?
Solved

Laptops on Active Directory and Off

Posted on 2007-03-29
10
Medium Priority
?
1,125 Views
Last Modified: 2012-05-05
We are currently in the middle of changing over from a workgroup to active directory.  So far so good except we are getting ready to switch over the laptops and have a few questions.

As I understand it when you are signed in to the domain you have a user porfile under documents and setting in XP or 2000.  You would have a differnet profile (local) when you sign directly onto the machine.  Take for example my machine.  I would use it here on the network/domain and when I leave here and go home I would use it there and since I don't have access to domain at home I would login locally correct?  Now as I understand it I would have to profiles on the machine.  My domain and my local.  What happens with mail profiles and my documents.  Is there anyway to point the local profile at the domain profile?  Or how does everyone else handle this?  Or am I missing something really easy?
0
Comment
Question by:stuart100
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
  • +1
10 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 18816468

You can't just use Cached Credentials on the laptop while out of the office? That is, just logon to the Domain as if you were connected.

All documented here:

http://support.microsoft.com/kb/913485

Chris
0
 
LVL 13

Expert Comment

by:strongline
ID: 18816730
when the laptop is off corp network, you can still "log" into domain with Cached Credential, as Chris pointed out, which will let you use your domain profile.

Further to that, if you want your profile to follow you when you switch to a different workstation/laptop, what you need is a roaming profile on file server.
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 18816862
your easiest option is to use cached login credentials, but do answer your question " Is there anyway to point the local profile at the domain profile?"

yes, i have done this before and it worked fine.  You simply point the local account and the domain account to the same profie.  I used 'tweakui' to make the changes.  TweakUi just makes the registry changes for you which makes it easier.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 

Author Comment

by:stuart100
ID: 18818305
Chris-Dent - Thank you I did not even know that existed....Now that article you sent me explains what it is but not how to set it up for our 2000 and XP and Vista Laptops.  Is it built right in and will do it automoaticly or is that something I have to set on the Domain controller?

Mikeleebria - Thank you for the exact answer that is helpful to know also.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18819073

It's built in and happens automatically, never anything I've had to configure.

Chris
0
 

Author Comment

by:stuart100
ID: 18819171
One last question after reading about this it seems interesting because it also says the security rights for the user.  What happens if you switch the user from an admin on a machine to a power user. Do you have to clear the cached rights?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18819189

I don't believe so, local permissions and group membership can still be enumerated without the domain.

Chris
0
 

Author Comment

by:stuart100
ID: 18819373
Ok so I totally lied I have one more question.  Lets say we have a machine that has a perfectly working local profile working on the workgroup.  We would like to make that computer join the domain.  When we do it creates a whole new profile.  THis means we have to resetup mail / drives / etc.  Is there any way to make a computer part of the domain and have it just use or upgrade the current local profile.  That way when we have to do this to our couple hundred machines we are not spending forever.
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 18820180
>>Is there any way to make a computer part of the domain and have it just use or upgrade the current >>local profile.

reboot, log on as admin, rename the new domain profile to domain_old, then rename the "good local profile" with the name of the profile that you just renamed.  that will make the new domain account use the old local profile since it looks for it by name.

0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 18824465
thanks alot for the points.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Let's recap what we learned from yesterday's Skyport Systems webinar.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question