The-Shniz
asked on
Managing WinXP Pro in a Win2k Server Environment...
I've been going off of a Word Doc named as the title of this Q written by Microsoft in August 2k1 2 try & figure things out, but no go :( This is a general prob & C'ms 2 B affecting all parts of WinXP admin. I know my policies R working in Win2k by logging in2 the server itself.
How do U administrate WinXP settings w/ Win2k Server, specifically common user settings such as Active Desktop, the new Start Menu (as opposed 2 the
classic menu), etc. None R B'ing enabled and is frustrating. It's using a roaming profile, not mandatory but is acting like a mandatory as no changes R B'ing saved.
Also, I know folder redirection is different in WinXP & am having difficulty redirecting 'My Documents' 2 home folders. I've updated Win2k Server's Admin Templates from WinXP & they just don't C'm 2 B getting applied. If U could point me in the right direction, I'd appreciate it.
P.S.
I'm confuzzed ;)
Thanx always!
- J
How do U administrate WinXP settings w/ Win2k Server, specifically common user settings such as Active Desktop, the new Start Menu (as opposed 2 the
classic menu), etc. None R B'ing enabled and is frustrating. It's using a roaming profile, not mandatory but is acting like a mandatory as no changes R B'ing saved.
Also, I know folder redirection is different in WinXP & am having difficulty redirecting 'My Documents' 2 home folders. I've updated Win2k Server's Admin Templates from WinXP & they just don't C'm 2 B getting applied. If U could point me in the right direction, I'd appreciate it.
P.S.
I'm confuzzed ;)
Thanx always!
- J
ASKER
Sorry about the shorthand, I tend to do it without thinking. Unfortunately, no I do not have a Win2k Workstation I can test it on, I wish I did.
As for WinXP's updated ADM files, that's what I was referring to when I said I already updated the Admin Templates. I basically just backed up Win2k Server's own ADM files & overwrote them with WinXP's (from the INF as U earlier described).
An example of "things not being applied:"
When logging into WinXP Pro, all I have is the plain blue background and a recycle bin using the Windows classic appearance. I am given the options to change wallpaper, WinXP appearance, add my computer etc icons but when you click Apply or Ok, changes are all ignored.
I hope this helps clarify a little, I understand this is a pretty vague problem (atleast it is to me).
Thanx,
- J
As for WinXP's updated ADM files, that's what I was referring to when I said I already updated the Admin Templates. I basically just backed up Win2k Server's own ADM files & overwrote them with WinXP's (from the INF as U earlier described).
An example of "things not being applied:"
When logging into WinXP Pro, all I have is the plain blue background and a recycle bin using the Windows classic appearance. I am given the options to change wallpaper, WinXP appearance, add my computer etc icons but when you click Apply or Ok, changes are all ignored.
I hope this helps clarify a little, I understand this is a pretty vague problem (atleast it is to me).
Thanx,
- J
ASKER
P.S.
I made sure to force "enable or disable" (depending on which was appropriate) relavent policies (display, active desktop, etc.) in Win2k Server's policy editor.
I made sure to force "enable or disable" (depending on which was appropriate) relavent policies (display, active desktop, etc.) in Win2k Server's policy editor.
To clarify, none of your policies are propogating to the XP clients? You are using a policy to specify wallpaper, are you using wallpaper located on the local machine or pushing it out? I advise against pushing wallpaper out overthe network at every login.
If indeed your policies are not getting out at all, you more than likely have a DNS issue, is DNS working properly? Are logins slow at all?
If indeed your policies are not getting out at all, you more than likely have a DNS issue, is DNS working properly? Are logins slow at all?
ASKER
Yes, you are exactly correct in saying that none of the policies are propgating to the WinXP clients. While I'm not specifying a mandatory wallpaper (as I agree with you), I've allowed users to change things like the wallpaper, etc (used just as an example).
It is very interesting that you picked it out as a DNS issue, never thought of that. As for the speed of logins, logins DO take an extraordinary amount of time on a 10MB NIC (HALF DUPLEX!)... I contributed it to the such minute bandwidth compared to today's standards and large transfers (user profiles, etc.), estimating 2 minutes to logon. One of the things I've been able to do while upgrading the network (creating this new server is just 1 part) is to replace these 10MB NIC's with 100MB NIC's. Logon times are now at like 10 to 15 seconds (I thought this was normal).
The only thing/policies that is working with WinXP it seems is that the user drives are being created and linked correctly. Also network permissions of shared folders (on the server) are correct. Both of these I would assume have nothing to do with the actual group policies). Now here's a little bit more from the logs:
System Log: NetLogon (12:03:34)
Dynamic registration or deregistration of one or more DNS records failed becuase no DNS servers are available)
DNS Server: DNS (12:03:50)
The DNS Server has started.
I assumed that "all was well" and that the DNS Server just started later than was being asked by Windows being that network access was working properly (I could log on).
Is "all not well," should the DNS be loading earlier, could the NetLogon be the cause of the problem? I really do appreciate the help...
Thanx again,
- J
It is very interesting that you picked it out as a DNS issue, never thought of that. As for the speed of logins, logins DO take an extraordinary amount of time on a 10MB NIC (HALF DUPLEX!)... I contributed it to the such minute bandwidth compared to today's standards and large transfers (user profiles, etc.), estimating 2 minutes to logon. One of the things I've been able to do while upgrading the network (creating this new server is just 1 part) is to replace these 10MB NIC's with 100MB NIC's. Logon times are now at like 10 to 15 seconds (I thought this was normal).
