J
Justin Schneider
Guest
Hi Technet,
I've been trying to setup a specific roaming user profiles configuration for my organization, and seem to be having a strange issue. First, a quick overview of our current situation: We are a laptop-based environment where every staff member has a company-issued laptop that they take home, and bring to work with them. We are running Window 10 1803, with Active Directory on some Server 2016 VMs. About 2700 people in the org total. People login with their domain credentials, which means that they logging in locally at home. When something happens to a laptop, we take it and issue them a loaner until we can return the fixed device. We use a combination of Office 2016 & O365 (ProPlus) for productivity. Full suite installed on all staff devices; Full suite sans Outlook on all loaners (due to personal info stored by Outlook, whcih woudl require scrubbing the machine every time we get it back). With the move to O365 we also moved our users' data to the OneDrive cloud, moving Documents, Desktop, Music, Pictures, & Video folkders to OneDrive, so it's accessible anywhere.
Next, my goal: Due to constant complaints about the loaner exp and WebMail being "not intuitive" from our users, we are caving and installing the full office suite on loaners - or at least that's the plan. We wont do it until we can mitigate the "personal info stored by outlook" part. Ulitmately, we want loaners that a user can log into, do their work (connecting to O365 on the web for their files, and using the Outlook Desktop app for email), and then turn back into us, without us needing to scrub anything
My idea was to use Roaming User Profiles, and a GPO to delete profiles that haven't been used in a certain number of days. I've gotten it setup (or so I thought) using MS's docs on the subject (Followed steps 2, 3, 4, 6, & 8) and discovered Mandatory Roaming user Profiles, which sounds even better - making it so users will all always have the same loaner experience every time? yes please. I don't want Roaming profiles across all our devices - only the loaners, which live in their own OU in AD. the problem I'm running into here is that after all of this setup, I've logged into a machine with an AD user, and I always seem to get a message saying "We can't sign into your account" - which is the classic "Temporary profile error" I've seen before. I was able to "fix" this by adding the user to the Roaming User Profiles group I created for the computers - but that's the thing - I don't want to add everyone in my org to a new group. Plus I fear doing that would start making everyone use a RUP by default, which I don't want.
I'm sure there's something I'm missing here, so I'll answer any questions about the setup that would help figure this out. Has anyone run into this, or am I missing the mark in my thinking of how this works?
Thanks, -=Justin=-
More...
I've been trying to setup a specific roaming user profiles configuration for my organization, and seem to be having a strange issue. First, a quick overview of our current situation: We are a laptop-based environment where every staff member has a company-issued laptop that they take home, and bring to work with them. We are running Window 10 1803, with Active Directory on some Server 2016 VMs. About 2700 people in the org total. People login with their domain credentials, which means that they logging in locally at home. When something happens to a laptop, we take it and issue them a loaner until we can return the fixed device. We use a combination of Office 2016 & O365 (ProPlus) for productivity. Full suite installed on all staff devices; Full suite sans Outlook on all loaners (due to personal info stored by Outlook, whcih woudl require scrubbing the machine every time we get it back). With the move to O365 we also moved our users' data to the OneDrive cloud, moving Documents, Desktop, Music, Pictures, & Video folkders to OneDrive, so it's accessible anywhere.
Next, my goal: Due to constant complaints about the loaner exp and WebMail being "not intuitive" from our users, we are caving and installing the full office suite on loaners - or at least that's the plan. We wont do it until we can mitigate the "personal info stored by outlook" part. Ulitmately, we want loaners that a user can log into, do their work (connecting to O365 on the web for their files, and using the Outlook Desktop app for email), and then turn back into us, without us needing to scrub anything
My idea was to use Roaming User Profiles, and a GPO to delete profiles that haven't been used in a certain number of days. I've gotten it setup (or so I thought) using MS's docs on the subject (Followed steps 2, 3, 4, 6, & 8) and discovered Mandatory Roaming user Profiles, which sounds even better - making it so users will all always have the same loaner experience every time? yes please. I don't want Roaming profiles across all our devices - only the loaners, which live in their own OU in AD. the problem I'm running into here is that after all of this setup, I've logged into a machine with an AD user, and I always seem to get a message saying "We can't sign into your account" - which is the classic "Temporary profile error" I've seen before. I was able to "fix" this by adding the user to the Roaming User Profiles group I created for the computers - but that's the thing - I don't want to add everyone in my org to a new group. Plus I fear doing that would start making everyone use a RUP by default, which I don't want.
I'm sure there's something I'm missing here, so I'll answer any questions about the setup that would help figure this out. Has anyone run into this, or am I missing the mark in my thinking of how this works?
Thanks, -=Justin=-
More...