Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 6496
  • Last Modified:

User account cannot find roaming profile

I have two user accounts set up identically using server management.  They both use the same roaming profile (I copied and pasted the roaming profile path from one account to the other).  One account has no problem finding the roaming profile, on logon, the other account has a dialog that states it cannot find the roaming profile -- creating a temporary profile.  SBS with a domain.  Any ideas why the one account cannot find the roaming profile?
0
thenelson
Asked:
thenelson
  • 9
  • 7
1 Solution
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
You really should review the "roaming profile" section of this document:  http://sbsurl.com/postinstall

There could be many reasons why an account cannot find the roaming profile... such as the one described here: http://support.microsoft.com/kb/896427 and here: http://support.microsoft.com/kb/831651, but since it's working for ONE person and not the other, I'd suspect it has more to do with the fact that you copied a profile... which is really not the way to do things these days.

Instead, you should create a user template that the add-user wizard will apply with any specific settings you need.

Jeff
TechSoEasy
0
 
thenelsonAuthor Commented:
I followed the steps in http://sbsurl.com/postinstall but still get cannot find the roaming profile.

In the very last step, I used
\\businessname.local\public\RoamingProfiles\restricted
and rename it to
\\pain.local\public\RoamingProfiles\restricted
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
I don't understand your use of "restricted" you need to use the VARIABLE  %username%

So, literally, your path needs to be \\pain.local\public\RoamingProfiles\%username%

Jeff
TechSoEasy
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Let me also confirm that you created a new root in the DFS admin called "public" and that root is configured to a share on your server called Public as well?

Then... I reread your question and you state that they both use the SAME profile??  Or did you mean that they both would use the same settings?  Because you can't share a single profile among two users.  Each one is unique... consider that your user profile contains things like "recent documents", spell-check dictionaries, and thousands of other personalized settings which are automatically remembered.

If you want to have users with similar settings you need to create a template as described above.  You can also use Security and Distribution groups to group users together for specific purposes.

Jeff
TechSoEasy
0
 
thenelsonAuthor Commented:
>Let me also confirm that you created a new root in the DFS admin called "public" and that root is configured to a share on your server called Public as well?
No, I didn't. I followed the steps listed under "Configuring Roaming Profiles" in the link http://sbsurl.com/postinstall which did not mention a root called "public".

>Then... I reread your question and you state that they both use the SAME profile??
I thought users can share the same mandatory profile.  

>Each one is unique... consider that your user profile contains things like "recent documents", spell-check dictionaries, and thousands of other personalized settings which are automatically remembered.
I do not want my employees to have personalized settings on our company machines.  I have found that people perosonalizing their computer causes the majority of my computer troubleshooting.  Things like my taskbar is missing (of course they don't know the name for the taskbar).  Or the computer is running slowly because they loaded a 50 megabyte picture of a scantly dressed woman as their wallpaper which has also created a formal complaint from another employee.  What I want to do is have every desktop look and work exactly the same except for different access levels for different employees.  
0
 
thenelsonAuthor Commented:
I guess what I need to do is create a profile template and then use group policies so that users cannot change their desktop but I don't know how to do this.  I thought creating a mandatory profile would be the quick and dirty way to restrict what users can do.  I need to get something up and running so that remote users can access the files and utilities on our system with severe restrictions to only the areas they should have access to. I have been trying to do this for months but have been unsuccessful -- very frustrating.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
The headline, "Configuring Roaming Profiles" is about a third of the way down in the section about Roaming Profiles.  If you just skipped to that headline without reading the information above it describing the process, then you probably missed:

"Roaming Profiles should be used within a DFS namespace as described in the “Distributed File System” section in this chapter. This makes it easier to change the location of folders containing the Roaming Profiles, if required in the future. The location may change if more share space is required and the files are moved to the new location. "

DFS namespace must be configured prior to configuring Roaming profiles.


