• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 871
  • Last Modified:

Active Direcotry : Netlogon and RoamingProfile


Hello Experts
I am trying to do 2 things here on the active directory.
1) Add a netlogon script to map the network drives for the user when they login.
2) Add a Roaming profile for the same user.

The users are already created on the server and I have to modify or add these extra settings.

In order to achieve this I have made the following changes

1) \\BT-SERVER-01\Clients\Setup\setup.exe /s BT-SERVER-01

:MAPDRIVES
rem Connect network drives
if exist f:\*.* new use z: /d
net use z:\\bt-server-01\Main /persisten:no

and ON User settings on the Active Directory : Right clicked the user, under Profile tab : SBS_LOGIN_SCRIPT.bat

The question I have is how would this script will get executed at what time? Do we need to manually call this script every time the user logs in or it will do this automatically when the logs in?

2) have created a new shared folder on the server
 \\BT-SharedRoamingProfile - gave everyone full access and added this path under Profile tab as "profile path"

But its not creating user roaming profile.

Please can someone advise how can I achieve the above?

Thanks
C
0
charlie324
Asked:
charlie324
  • 7
  • 6
  • 2
1 Solution
 
Mike ThomasConsultantCommented:
The logon script will run at logon, you just need to make the bat file exists in your netlogon share and that the name specified in the users profile is correct...it will seek this location for the named script by default, you do not have to do anything additional.

When creating the roaming profile in AD enter the following info

\\BT-SharedRoamingProfile\%username%


if you did this for a user called "joesmith" a folder will be created with the following path

\\BT-SharedRoamingProfile\joesmith

That is all you should need to do. when the users logos on to their pc their user profile will load from C:\Documents and Settings as per usual, however when they log off that profile will be copied to \\BT-SharedRoamingProfile\%username% when they log on from another pc that profile will then be download.
0
 
TheMakCommented:
In group policy you need to set these scripts in startup to assign computer startup scripts and apply to the OU to which you want this script to be ran,

http://technet.microsoft.com/en-us/library/cc779329(WS.10).aspx
0
 
Mike ThomasConsultantCommented:
"and ON User settings on the Active Directory : Right clicked the user, under Profile tab : SBS_LOGIN_SCRIPT.bat"

they do not need to be applied by GPO the method he has used will work just fine.


0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
charlie324Author Commented:
Hi MojoTech
thanks for your input
I have done exactly as you have suggested above but when I logon to this server neither the batch file is running nor the remote profile is being created.
please can you see the attached and advise if its correct?
thanks
screenshot.PNG
0
 
Mike ThomasConsultantCommented:
Ok when logged in as the user can you access the path

\\yourdomain\NETLOGON and does the script SBS_LOGIN_SCRIPT.bat exist at that location?

If so what happens when you double click the script? any errors?

Also while logged in as the user can they acccess

\\gr-server-01\RoamingProfiles\ChrisParson ?

If so can you create a text file and delte a text file (permissions check)




0
 
charlie324Author Commented:
\\yourdomain\NETLOGON and does the script SBS_LOGIN_SCRIPT.bat exist at that location?

Yes, it does

When I double on the batch file, it gave me the attached screen and did not mapped the drive.

When I change the script to the below and double click to run, it mapped the drive

\\GR-SERVER-01\Clients\Setup\setup.exe /s GR-SERVER-01
NET USE H: \\gr-server-01\Main

Please can you advise why it would not run my usual script mentioend above?

Thanks
batch.PNG
0
 
charlie324Author Commented:
I have logged on to this user PC and tried to logon to the domain, it logged in but again it gave errors for both profile and batch file
profie: I got access denied error
i am also unable to edit the batch file from this user account, access denied.
Could this be related to some sort of permission issues?
please advise
thanks
0
 
Mike ThomasConsultantCommented:
Users should only be able to read the scripts not modify them so you will need to do any edit as an admin.

Also how did you create the users profile folder? If no profile folder exists and you add the profile path in AD, AD will set the permissons for the user automatically, but basically just check the user has "modify" permissions on their profile folder on the file server and that they can access the path to that folder OK.


0
 
charlie324Author Commented:
Hi MojoTech
Thanks, its sorted now. It was permission issues.  

>>Also how did you create the users profile folder?

It got created automatically from the profile path, I want to delete this folder and create it manually so that I can change permissions, however it does not allowed me to either delete or change permissions on this auto created folder.

In the same batch file I want to add printer to the user as well but because the printers are installed on TCP/IP port I am unable to figure out how can I go about adding this?

net use lpt1: \\ServerName\Printer1ShareName /persistent:no

Is there anyway I can give user friendly name for the mapped drive?

This is all from me.

Thank you so much for your help
0
 
Mike ThomasConsultantCommented:
"It got created automatically from the profile path, I want to delete this folder and create it manually so that I can change permissions, however it does not allowed me to either delete or change permissions on this auto created folder"

You should not have to change permission but you can always take ownership of the folder at a later time, the main reason why you should consider letting AD take care of it is you can do all users in an OU in one go by ctrl+a to select all users then right clicking and setting the profile path using the %username% variable...saves time if you have many users.

I am not great with scripts but I use VB Scripts to map drives and printers as i find it easier and more freindly

Check this link to get you started

http://computerperformance.co.uk/Logon/logon_scripts.htm

This page has a very basic script to do both printers and drives

http://jacobddixon.wordpress.com/2010/09/08/mapping-drives-and-printers-with-vbscript/

As for friendly names for mapped drives no way, it is just "share name" on "server name" afaik
0
 
Mike ThomasConsultantCommented:
Actually here is a link to the script I use, I never wrote this script and also forget who to credit. I just want to make it clear that this is not my script....just one I use.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_25989306.html
0
 
charlie324Author Commented:
Hi,

The reason why I want to create the users folder, is because it gives me permission to see their folders and files,
In case if they started saving big files on their desktop then we will soon run out of space on the server...
is there any reason we can restrict the user to only use some space by allocating some fixed quota?

Thank you for the links for the printer mapping, because i have printers on the TCP/IP port am not sure whether that going to work however let me look into your latest link

Thanks
0
 
Mike ThomasConsultantCommented:
The printers should be connected/configured to the server using a TCP/IP Port, then you share them from the server and the users map to the servername\printername not to the printer directly.

Yes you can use disk quotas to limit the ammount of data users can save., read more here.

http://www.techrepublic.com/article/how-do-i-manage-disk-quotas-on-windows-server-operating-systems/6117811
0
 
charlie324Author Commented:
Hi again,
Thansk for the script. I have tried using by adding one drive for printer and another for the drive.
However, its not running
I have use the attached statement below to call the vbs file
I have checked the name of the group the users are connected as "Domain Users"
Please can you advice what is not correct in here? Your help is greatly appreciated.
Thanks
\\GR-SERVER-01\Clients\Setup\setup.exe /s GR-SERVER-01
START \\GR-SERVER-01\NETLOGON\Domain-Map-Drives.vbs

Open in new window

Domain-Map-Drives.vbs
0
 
TheMakCommented:
With UAC enabled you cannot map drives in a logon script that is assigned using a Group Policy Object (GPO). The GPO logon script does run, but under a different security context, so the mappings get lost,

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_7/Q_26646448.html?cid=1572#a34236396
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

  • 7
  • 6
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now