Solved

Laptops on Active Directory and Off

Posted on 2007-03-29
10
1,124 Views
Last Modified: 2012-05-05
We are currently in the middle of changing over from a workgroup to active directory.  So far so good except we are getting ready to switch over the laptops and have a few questions.

As I understand it when you are signed in to the domain you have a user porfile under documents and setting in XP or 2000.  You would have a differnet profile (local) when you sign directly onto the machine.  Take for example my machine.  I would use it here on the network/domain and when I leave here and go home I would use it there and since I don't have access to domain at home I would login locally correct?  Now as I understand it I would have to profiles on the machine.  My domain and my local.  What happens with mail profiles and my documents.  Is there anyway to point the local profile at the domain profile?  Or how does everyone else handle this?  Or am I missing something really easy?
0
Comment
Question by:stuart100
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
  • +1
10 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 18816468

You can't just use Cached Credentials on the laptop while out of the office? That is, just logon to the Domain as if you were connected.

All documented here:

http://support.microsoft.com/kb/913485

Chris
0
 
LVL 13

Expert Comment

by:strongline
ID: 18816730
when the laptop is off corp network, you can still "log" into domain with Cached Credential, as Chris pointed out, which will let you use your domain profile.

Further to that, if you want your profile to follow you when you switch to a different workstation/laptop, what you need is a roaming profile on file server.
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 18816862
your easiest option is to use cached login credentials, but do answer your question " Is there anyway to point the local profile at the domain profile?"

yes, i have done this before and it worked fine.  You simply point the local account and the domain account to the same profie.  I used 'tweakui' to make the changes.  TweakUi just makes the registry changes for you which makes it easier.
0
What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

 

Author Comment

by:stuart100
ID: 18818305
Chris-Dent - Thank you I did not even know that existed....Now that article you sent me explains what it is but not how to set it up for our 2000 and XP and Vista Laptops.  Is it built right in and will do it automoaticly or is that something I have to set on the Domain controller?

Mikeleebria - Thank you for the exact answer that is helpful to know also.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18819073

It's built in and happens automatically, never anything I've had to configure.

Chris
0
 

Author Comment

by:stuart100
ID: 18819171
One last question after reading about this it seems interesting because it also says the security rights for the user.  What happens if you switch the user from an admin on a machine to a power user. Do you have to clear the cached rights?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18819189

I don't believe so, local permissions and group membership can still be enumerated without the domain.

Chris
0
 

Author Comment

by:stuart100
ID: 18819373
Ok so I totally lied I have one more question.  Lets say we have a machine that has a perfectly working local profile working on the workgroup.  We would like to make that computer join the domain.  When we do it creates a whole new profile.  THis means we have to resetup mail / drives / etc.  Is there any way to make a computer part of the domain and have it just use or upgrade the current local profile.  That way when we have to do this to our couple hundred machines we are not spending forever.
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 18820180
>>Is there any way to make a computer part of the domain and have it just use or upgrade the current >>local profile.

reboot, log on as admin, rename the new domain profile to domain_old, then rename the "good local profile" with the name of the profile that you just renamed.  that will make the new domain account use the old local profile since it looks for it by name.

0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 18824465
thanks alot for the points.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Let's recap what we learned from yesterday's Skyport Systems webinar.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question