Solved

Roaming Profiles on Workgroup

Posted on 2004-10-04
8
409 Views
Last Modified: 2012-06-21
I have a question about roaming profile on WORKGROUP. Now, this concept clearly makes sense on a domain setting, but maybe not on workgroup in my opinion, which is why I ask here for clarification.

The reason this concept make sense on domain is that, a domain user account conceptually belongs to the domain, and is not fixed to any particular computer in the domain. In talking about the roaming profile, you also wants the profile to "move" across computer; i.e. not fixed to any particular computer. So they are a perfect match.

But for a workgroup .... Well, say there is a user named "fred", with a LOCAL user account also named "fred" on each of 5 computers on a workgroup. He wants to move among these computers and still use the same profile. How are you going to setup?

Say a remote share \\SERVER\PROFILES has already been created to store roaming profiles.

These 5 "fred" accounts are DIFFERENT (with different SID) even the names are the same. How can the permissions on \\SERVER\PROFILES be set? What about \\SERVER\PROFILES\fred? Would it be necessary to set FIVE set of permissions to each SID of these different "fred" account (which I can make sense anyway)?

Or should I simply create another "fred" user account on SERVER? What happens if I set a password different from those 5 "fred" accounts and then I log on?

What if now "fred" wants to move to a sixth computer? Any adjustment needed on the permissions of \\SERVER\PROFILES\fred?

I ask these questions because in my notes (for 70-210 exam) and various places on the Internet, LOCAL accounts are used. I guess it means roaming profiles can be used even on workgroup ...

Thanks for your help guys!

Gating
0
Comment
Question by:Gating
8 Comments
 
LVL 2

Assisted Solution

by:stardust126
stardust126 earned 40 total points
ID: 12219957
No.
Roaming profiles can't be used on workgroups simple because for roaming profile you need a central location where everyone have access to store their profiles. In workgroups, it's not possible, because you can't give access to someone from other computer on your own computers. The computers don't know each other.
The only thing you can do is give access to the 'Everyone' group, and I'm sure you don't want to do that.

Local accounts are used alot, question is in what context they are used?
0
 

Author Comment

by:Gating
ID: 12223976
Thanks for the reply. The context of "Local accounts" is the creation of roaming profiles as discussed in my notes. I'll paraphrase from my notes:

    1. Log on as Administrator to the LOCAL machine. (Hint 1)
    2. Create a network share PROFILES on a remote computer SERVER.
    3. In Administrative Tools, select Computer Management. Expand System Tools and
        Expand Local Users and Groups (Hint 2). Create a new user "fred".
    4. Right-click the user and choose the "Profile" Tab. In the "Profile path" box, enter the
        path \\SERVER\PROFILES\%username%.

        :
        :
        :

The point is that my notes creates roaming profiles on LOCAL user accounts ... Is it trying to use roaming profiles on workgroups (which I don't feel right)?



0
 
LVL 2

Expert Comment

by:stardust126
ID: 12228818
and what are the permissions on \\SERVER\PROFILES\%username%?
0
 
LVL 5

Assisted Solution

by:swinterborn
swinterborn earned 20 total points
ID: 12231470
As you say, it is posssible to use roaming profiles, but it is going to be a complete pain in the neck to administer.

You will have to manually keep the usernames and passwords in sync on all machines, (server and workstations)
You will have to manually create a new user and configure that user to use a roaming profile on every new workstation.

As soon as you start to think about implementing these things, setting up a domain begins to look extremely attractive - more pain in the short term, but long term no contest.

HTH
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:Gating
ID: 12234538
To stardust126:

\\Server\Profiles\%username% does not exist yet because I am testing it for a new user. Besides, for a new user, this folder is supposed to be created when the user logon and logoff the first time (hopefully --- right?).

For the sake of argument, say the user account is "fred" and the computer "CLIENT" is used to logon.

\\SERVER\Profiles has "full control" share and NTFS permissions for everyone.

I logon as "fred" on CLIENT. An error message was displayed about insufficient permissions to access the folder \\SERVER\Profiles\fred. I checked the subfolder "fred" was NOT created under \\SERVER\Profiles.

It turned out I must create "fred" account on SERVER. Then I created such account. The error message was "improved" to be about "improper permissions on the folder \\SERVER\Profiles\fred".

Now the subfolder "fred" was indeed created under \\SERVER\Profiles, but the ownership was very weird: it was not owned by SERVER\fred, but by CLIENT\fred. Of course, local accounts are not visible to remote computers, so it was not displayed as CLIENT\fred, but as the SID of CLIENT\fred.

I changed the owner to SERVER\Administrators group and grant SERVER\fred full control rights. Then things were OK.

With domain environment and with domain user account, things worked like a breeze - there was no error messages; no ownership or permissions needed to be "corrected".

There are "workarounds" of course - e.g. to create \\SERVER\Profiles\fred and setup permissions in advance. But my gut feeling says it is not the way to go - maybe roaming profiles do not make sense for workgroups?
0
 

Author Comment

by:Gating
ID: 12234655
BTW, I need to know not because I am going to implement roaming profiles, but because I am revising MCSE and my notes are doing it in a Workgroup environment. This is conceptually problematic. (If the notes get it wrong, I will have troubles ......)

0
 
LVL 4

Accepted Solution

by:
internetsavant earned 40 total points
ID: 12240797
to answer your question simply, NO you cannot set up roaming profiles.  -- plain and simple. (like stardust already said)

if you create a workgroup server which gives access to a bunch of different local account "freds", this is still not romaing profiles, this is a huge headache.  

ROAMING PROFILES ARE ONLY AVAILABLE IN A DOMAIN ENVIRONMENT
0
 

Author Comment

by:Gating
ID: 12260910
Does Microsoft say anything on this subject?

If not, then I will conclude:

swinterborn recommended strongly a domain environment, but did not completely defy workgroups.

stardust126 said NO, internetsavant said a very definite NO.

If there are no more response, I am going to assign 40 to each of stardust126 and internetsavant; 20 to swinterborn, unless somebody can point out a Microsoft article on this matter. So I'll wait for one day or two.

Thanks a lot guys!
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
I use more than 1 computer in my office for various reasons. Multiple keyboards and mice take up more than just extra space, they make working a little more complicated. Using one mouse and keyboard for all of my computers makes life easier. This co…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now