Solved

Laptops on Active Directory and Off

Posted on 2007-03-29
10
1,117 Views
Last Modified: 2012-05-05
We are currently in the middle of changing over from a workgroup to active directory.  So far so good except we are getting ready to switch over the laptops and have a few questions.

As I understand it when you are signed in to the domain you have a user porfile under documents and setting in XP or 2000.  You would have a differnet profile (local) when you sign directly onto the machine.  Take for example my machine.  I would use it here on the network/domain and when I leave here and go home I would use it there and since I don't have access to domain at home I would login locally correct?  Now as I understand it I would have to profiles on the machine.  My domain and my local.  What happens with mail profiles and my documents.  Is there anyway to point the local profile at the domain profile?  Or how does everyone else handle this?  Or am I missing something really easy?
0
Comment
Question by:stuart100
  • 3
  • 3
  • 3
  • +1
10 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 18816468

You can't just use Cached Credentials on the laptop while out of the office? That is, just logon to the Domain as if you were connected.

All documented here:

http://support.microsoft.com/kb/913485

Chris
0
 
LVL 13

Expert Comment

by:strongline
ID: 18816730
when the laptop is off corp network, you can still "log" into domain with Cached Credential, as Chris pointed out, which will let you use your domain profile.

Further to that, if you want your profile to follow you when you switch to a different workstation/laptop, what you need is a roaming profile on file server.
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 18816862
your easiest option is to use cached login credentials, but do answer your question " Is there anyway to point the local profile at the domain profile?"

yes, i have done this before and it worked fine.  You simply point the local account and the domain account to the same profie.  I used 'tweakui' to make the changes.  TweakUi just makes the registry changes for you which makes it easier.
0
 

Author Comment

by:stuart100
ID: 18818305
Chris-Dent - Thank you I did not even know that existed....Now that article you sent me explains what it is but not how to set it up for our 2000 and XP and Vista Laptops.  Is it built right in and will do it automoaticly or is that something I have to set on the Domain controller?

Mikeleebria - Thank you for the exact answer that is helpful to know also.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18819073

It's built in and happens automatically, never anything I've had to configure.

Chris
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:stuart100
ID: 18819171
One last question after reading about this it seems interesting because it also says the security rights for the user.  What happens if you switch the user from an admin on a machine to a power user. Do you have to clear the cached rights?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18819189

I don't believe so, local permissions and group membership can still be enumerated without the domain.

Chris
0
 

Author Comment

by:stuart100
ID: 18819373
Ok so I totally lied I have one more question.  Lets say we have a machine that has a perfectly working local profile working on the workgroup.  We would like to make that computer join the domain.  When we do it creates a whole new profile.  THis means we have to resetup mail / drives / etc.  Is there any way to make a computer part of the domain and have it just use or upgrade the current local profile.  That way when we have to do this to our couple hundred machines we are not spending forever.
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 18820180
>>Is there any way to make a computer part of the domain and have it just use or upgrade the current >>local profile.

reboot, log on as admin, rename the new domain profile to domain_old, then rename the "good local profile" with the name of the profile that you just renamed.  that will make the new domain account use the old local profile since it looks for it by name.

0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 18824465
thanks alot for the points.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

My last post dealt with using group policy preferences to set file associations, a very handy usage for a GPP. Today I am going to share another cool GPP trick, this may be a specific scenario but I run into these situations frequently in my activit…
Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now