Nelson, I realize that you don't want personalized settings on your computers.  But this is not the way to handle that.  Mandatory Profiles are the NT 4.0 version of what we have as Templates today.  Each user needs to log onto a machine separately under their own username... their credentials are cached in their profile so that they have the appropriate rights access to various network devices.  

The way to do this for remote users is to create a SECURITY GROUP and then just allow that group to have the access you want.  The security group can be used in a template to make it easy to apply.  

Why don't you take a look at this paper on how to make SharePoint accessible to External Users:
http://www.microsoft.com/downloads/details.aspx?familyid=b51dcb25-0c63-4561-b981-9a3c860b9f15&displaylang=en

While this may or may not be the way you want to provide access to remote users... pay special attention to the chapters on creating restricted users... it's exactly what you want to do.

Jeff
TechSoEasy
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Nelson,

After just watching this video, I was thinking about your comments regarding not wanting individual workers to have any flexibility in their work environment... I felt that its important to point out that philosophy is really against today's management trends because the software available today helps to guide employees while giving them the flexibility to accomplish even more.

Thought you might be interested:  http://www.microsoft.com/business/peopleready/videos/greatestasset.asx

Jeff
TechSoEasy
0
 
thenelsonAuthor Commented:
Jeff,

Thanks for the info.  The video was interesting but I don't see how it applies to my situation.  The video talked about using familiar software and smart phones for outside people.  We use MS office but people do not know how to use those bloated programs except for very basic use of Word.  To do anything else, they ask me.  Perhaps MS was refering to Linex?  We have no outside people that travel and need a smart phone - further HIPAA requlations would prohibit using them.  I don't have control over what software my contractors use unless I give them access to our software which is part of what I am trying to do with RWW.

I started reading the Sharepoint info and got to the static isp requirement.  We currently use Quest - to get a static ISP from them, we would need to upgrade our service which would cost about $100/month more.  If I went through the hassle of switching ISP, my cost would go up about 30-40/month including the static ISP.  Our budget cannot afford that.  Is there a way to use Sharepoint using ISP redirection like No-IP?  I notice that RWW provides an option to "Use my company's internal web site".  Can I access sharepoint from there?  Although I think it is a mute point since they would be able to access the files when they select "Access my computer at work".   I just need to get that up and running.  They need to see the programs they need to use on their desktop and access the folders they need to use.  I also want the desktop locked down.  I waste a lot of time when one of my inside employees call me away from my work when they screw up their desktop.  It will be even worse when my outside contractors screw up their desktop.  

Since you (and Microsoft) are up in the relatively computer literate Northwest, you may not see the problems we see in the rest of the world.  I tell people, "Open Notepad..." with the response of "What is Notepad?"  Today, I just explained to a doctor to press "ctrl-A" to highlight the entire document and got the response, "Wow, that's cool.  I didn't know you could do that!"  Of course she made the same comment the 20-30 times I expained the ctrl-A command to her before.  She has little pieces of paper thumbtacked to her walls that explain how to move a file, how to open word, etc.  I spend about 2 hours a week repairing desktops that have been changed so that someone cannot find the program they need.  Or, even though I used to tell people to log off when they leave a workstation, they don't and someone else sits down and uses their login.  So the desktops all need to look the same.

0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Nelson,

Too bad you focused on the outside situation in the video rather than the empowered users that were shown in the "competative" company that was just buzzing with activity.  My main point in sharing that with you had nothing to do with your contractors... but everything to do with your desire to "control" every aspect of a worker's job.  

I think you have taken my example of the Sharepoint Extranet in the wrong way... your original question was about creating a RESTRICTED user group and enabling roaming profiles.  I ONLY provided the SharePoint article because it describes how to creat a restricted group.

I'm rather confused now about all of your comments regarding RWW... for local users???

Regarding your last paragraph... people here are no different... (Plus, I'm from Tucson originally... have only lived up here for the past 7 years -- so trust me... there are plenty of people I deal with on a daily basis that don't know the difference between Office and Windows.

