Link to home
Start Free TrialLog in
Avatar of stuart100
stuart100

asked on

Laptops on Active Directory and Off

We are currently in the middle of changing over from a workgroup to active directory.  So far so good except we are getting ready to switch over the laptops and have a few questions.

As I understand it when you are signed in to the domain you have a user porfile under documents and setting in XP or 2000.  You would have a differnet profile (local) when you sign directly onto the machine.  Take for example my machine.  I would use it here on the network/domain and when I leave here and go home I would use it there and since I don't have access to domain at home I would login locally correct?  Now as I understand it I would have to profiles on the machine.  My domain and my local.  What happens with mail profiles and my documents.  Is there anyway to point the local profile at the domain profile?  Or how does everyone else handle this?  Or am I missing something really easy?
ASKER CERTIFIED SOLUTION
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of strongline
strongline

when the laptop is off corp network, you can still "log" into domain with Cached Credential, as Chris pointed out, which will let you use your domain profile.

Further to that, if you want your profile to follow you when you switch to a different workstation/laptop, what you need is a roaming profile on file server.
your easiest option is to use cached login credentials, but do answer your question " Is there anyway to point the local profile at the domain profile?"

yes, i have done this before and it worked fine.  You simply point the local account and the domain account to the same profie.  I used 'tweakui' to make the changes.  TweakUi just makes the registry changes for you which makes it easier.
Avatar of stuart100

ASKER

Chris-Dent - Thank you I did not even know that existed....Now that article you sent me explains what it is but not how to set it up for our 2000 and XP and Vista Laptops.  Is it built right in and will do it automoaticly or is that something I have to set on the Domain controller?

Mikeleebria - Thank you for the exact answer that is helpful to know also.

It's built in and happens automatically, never anything I've had to configure.

Chris
One last question after reading about this it seems interesting because it also says the security rights for the user.  What happens if you switch the user from an admin on a machine to a power user. Do you have to clear the cached rights?

I don't believe so, local permissions and group membership can still be enumerated without the domain.

Chris
Ok so I totally lied I have one more question.  Lets say we have a machine that has a perfectly working local profile working on the workgroup.  We would like to make that computer join the domain.  When we do it creates a whole new profile.  THis means we have to resetup mail / drives / etc.  Is there any way to make a computer part of the domain and have it just use or upgrade the current local profile.  That way when we have to do this to our couple hundred machines we are not spending forever.
>>Is there any way to make a computer part of the domain and have it just use or upgrade the current >>local profile.

reboot, log on as admin, rename the new domain profile to domain_old, then rename the "good local profile" with the name of the profile that you just renamed.  that will make the new domain account use the old local profile since it looks for it by name.

thanks alot for the points.