Avatar of Benview
Benview
Flag for Australia asked on

SBS Essentials 2011 - Hot Desk, login, User profiles, Permissions

I am migrating a peer network of some 6 XP and 6 W7 PCs into an SBS Essentials 2011 server. Several of the PCs have multiple users so I have used Pro Wiz to move their profiles to a new set of user names & Passwords on the server.

The client wants the users to hot-desk locally and remote access to any available computer. I have several access issues that I am currently working on:

1.    The profiles work but only on the PCs from which they came...... I need to have them appear on any PC.

2.    There are permission issues for the domain user names when running local software on the PCs. The XPs work better than the W7s. I get the following message: "The local policy of this system does not permit you to login interactively"


I'm needing some guidance on the best approach for these issues...

Thanks
SBSMicrosoft Server OSMicrosoft Legacy OS

Avatar of undefined
Last Comment
Benview

8/22/2022 - Mon
SOLUTION
Larry Struckmeyer MVP

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Philip Elder

Did you use the,Connect Wizard to connect those PCs? Profile migration from p2p is built in.

You can use Redirected Folders for data access across PCs.

Option: Run through users as standard and use Group Policy Preferences to deliver a domain user account to the Local Admin group on all PCs. That can be your UAC credentials account on 7.

Philip
Benview

ASKER
Back to it after the New Year break....
Yes, I used the connect wizard and have been trying to set up redirected folders but with no success.

I have used gpupdate and gpresult, both seem to indicate all is well but the users' desktops just aren't following them.

I have used a folder C:\ServerFolders\Folder Redirection.... but nothing ids being saved into it.

Any suggestions would be appreciated.....
Larry Struckmeyer MVP

The folder redirection gpo can take several restarts to take effect.  You can test all of that from the gpo console or with gpresult.  

Following them?  You mean to another computer?  That requires roaming profiles, which I discourage unless you have a very compelling need.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Benview

ASKER
I May have misunderstood the difference between roaming profiles and folder redirection....
My reading lead me to believe that folder redirection superceeded roaming profiles as it enabled you to be selective as to the items that followed the users ie Desktop and Contacts, and leave the rest such as documents behind. My client wants the users to be able to remote access to any PC that may be available and at least have some comms and be it some limited functionality.

It seems as though I may have it wrong......... comments?
Philip Elder

Roaming profiles are a PITA.

Redirected Folders tied into Offline Files works pretty good. It requires an understanding of how things work so that one can be prepared when/if a migration is required to a new redirected folder server.

Philip
Larry Struckmeyer MVP

Just for clarity, are you saying that in your environment there is not a one to one relationship between users and computers?  We normally see remote access to either the users regular desktop, or, if that is not possible, a Remote Desktop Services server (fka Terminal Server).

I discourage offline files as well, except for the traveling users that take their mobile systems out of the office and are expected to have all "their" data, in which case you must encrypt it.  Haveing all this stuff zinging around the wires everytime a use logs on/off just adds network traffic.

However, the wizards in Essentials should offer all you need.  They offer the option to redirect any portion of the user experience for Windows 7, but is more limited for XP and older.  See the chart in this document: (and review the document for a better understanding of redirected folders)

http://technet.microsoft.com/en-us/library/cc732275.aspx

Therefore, my understanding of your situation is:  You have more users than computers, and you want each user to have their profile available from any computer.  If you run the Essentials Wizard for each part of the profile each user should find his profile (fewer items for XP) moved to the server after two or more logons from the original system.  Following a successful move, that same user should get the same profile (minus the stuff from XP that cannot be redirected) on any computer.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Benview

ASKER
fl_flyfishing

You asked previously:

As for running software locally... can you give an example?  Installing software/printers and such require elevated privlidges on any modern os, but opening Word, for example, should not.

I'm still working on this.... Each PC has a software app that apparently accesses several file components to get going.
It launches OK IF:
        The user is the domain user noted at the time the PC was connected to the
        SBS-E server using the connection wizard.
It fails IF:
        The user is another domain user who has not had a previous association with that PC.

Windows 7 PCs display a dialogue saying that the application has stopped working.
Windows XP PCs display a stop window and want to sent a report to Microsoft... the report contains info relating to the appname.exe, Microsoft.Visualbasic and system.io.fileloadexception.

I'm trying to find perhaps a security setting to change on the local machine that will allow any domain users to launch local software.

Any thoughts????
ASKER CERTIFIED SOLUTION
Larry Struckmeyer MVP

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Benview

ASKER
I have given the users full access to the top of the drive but still no luck.... any trick to following the file sequence when starting an app?
Benview

ASKER
I have found that by changing the advanced property  on the Short Cut to run-as-administrator then the software will run.

So, on some PCs the software will run off the Short Cut in default mode, whilst others require the run-as-administrator box checked.

Can someone tell just what is modified behind the sceens by checking this box so I can make a more  appropriate change to user permissions.

Thanks
Your help has saved me hundreds of hours of internet surfing.
fblack61