user profies

  • Thread starter Thread starter Ammar S. Mitoori
  • Start date Start date
A

Ammar S. Mitoori

Guest
hi

mandatory profiles and roaming profiles they work only in domain
environments or they can be used in workgroup networks ?
 
Re: user profies


"Ammar S. Mitoori" <ammar_mitoori@hotmail.com> wrote in message
news:E974DE6F-FE20-4883-AC31-2557BF2831A6@microsoft.com...
> hi
>
> mandatory profiles and roaming profiles they work only in domain
> environments or they can be used in workgroup networks ?

Roaming profiles rely on central account management, which is only
available in a domain environment.
 
Re: user profies

If you open lusrmgr.msc (Local User Manager), then open any account's
properties, you will notice Profile tab.
In this tab you can specify UNC location for the profile
(\\server\profiles\%username%)
This means that you can have roaming profiles in workgroup environment.
After the user's roaming profile is created on a server, you can rename
NTUSER.DAT to NTUSER.MAN.
This turns roaming profile into mandatory profile.

> mandatory profiles and roaming profiles they work only in domain
> environments or they can be used in workgroup networks ?
 
Re: user profies

hi

i tried to make a roaming profile in a domain environment and it worked
fine, but as an administrator when i tried to access that user folder
on the server to modify the extension from roaming to mandatory it says
access is denied although im emeber of domain admin and the folder
is on the domain controler so how can i change the extension then from dat
to man ?

hi

also when i log from a client pc with that roaming user to change the
extension from dat to man
and i restart i find it back to dat ????


"Dusko Savatovic" <nospam.savatovic@gmail.com> wrote in message
news:OXdnkjfBJHA.3496@TK2MSFTNGP03.phx.gbl...
> If you open lusrmgr.msc (Local User Manager), then open any account's
> properties, you will notice Profile tab.
> In this tab you can specify UNC location for the profile
> (\\server\profiles\%username%)
> This means that you can have roaming profiles in workgroup environment.
> After the user's roaming profile is created on a server, you can rename
> NTUSER.DAT to NTUSER.MAN.
> This turns roaming profile into mandatory profile.
>
>> mandatory profiles and roaming profiles they work only in domain
>> environments or they can be used in workgroup networks ?
>
>
 
Re: user profies

hi

i tried to make a roaming profile in a domain environment and it worked
fine, but as an administrator when i tried to access that user folder
on the server to modify the extension from roaming to mandatory it says
access is denied although im emeber of domain admin and the folder
is on the domain controler so how can i change the extension then from dat
to man ?

hi

also when i log from a client pc with that roaming user to change the
extension from dat to man
and i restart i find it back to dat ????



--
Ammar S. Mitoori
IT Head QIMCO Co.
Tel : +9744831199
Mobile : +9745378400
Fax : +9744831643


"Dusko Savatovic" wrote:

> If you open lusrmgr.msc (Local User Manager), then open any account's
> properties, you will notice Profile tab.
> In this tab you can specify UNC location for the profile
> (\\server\profiles\%username%)
> This means that you can have roaming profiles in workgroup environment.
> After the user's roaming profile is created on a server, you can rename
> NTUSER.DAT to NTUSER.MAN.
> This turns roaming profile into mandatory profile.
>
> > mandatory profiles and roaming profiles they work only in domain
> > environments or they can be used in workgroup networks ?
>
>
>
 
Re: user profies

"Pure Heart" wrote
> also when i log from a client pc with that roaming user to change the
> extension from dat to man
> and i restart i find it back to dat ????

After you successfuly rename NTUSER.DAT to NTUSER.MAN, make this file read
only.

If acess to this file is denied when you are logged on as Administrator, you
may need to take ownership of entire folder and assign full control
permission to administrators group.
 
Re: user profies

hi

i took ownership then the client user couldnt sync its roaming profile, then
i gave that user full control but faild to sync also
--
Ammar S. Mitoori
IT Head QIMCO Co.
Tel : +9744831199
Mobile : +9745378400
Fax : +9744831643


"Dusko Savatovic" wrote:

> "Pure Heart" wrote
> > also when i log from a client pc with that roaming user to change the
> > extension from dat to man
> > and i restart i find it back to dat ????
>
> After you successfuly rename NTUSER.DAT to NTUSER.MAN, make this file read
> only.
>
> If acess to this file is denied when you are logged on as Administrator, you
> may need to take ownership of entire folder and assign full control
> permission to administrators group.
>
>
>
 
Re: user profies

Hm, you've got me confused with your requirements, so let's recap how
profiles work.

1. Roaming profiles.
Roaming profiles use NTUSER.DAT and are "two-way sync". That is:
a) User logs in, profile is copied to user's local profile on local disk
b) User logs off, the profile is copied from local profile to the shared
folder on the server.
c) User logs in on another workstation, the profile is copied again from the
server to the local profile.
etc

2. Mandatory profiles.
mandatory profiles use NTUSER.MAN and are "one-way sync". That is
a) User logs in, profile is copied from server to the users's local profile,
overwriting whatever is fond there.
b) User logs off, changes are not saved to the server.
c) user logs in again, the profile is copied again from the server,
practicaly restoring the profile settings to the consistent state.
IOW, mandatory profile is read-only variant of roaming profile.

So IOW,
a) If you need to enable users to keep their profile regardless of the
workstation they use, then use roaming profiles.
b) If you want to enforce uniform profile, use mandatory profiles. These are
used mainly for kiosks or other applications that need to revert to default
state after being used.
c) If you want to enforce only few settings, such as company wallpaper and
screensaver, then use local policy setttings (in workgroup) or group policy
settings (in domain).

