Profiles, taking away admin access, domain joining, etc
Posted on 2004-04-20
Hi folks, profile question(s).
We have a small LAN, bout 40 users on it. Prior to my starting here, all workstations had admin access, and of course, it's been no end of trouble.
We have a new domain, and password sync (SFU 3.5) set up, which is set to kick in every 60 days. In a perfect world, I'd love to transfer all the boxes to the domain in that time - half that now, actually (one-man Windows admin, helpdesk, etc. eats up time) - but for now, I'm thinking about simply making their current local profile the Default User profile, and then creating a new account on each box for all users, so I can at least get users logging onto the domain, and still retaining their previous profile, so they can password sync from their workstations when the time comes.
I've tried this on my system, and was unsuccessful - I think it was because I had the Pre-Windows 2000 login set to duanel, 'cause that's what the new account showed up as on my local box. Also, I had no access to write to my newly created profile for some reason.
I have an account set up on the domain controller - email@example.com , and I also log into my local box (non-domain) as dlambe.
I was hoping that someone could answer with a fairly detailed walkthrough as to what to expect, how I can get the local account to be the same username as what's on the domain, and if I can actually do what I'm trying to do the way I'm trying to do it - oh, and also if I can take away admin access, and still allow the users to write to their own profile (not sure what happened to my test, but I must have missed something). I've seen some posts regarding what I'm trying, but nothing as detailed as what I'm looking for. Had I more time (and some test boxes other than my work system), I'd be happy to do it myself, but I simply can't.
Thanks much for any insight.