
> network-aware program, and stores its data an dsettings in disparate
> locations.

I ALWAYS tell the users at these satellites to use OWA as it seems Outlook
tends to time out. But as users go, anything to do nothing.

>
> Thereare two ways you can make Outlook work for roaming users, and those are
> roaming profiles and profgen/newprof scripts. Roaming profiles would probably
> bog-down a system like yours. Scripting the Outlook settings is complex but
> does work.

I will take a look at profgen/newprof, whatever that is.

>
> Other options are a proper network-aware email client, or webmail.
>
> >As a side note, we have implemented the 42 day password rule as per NYS
> > laws.
>
> I have always thought that this dictate results from 'soapboxing' rather
> than rational thought. It certainly causes a number of security issues,
> namely that it forces users to have simple passwords or else to write them
> down, and it means that engineers doing maintenance have to forcibly reset
> those passwords. I wonder if anyone has given thought to the issue that
> forcibly-reset passwords are a major security risk, since they almost always
> reset to a known value? Probably not.

Excellent point. I went to my director and said when these users have a
problem I will reset the password to a default and check off change password
at next logon. This might happen weekly for some. You are correct, bad,
fustrating to users that dont know what alphanumeric means and the people
making the rule are cluless.

> As for shares, you may be able to do something with a more sophisticated
> language like AutoIt or KixStart. I would suggest that this is the route to
> take.

We use Kixtart, but I know little about scripting. For now.

Thanks again.

One thought. Some profiles are 100 MB! One user copied the entire C drive!!!
making their profile 1 GB!!! I have told my bosses about this and using,
implementing quotas. Is profile sizes like this normal? No wonder a roaming
profile can take 30 minuets to load!!!!!!!!!!!!!
 
Back
Top