This is EXACTLY why I focus on making the systems more "User-Proof"... this way I spend much less time fixing problems and troubleshooting, and much more time training and helping folks learn how to use the incredible tools they have before them.

If you spend 2 hours a week repairing desktops... then you need to spend a few hours learning how to lock down desktops via Group Policy.  You should also review how to implement a Software Restriction Policy to stop people from installing things they shouldn't.  You might also want to configure an automatic Log-off if users forget... or even better, since it's a HIPAA environment, consider the use of SmartCards... these must be inserted in the SmartCard reader to unlock a machine and the machine locks when it's removed.  Usually people keep these attached to their belt or other article of clothing so that when they walk away from a station they are logged out.  (Just like the Casino Club cards in the slot machines!).

>>>"We use MS office but people do not know how to use those bloated programs except for very basic use of >>>Word.  To do anything else, they ask me."

To this, I say... spend a bit of time configuring your systems so that you can have the confidence to teach them to fish for themselves -- knowing that they can't hurt too much by trying... because I've yet to meet ANY office worker that does not want to learn more.  In my experience, what usually stops them from learning is either their own fear that there is "too much to know" or someone else telling them that they "don't need to know", or again, "it's too much to know".

The fact is that with some basic skills in using the Help system (ie, learning to press the F1 key), or learning how to use forums such as this... or Google to find the answers they need to do their jobs, or sites like http://office.microsoft.com/en-us/FX011917961033.aspx which will provide lots of good ideas to help will allow a user to be even more productive and happier in their job.  There isn't "too much to know" if you learn the how to ask the right questions, and to be given the confidence to then be able to envision the end result.

I'm sorry if this is not directly answering your question, or if it's gone off on too much of a "business advice" tangent... but that's what I do for a living... the technology is only a vehicle for providing a better managed workplace.  I hope the information I've provided will help you in that regard.

Jeff
TechSoEasy
0
 
thenelsonAuthor Commented:
Jeff,

I guess you are getting the brunt of my frustration with trying to make this work going on six months now. I am sorry. I understand you are trying to help.  My frustration in with the bloated complexity of Windows XP, SBS and Office.  I am not computer illiterate. I have been involved with compilers since the 60s having learned over two dozen different languages over the years and yet I could not figure out how to install SBS. I hired a well respected local consultant to install SBS to find out from you that they did it wrong - a common occurrence you stated.  After hiring you to fix the SBS installation, I still cannot have my outside contractors log on to our system to use the database J designed and access files they need.

I have spent many hours more than two to find a decent set of instructions for group policy. I have tried to set up group policies using what instructions I have found and advise from EE experts but it has not worked. Since I have used mandatory roaming profiles before, I thought that would be quick and simple but clearly nothing is quick and simple with SBS.

All I am trying do is create three different profiles with access to the programs and files each needs to get their work done. One profile for inside users, one for outside users and one for me.  I don't want anyone to be able to change the profiles except me. I would want everyone to get access to the files through My Documents or get rid of My Documents and use another folder that is available as a menu on the start menu. I just cannot understand why this is so complicated to do.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
I do understand your frustration... I would only say that it's not complicated... but the technology has changed from what you had previously learned.  As I stated above, mandatory profiles no longer are used, and User Templates have taken their place on an SBS.

If these documents are "COMPANY DOCUMENTS" then using "MY DOCUMENTS" doesn't make sense.  SBS DOES create a standard "General Documents on Company Web" share which can be found in "My Network Places" and a shortcut to this location can easily be put on the desktop.

Jeff
TechSoEasy
0
 
thenelsonAuthor Commented:
So I quess my questions are:
1) How do I learn how to use group policies?
2) How do I set up two profiles for all my users without having to log in to each user on each machine?
3) How do I get rid of "My Documents" throughout my organization?
4) How do I set up the "General Documents" so that they will show up on the desktop, Start Menu and Quick Launch bar for every user?
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
1.  By using them, primarily.  SBS has about 8 default GPO's (Group Policy Objects) that are already configured and operating.  There are plenty of resources on TechNet, such as this: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/gpfeat.mspx, or you may want to get a good book about them such as this: http://www.microsoft.com/MSPress/books/8763.asp.