HTH, Dush

"Pure Heart" <ammar.s.mitoori@msdn.com> wrote in message
news:FA75D2F9-5B34-495A-8E82-9879CC411C96@microsoft.com...
> hi
>
> i took ownership then the client user couldnt sync its roaming profile,
> then
> i gave that user full control but faild to sync also
> --
> Ammar S. Mitoori
> IT Head QIMCO Co.
> Tel : +9744831199
> Mobile : +9745378400
> Fax : +9744831643
>
>
> "Dusko Savatovic" wrote:
>
>> "Pure Heart" wrote
>> > also when i log from a client pc with that roaming user to change the
>> > extension from dat to man
>> > and i restart i find it back to dat ????
>>
>> After you successfuly rename NTUSER.DAT to NTUSER.MAN, make this file
>> read
>> only.
>>
>> If acess to this file is denied when you are logged on as Administrator,
>> you
>> may need to take ownership of entire folder and assign full control
>> permission to administrators group.
>>
>>
>>
 
Re: user profies

hi dusko

thanks for the replay but see this is not the problem, the problem is i made
a roaming profile from active directory for a domain user it worked fine, so
i decided to make it mandatory so simple as it says go to d:\profiles\user
directory
then change the ntuser.dat to ntuser.man the problem is as an administrator
i couldnt enter the folder of the user so how cn i change the extenstion ?

i made some search and some help says enable the policy computer>admin
templates>profiles>add admins to roaming

i did but still didnt have access to that folder so what to do to have
access to it ?
i tried to take owner ship but then the user couldnt sync with its folder
cuz it didnt have permissions although the group everyone i gave it full
control

got the picture now ?
--
Ammar S. Mitoori
IT Head QIMCO Co.
Tel : +9744831199
Mobile : +9745378400
Fax : +9744831643


"Dusko Savatovic" wrote:

> Hm, you've got me confused with your requirements, so let's recap how
> profiles work.
>
> 1. Roaming profiles.
> Roaming profiles use NTUSER.DAT and are "two-way sync". That is:
> a) User logs in, profile is copied to user's local profile on local disk
> b) User logs off, the profile is copied from local profile to the shared
> folder on the server.
> c) User logs in on another workstation, the profile is copied again from the
> server to the local profile.
> etc
>
> 2. Mandatory profiles.
> mandatory profiles use NTUSER.MAN and are "one-way sync". That is
> a) User logs in, profile is copied from server to the users's local profile,
> overwriting whatever is fond there.
> b) User logs off, changes are not saved to the server.
> c) user logs in again, the profile is copied again from the server,
> practicaly restoring the profile settings to the consistent state.
> IOW, mandatory profile is read-only variant of roaming profile.
>
> So IOW,
> a) If you need to enable users to keep their profile regardless of the
> workstation they use, then use roaming profiles.
> b) If you want to enforce uniform profile, use mandatory profiles. These are
> used mainly for kiosks or other applications that need to revert to default
> state after being used.
> c) If you want to enforce only few settings, such as company wallpaper and
> screensaver, then use local policy setttings (in workgroup) or group policy
> settings (in domain).
>
> HTH, Dush
>
> "Pure Heart" <ammar.s.mitoori@msdn.com> wrote in message
> news:FA75D2F9-5B34-495A-8E82-9879CC411C96@microsoft.com...
> > hi
> >
> > i took ownership then the client user couldnt sync its roaming profile,
> > then
> > i gave that user full control but faild to sync also
> > --
> > Ammar S. Mitoori
> > IT Head QIMCO Co.
> > Tel : +9744831199
> > Mobile : +9745378400
> > Fax : +9744831643
> >
> >
> > "Dusko Savatovic" wrote:
> >
> >> "Pure Heart" wrote
> >> > also when i log from a client pc with that roaming user to change the
> >> > extension from dat to man
> >> > and i restart i find it back to dat ????
> >>
> >> After you successfuly rename NTUSER.DAT to NTUSER.MAN, make this file
> >> read
> >> only.
> >>
> >> If acess to this file is denied when you are logged on as Administrator,
> >> you
> >> may need to take ownership of entire folder and assign full control
> >> permission to administrators group.
> >>
> >>
> >>
>
>
 
Re: user profies


"Pure Heart" wrote

> i tried to take owner ship but then the user couldnt sync with its folder
> cuz it didnt have permissions although the group everyone i gave it full
> control
>
> got the picture now ?
> --

Yeah, I've got the picture now.
When you took the ownership you should assign permission to yourself and to
the user and propagate this permission to the child objects.
You could then test to see if the user can write something to the shared
folder.

Also, when you set the GPO "add admins to roaming", it means that the
permissions will be applied to new users and their profiles. It will happen
when the computers next time refresh their policy, which is by default every
90 minutes +- 30 minutes.
You can refresh policy sooner by issuing command "gpupdate /force" at the
computer whose policy you wish to refresh.
 

Similar threads

I
How IT Can Harness the Power of AI and GPT
Replies
0
Views
46
ITPro
I
N
CIOs Can Reduce IT Talent Flight Risks by Offering Employees Work Flexibility
Replies
0
Views
51
Nathan Eddy
N
2
Windows 10 Windows 10 1909 StartMenu & Roaming Profile ( Problem when reseting passwords)
Replies
0
Views
232
2097
2
AWS
Site Upgraded
Replies
1
Views
31
Cloaked
Cloaked
I
Securing Multi-Cloud Environments with VM-Series Virtual Firewalls
Replies
0
Views
81
IT Pro - Microsoft Windows Information
I
Back
Top