The only thing/policies that is working with WinXP it seems is that the user drives are being created and linked correctly. Also network permissions of shared folders (on the server) are correct. Both of these I would assume have nothing to do with the actual group policies). Now here's a little bit more from the logs:
System Log: NetLogon (12:03:34)
Dynamic registration or deregistration of one or more DNS records failed becuase no DNS servers are available)
DNS Server: DNS (12:03:50)
The DNS Server has started.
I assumed that "all was well" and that the DNS Server just started later than was being asked by Windows being that network access was working properly (I could log on).
Is "all not well," should the DNS be loading earlier, could the NetLogon be the cause of the problem? I really do appreciate the help...
Thanx again,
- J
> The only thing/policies that is working with WinXP it seems is that the user drives are being created and linked correctly. Also network permissions of shared folders (on the server) are correct. Both of these I would assume have nothing to do with the actual group policies).
This is AD. User drives are part of a users profile, where in policies do you specify user drives?
The NetLogon and DNS message you received are not a problem. 10 MB connection should not be an issue either. DNS is usually the reason policies are not getting out. Try establishing a new security group and put a new user in the group. Set up a group policy for the group, but only apply a setting or two. Log on to an XP Box and let me know if it propogates. Don't assign any special logon scripts for this test user.
Also the ADM (Template files) you are using, are they the new ones from an XP box. The new ADMs are backward compatible with Win2k, so it is ok to replace the adms on the server with the ones from an XP box. By the way I just found out yesterday that the wuau.adm template is for SUS.
This is AD. User drives are part of a users profile, where in policies do you specify user drives?
The NetLogon and DNS message you received are not a problem. 10 MB connection should not be an issue either. DNS is usually the reason policies are not getting out. Try establishing a new security group and put a new user in the group. Set up a group policy for the group, but only apply a setting or two. Log on to an XP Box and let me know if it propogates. Don't assign any special logon scripts for this test user.
Also the ADM (Template files) you are using, are they the new ones from an XP box. The new ADMs are backward compatible with Win2k, so it is ok to replace the adms on the server with the ones from an XP box. By the way I just found out yesterday that the wuau.adm template is for SUS.
ASKER
Well, I've created another OU, Group, User, & added the user to the group in the new OU. Am I possibly not creating the user profile's properly? The reason why I ask is that I logged on WinXP with the newly created user (& policy) but forgot to specify a user profile. I was getting happy in that I was able to change wallpapers & add My Computer icon to the desktop, then realized I forgot. I logged off, & specified a profile, and now get the same problem.
Here's the process I'm using to create my user profiles:
1) Logged on locally onto WinXP Pro
2) Go to System Properties > Advanced > User Profiles > Settings
3) Highlight existing profile & "Copy To"
4) Specify a network share on the server
and that's it...
I've just been copying the copied profile over & over and just renaming it for each user, with the network share (User Profiles) security being allowed to Domain Users.
P.S.
I appologize 4 the time delay as there was a problem that demanded my attention, all good now =Þ
P.P.S.
I unfortunatley do not have much experience with AD.
Thanx again,
- J
Here's the process I'm using to create my user profiles:
1) Logged on locally onto WinXP Pro
2) Go to System Properties > Advanced > User Profiles > Settings
3) Highlight existing profile & "Copy To"
4) Specify a network share on the server
and that's it...
I've just been copying the copied profile over & over and just renaming it for each user, with the network share (User Profiles) security being allowed to Domain Users.
P.S.
I appologize 4 the time delay as there was a problem that demanded my attention, all good now =Þ
P.P.S.
I unfortunatley do not have much experience with AD.
Thanx again,
- J
ASKER
Let me clarify real quick:
I've just been copying the profile over & over in Windows Explorer (not through the System Properties) itself.
Also, when I copied the original profile (& this test profile a 2nd time)... I did NOT specify permissions in the profile "Copy To" procedure. I assumed that was taken care of by the Server's folder network share permissions.
I've just been copying the profile over & over in Windows Explorer (not through the System Properties) itself.
Also, when I copied the original profile (& this test profile a 2nd time)... I did NOT specify permissions in the profile "Copy To" procedure. I assumed that was taken care of by the Server's folder network share permissions.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
You know, I definately have my foolish moments. The problem is solved, it seems my copied profiles were acting as mandatory (don't really know why). Anyways, once I deleted and recreated just a blank share and let the user build their own profile, everything worked out well. I'm going to have to spend some time tinkering to see why it happened the way it did. Thank you for your patience and your help!
P.S.
Any final words of wisdom on the subject? Much appreciated.
Thanx again,
- J
P.S.
Any final words of wisdom on the subject? Much appreciated.
Thanx again,
- J
Have fun! Wahooo!
> I know my policies R working in Win2k by logging in2 the server itself.
This does not mean the policies are working on the client Win2k workstations, have you tested the policies on a Win2k workstation to insure they are indeed propogating?
XP uses different ADM or security template files than Win2k. These policy template files can be found on an XP workstation:
Directory of C:\WINDOWS\inf
08/23/2001 07:00 AM 39,356 conf.adm
08/23/2001 07:00 AM 6,823 inetcorp.adm
06/06/2002 08:36 PM 247,026 inetres.adm
08/23/2001 07:00 AM 18,516 inetset.adm
08/21/2002 11:39 PM 1,376,194 system.adm
08/23/2001 07:00 AM 34,408 wmplayer.adm
04/15/2002 11:12 PM 19,070 wuau.adm
I hope this helps.