2.  Why two profiles?? I don't understand.

3.  Via Group Policy. I wouldn't suggest that you eradicate the My Documents folder, though... because many programs rely on it being there.  This is why folder redirection is recommended... so this folder will sit on the server.  I suppose you could have them all pointing to the same folder on the server so that it's a community space.

4.  Via Group Policy.  You can specify speific shortcuts to appear wherever you like.  Here's an example of how to do this for Desktop Shortcuts:  http://www.petri.co.il/forums/showthread.php?t=2431.  Basically you can find help for specific items by Google Searching "GPO + whatever it is you want to do".

Jeff
TechSoEasy
0
 
thenelsonAuthor Commented:
Thanks for the info! I feel that I am getting somewhere although I haven't looked at the links yet.

2.  Why two profiles?? I don't understand.
One for inside employees with access and links to Web browser, Word, Excel, Outlook, Powerpoint, my Access database, our credit card processing program, our two scannners and all of our printers.

One for outside employees with access and links to my Access database and one internal printer only.

3, 4.  I currently use one My Documents for all of our company documents.  I have manually redirect My Documents for each user on each machine - a real pain.  I tried using SBS My Documents redirection but it made a huge mess creating a separate My Documents folder for each user in the folder I specified and turned on sychronization for every profile (why MS feels it needs to use sychronization by default on desktops that are permantly connected to the network, I cannot understand).  I would prefer to use My Documents for the reason you mentioned but redirect all profiles to the one folder if possible.  Should I create a "General Documents" and hide My Documents instead?  My experience has been that employees having individual My Document folders leads to a back up nightmare, multiple versions of the same form letters (many of which do not meet company policy and government requirements) and adds to the employee belief that the company computers can be used for all sorts of personal business which has no  place in the workplace.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Okay... now I understand.  You use USER TEMPLATES.  Go back to that Sharepoint document I linked above... IGNORE EVERYTHING in it except for Step 6. "Setting Up User Accounts for External Users".  You will probably have to modify these settings to suite your needs, but essentially this is how you create very restricted users.

Since you just want the outside users to have access to a single program, then the best way to do that would be to designate that program in their User Properties (this should be done in the Template you are creating for this class of user).  On the Environment Tab, you will designate the Access Database they will use.  When they close out of Access it should also log them out of the session.

For printer assignment for these remote users, go to the Printers section of the Server Management Console (just below Server Computers in Standard Management) and add a DENY record to each printer you don't want them to access.  The account you will use for the DENY attribute will be the Security Group you are creating for these users.

As for the internal users configuration... I gave you a couple of links above, but forgot one of my favorites:
http://www.gpanswers.com/community/index.php
This forum is exclusively dedicated to GP, and you can find most any answer you need there.

And then, I am so glad you said, "back up nightmare, multiple versions of the same form letters (many of which do not meet company policy and government requirements)"!!!  This is PRECISELY why I recommended that you move to SharePoint for your company documents.  In fact, if there are forms that need to be filled out properly, you should absolutely look into using InfoPath combined with SharePoint.  You already own the SharePoint part of the equation... you just need to take a little bit of time to learn how to use it.  Plus InfoPath integrates perfectly with Access.

Article:  http://advisor.com/doc/13108 and http://www.windowsitpro.com/articles/print.cfm?articleid=41116
Note the comments about how InfoPath ensures HIPAA compliance.

You'll find lots of other pertinent info here:  http://office.microsoft.com/en-us/FX011917961033.aspx

I do realize that all of these technologies are unfamiliar to you... but I also know from working with them that they are easy to learn and deploy.  If you added up all the time you spend trying to fix issues that can be avoided in the first place with a bit of planning and controls, I think you'll find it's worth it.

Jeff
TechSoEasy

0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 9
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now