dwoodfie74
asked on
WINDOWS 2000 SERVER GROUP POLICY
Hi I would like to set a group policy which would block users from saving documents to their local hd (need to save everything to a server to get a backup). Is it possible to do this and if so how? Many of the users are admins on their local machine.
thanks
thanks
You need to set the roaming profile to the user profile and point the user to the server.
How to create a roaming user profile in Windows 2000
http://support.microsoft.com/kb/302082
How to configure a user account to use a roaming user profile in Windows Server 2003, Windows 2000 Server, or Windows NT 4.0
http://support.microsoft.com/kb/316353
Please follow the document and get back to us if any issues.
regards
Gopal Krishna K
http://support.microsoft.com/kb/302082
How to configure a user account to use a roaming user profile in Windows Server 2003, Windows 2000 Server, or Windows NT 4.0
http://support.microsoft.com/kb/316353
Please follow the document and get back to us if any issues.
regards
Gopal Krishna K
roaming profiles have NOTHING to do with where users save their documents. Roaming profiles are for user settings (favorites, desktop settings etc), NOT for saving documents.
you need to look into folder redirection which will redirect the local 'my documents' to a network file server/share. Do you have home directories setup?
one of the biggest reasons why roaming profiles are a horrible idea for mydocuments is simply loginin time. Say a user has 4 GB of documents and you put this in the PROFILE, then at user login time 4 GB must be copied over the network. Just imagine this going on at 9 am when everyone is trying to log in at once.
you need to look into folder redirection which will redirect the local 'my documents' to a network file server/share. Do you have home directories setup?
one of the biggest reasons why roaming profiles are a horrible idea for mydocuments is simply loginin time. Say a user has 4 GB of documents and you put this in the PROFILE, then at user login time 4 GB must be copied over the network. Just imagine this going on at 9 am when everyone is trying to log in at once.
Agree 100% with mike!
You should enable folder redirection on the my documents and application data if you are going to use roaming profiles. Even if they are members of the local admins what is to keep them from saving to their computers?
You should enable folder redirection on the my documents and application data if you are going to use roaming profiles. Even if they are members of the local admins what is to keep them from saving to their computers?
ASKER
I have a share setup to a public folder. From the diversity of the anwsers what is the best way to go. Do I need to setup roaming and then folder redirect? Can I set this up for the whole domain or do I need to do it for each ou. If i set it up for the whole domain can I exclude some users? Point me in the right direction.
thanks for your help.
thanks for your help.
The best way is to create a roaming profile and set the storage space in the server based on the number of users. Once this exceeds the max level then the user can always transfer some of the important files in the Resource server or as you said to the public folder with there user profile in it.
Note: make sure that even the public folder server is also backed up and also the Romaing profile server too.
let me know if this is good suggestion
regards
Gopal krishna K
Note: make sure that even the public folder server is also backed up and also the Romaing profile server too.
let me know if this is good suggestion
regards
Gopal krishna K
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>>The best way is to create a roaming profile and set the storage space in the server based on the number of users.
i totally disagree,,,,, all this will do will cause WAY too much network traffic at login time since the users ENTIRE home folder will be copied at EVERY login. Again, roaming profiles are for user settings, NOT user files.
>>Once this exceeds the max level then the user can always transfer some of the important files in the Resource server or as you said to the public folder with there user profile in it.
why not just put it on the file server in a home directory share (where it belongs) in the first place? why have USERS manage where their data is? That is just a nightmare waiting to happen.
i totally disagree,,,,, all this will do will cause WAY too much network traffic at login time since the users ENTIRE home folder will be copied at EVERY login. Again, roaming profiles are for user settings, NOT user files.
>>Once this exceeds the max level then the user can always transfer some of the important files in the Resource server or as you said to the public folder with there user profile in it.
why not just put it on the file server in a home directory share (where it belongs) in the first place? why have USERS manage where their data is? That is just a nightmare waiting to happen.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
My 2Cents
Either of the suggestions will work, roaming profiles and/or folder redirection, using both would be my preferred method, however what if the user saves to C:\ or All Users\My Documents ?? dwoodfie74 I believe your biggest problem is that your users are Admins on their computers, you could setup Group Policies to Hide Drives or "LockDown" the system to some extent etc.. but a local admin could circumvent this, if they know how.
Cheers
Either of the suggestions will work, roaming profiles and/or folder redirection, using both would be my preferred method, however what if the user saves to C:\ or All Users\My Documents ?? dwoodfie74 I believe your biggest problem is that your users are Admins on their computers, you could setup Group Policies to Hide Drives or "LockDown" the system to some extent etc.. but a local admin could circumvent this, if they know how.
Cheers
All of my users are just domain users and that's it. :) Well I take that back, there is 1 group that has access to TS, but that's all.
Kevin
Kevin
[Version]
Signature=$CHICAGO$
[DefaultInstall]
AddReg=Reg.Settings
[Reg.Settings]
HKCU,Software\Microsoft\Wi
HKCU,Software\Microsoft\Wi
[Strings]
PERSONAL = "\\(server or dfs location)\files\Individual
FAVORITES = "\\(server or dfs location)\files\Individual
Make a new file such as documents.inf and past the above in. then right click on the file and select install logoff and log back on then move the documents over. I also have this script set to copy internet explorer favroties. I have the permission in this folder set so that domian users can create folders and then only domain admins and current owner have inherted rights to these folders. This is an automated way of keeping other users out of documents with out manually settings permissions for each new folder. Some times if the user doesn't have admin rights to their machine i get an error but it still works. (i have never figured that one out).
Signature=$CHICAGO$
[DefaultInstall]
AddReg=Reg.Settings
[Reg.Settings]
HKCU,Software\Microsoft\Wi
HKCU,Software\Microsoft\Wi
[Strings]
PERSONAL = "\\(server or dfs location)\files\Individual
FAVORITES = "\\(server or dfs location)\files\Individual
Make a new file such as documents.inf and past the above in. then right click on the file and select install logoff and log back on then move the documents over. I also have this script set to copy internet explorer favroties. I have the permission in this folder set so that domian users can create folders and then only domain admins and current owner have inherted rights to these folders. This is an automated way of keeping other users out of documents with out manually settings permissions for each new folder. Some times if the user doesn't have admin rights to their machine i get an error but it still works. (i have never figured that one out).
i should specify that this changes the location of the users mydocuments in case someone isn't familuar with registry settings. ALso i use username - computer name for the folders because we have some shared user names in our organization yet. I even do this with our roaming profiles since loading the users documents over a remote connection can take for ever at times.
Just thought I would open my trap and voice agreement with Mike and Kev.....