Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 436
  • Last Modified:

Changing profiles

Hello,

I'm having problems when i want to change a roaming profile into a local profile. Local users automatically get a local profile. It's when I bring the pc into our domain, that Windows thinks every domain user will use romaing profiles. The problem is when I logon with a suer that doesn't have admin rights I get the message (view the attached file)
I have a workaround but for obvious reasons i don't like that way: giving everyone full control on documents & settings.

What are my options to be able to change the profile?

Jvuz
profile.jpg
0
jvuz
Asked:
jvuz
  • 8
  • 6
  • 4
  • +2
3 Solutions
 
Tony JLead Technical ArchitectCommented:
Where are your roaming profiles stored? Have you checked the permissions on the share?

When you set the user up to have a roaming profile, are you setting them up to point to \\server\share\username ? That's the proper way (actually, \\server\share\%username% will autocomplete their own and if you ever copy a profile it should automatically update).

When the log onto the PC for the first time, it should create a c:\documents and settings\username.domain profile folder.
0
 
jvuzAuthor Commented:
We don't want to use roaming profiles, we want to use local profiles. the fact is we set it so that the profile should be stored in c:\profile. So in fact it's ket twice is D&S and in profile. We're using no Windows servers but Linux server with Samba.

0
 
Tony JLead Technical ArchitectCommented:
Apologies I read it backwards.

If they're on the domain then the profile path is most likely filled in with a roaming profile path.

Take it out and they will only use local profiles.
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
jvuzAuthor Commented:
That doesn't change anything. It cannot create a profile and therefore it's setting up a temporarily prfile/account.
0
 
Tony JLead Technical ArchitectCommented:
How did you configure the users profile path?

Have you compared permissions with Docs & Settings with the new path?

If you try a user without redirecting it, do they log on ok?
0
 
jvuzAuthor Commented:
How did you configure the users profile path? c:\profile\user
If you try a user without redirecting it, do they log on ok? No, they get a temporary profile.

Only when I give full access for everyone on both documents & settings and the profile folder, it works. When I let the homedirectory for the domainusers empty, it automaticcaly generates a roaming profile (which I don't want).

jvuz
0
 
greeboidCommented:
Firstly, What is the reason behind doing this?
Secondly, I presume you want all the profile information, ntuser.dat and documents and settings to reside on the local hard drive of the Windows XP workstation but not on the server?
Also, how have you configured their accounts in AD Users and Computers?
for example, if you navigate to the properties of the user's account in AD Users and computers, then the Profile tab and enter:\\[servername]\[sharename]\%username%
in the Profile Path: field it will save all the profile files and settings to that location (%username% being a wildcard that Windows 2003 uses to look up the user's username and substitutes it for the wildcard.
 
The simplest thing would be to use group policy and apply it to their OU.
Check out this link:

Configuring Roaming User Profiles

It will take you to a Technet article. The relevant bit is about a third of the way down.
The settings you require for this would be:
Computer -> Administrative Templates -> System ->User Profiles -> Only Allow local user profiles = Enabled
The explanation given for this setting within the Group Policy Object Editor is:
This setting determines if roaming user profiles are available on a particular computer. By default, when roaming profile users log on to a computer, their roaming profile is copied down to the local computer. If they have already logged on to this computer in the past, the roaming profile is merged with the local profile. Similarly, when the user logs off this computer, the local copy of their profile, including any changes they have made, is merged with the server copy of their profile.

Using the setting, you can prevent users configured to use roaming profiles from receiving their profile on a specific computer.

If you enable this setting, the following occurs on the affected computer: At first logon, the user receives a new local  profile, rather than the roaming profile. At logoff, changes are saved to the local profile. All subsequent logons use the local profile.

If you disable this setting or do not configure it, the default behavior occurs, as indicated above.

If you enable both the "Prevent Roaming Profile changes from propagating to the server" setting and the "Only allow local user profiles" setting, roaming profiles are disabled.

Note: This setting only affects roaming profile users.

Does this help?

0
 
greeboidCommented:
Sorry, Tony1044: I just realised I pretty much wrote what you said.
0
 
greeboidCommented:
... about the profile path, that is.
0
 
Tony JLead Technical ArchitectCommented:
:-) That's ok

I am trying to work out the "why do this?" bit too, but also the fact that it's breaking somewhere suggests a permission that should be present has been removed.

I'm trying to find the default perms for docs & settings but so far can't track 'em down.
0
 
jvuzAuthor Commented:
Like I said in my opening post, we don't use Windows servers but Linux servers with Samba, so I guess it doesn't apply to us, greeboid. sorry.
0
 
greeboidCommented:
Ah... Samba.
No windows... it pays to read things properly!

Extract from the Samba website:

The easiest type of profile to implement with Samba is the Local Profile. Local Profiles are stored on each individual computer and are not centrally located on a server. To utilize Local Profiles simply set the following directives to nothing:
logon path =
logon home =

NOTE: When using Local Profiles, Samba's "logon drive" directive has no meaning. If you still want the user's home directory on a Samba server set to a drive letter, you must set it with a Logon Script.

Even though local profiles are stored on the User's computer, it is still a good idea to redirect certain folders within their profile to a Samba Share, such as the "Documents" folder. To do this see the wiki article on implementing Windows Policies.
0
 
jvuzAuthor Commented:
Thanks alot greeboid. I'll read it an keep you guys informed. Thanks alot already!
0
 
greeboidCommented:
love to know how you get on... sorry I'm too dumb to read stuff properly!
0
 
jvuzAuthor Commented:
No probs ;)
0
 
johnb6767Commented:
I would check to see that the permissions are ok for the Docs and Setting\Default User profile folder. Users/Everyone should have "Read and Execute\List Folder Contents\Read", and SYSTEM and Admins have full control. Did you by any chance customize the Default User Profile?

Also, look at the permissions on the following reg key......

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

If there are any existing profile entries here for a user, they might still have a "CentralProfile" string value.....

Might be where the systems are thinking they are roaming for.....
0
 
Vishal PatelCommented:
You try to run the following registry in the system with such problem. Login-Problem.reg

This has solved many of my such problems. But still you will use it at your risk.
0
 
jvuzAuthor Commented:
OK, so our network administrator changed it in the samba configuration but no avail; I searched a bit on the net and I found several site where you needed to change that on the machine itself via gpedit.

to disable roaming profiles....


Start/Run/gpedit.msc
Local Computer Policy/Computer Configuration/Administrative Templates/System/User Profiles/Only Allow Local User Profiles. Local Computer Policy/Computer Configuration/Administrative Templates/System/User Profiles

Enable both the "Prevent Roaming Profile changes from propagating to the server" setting and the "Only allow local user profiles" setting.

(http://www.linuxquestions.org/questions/linux-general-1/samba-pdc-without-roaming-profiles-2-a-47604/)

but I cannot go further then Local Computer Policy/Computer Configuration/Administrative Templates. There is no system. This is probably because we don't use AD? Is there a way that I still could use this?

jvuz
0
 
jvuzAuthor Commented:
By using this (via a reg file) I managed to disable the roaming profiles.

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System]
"LocalProfile"=dword:00000001
"ReadOnlyProfile"=dword:00000001
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 8
  • 6
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now