What is the best way to create and maintain multiple (nearly) identical user folders?

Posted on 2008-11-11
Last Modified: 2013-11-21
First, a little background.  We are setting up a (virtual) Windows Server 2003 machine as a secure terminal server, used to connect to customer locations.  As part of the security, we have created multiple "virtual" users in AD, where each user account is named VUser1 to VUser20, or whatever.  The actual user starts a client application on their desktop that logs into the TS server (using Remote Desktop) as one of the predefined virtual users.

There is a requirement that each actual user who logs in as one of these virtual users have exactly the same environment (application settings, etc).  Also, as time goes by and the environment needs change, we will need to update all these user folders with new files and such.

What is the best way to approach this?  Someone mentioned the default user profile, but I haven't been able to find much information on this.  Also, that doesn't address the maintenance issue.

FYI, I am primarily a programmer, not a systems guy, so what may be obvious to you may not be obvious to me...

Thanks for any help
Question by:DaveN59
    LVL 20

    Accepted Solution

    This should help.

    The best way to do this is to setup the default windows profile as you want it and everyone that logs in for the first time will inherit that profile and it will become theirs so they can modify as much as is allowed.

    Hope this helps.

    Author Comment

    Thanks!  That gives me everything I need to know about the default user profile, but I still need a way to change all existing profiles if something changes, say the addition of a new printer that everybody needs access to.

    We will actually have 4 machines and close to 90 user accounts.  It is unfeasible to logon to each separate account on each machine and make the changes manually...

    LVL 20

    Assisted Solution

    Well since you are using Win 2k3 R2 then you can deploy printers through GPO's

    If you are talking about other changes to their profiles then you can write batch files and then deploy them by using login scripts.  These can be changed by going into active directory users and computers and then open up the user accounts and then select the profile tab.  If you want a user to use a particular login script then type in the login script under the "logon Script:" heading.

    The way to create login scripts is simple.  They just have to be DOS batch files and then they are copied into the %systemroot%\SYSVOL\domain\SCRIPTS folder or you can just goto your domain controller (login as admin) and click on start and run and then type \\"servername"\netlogon  (servername being YOUR servername no quotes).  This will take you to the netlogon directory where all of the logins originate.

    A caveat to all of this is you WILL have to manually type in the login script for the user in Active directory users and computers.  So if you only have one logon script then just call it logon.bat and it will automatically be used.  You will not have to type it into the Profile box in ADUC.  If you have separate commands that you want to issue then you can create other login.bat files and place them under the netlogon directory and specify the user account(s) with that login.bat file (whatever you are going to name it).

    Hope this helps.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    This is my 3rd article on SCCM in recent weeks, the 1st ( dealing with installat…
    On a regular basis I get questions about slow RDP performance, RDP connection problems, strange errors and even BSOD, remote computers freezing or restarting after initiation of a remote session. In a lot of this cases the quick solutions made b…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now