Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Switching to mandatory profiles and default desktop for Windows 7 laptops (AD environment)

Posted on 2013-06-24
4
Medium Priority
?
989 Views
1 Endorsement
Last Modified: 2013-06-26
School environment with single domain hosted on a dual Windows server environment (comprising 1 x Windows 2008 R2 server and 1 x Windows 2003 Server).  Some desktops running Win XP, but all other desktops and ALL student laptops running Windows 7.  

Currently using roaming profiles and login scripts to map drives to users own areas, set printers etc.

I want to move away from roaming profiles to help speed up the login process.  The students don't need to be able to make any changes to their desktops so a standard 'default' desktop is required, with a couple of drives mapped on login.  The students personal data is saved to their own personal areas on a network drive, i.e  x:\\server\studentusers\username$  although occasionally they save work to a shared area on the network that is year group or key stage specific, another of the drive mappings required.

I know I need to stop the loading of roaming profiles by changing the user account properties in AD, but where do I start in configuring a standard desktop / profile, ideally held on each local drive that the students (and in fact staff) will default to when they login?  I think this is the best way forward rather than go about having to have a locally stored profile for every student/staff member on every laptop) and instead just direct the login process to use this one locally stored profile.   (More than happy to take advise if this isn't the best route!)  

The main goal is to minimise the login traffic as much as possible, hence the move away from roaming profiles, give each user a 'standard' desktop' and automatically have their drives mapped to their network drives.  

Can anyone advise me what areas I need to configure/reconfigure to get this ?  Keeping in mind that half of the staff will be logging in either to a Win XP OR Win 7 desktop as well as their Win 7 laptops.

Many thanks in advance
1
Comment
Question by:amandajgolf
  • 2
  • 2
4 Comments
 
LVL 3

Expert Comment

by:phoenix5ire
ID: 39272764
0
 

Author Comment

by:amandajgolf
ID: 39275511
Thanks for the link.   Looks good.  
Would there be anyway to copy the profile across to other laptops do you think to save me having to repeat this exercise on each of the Win 7 laptops in school?
0
 
LVL 3

Accepted Solution

by:
phoenix5ire earned 2000 total points
ID: 39276344
Unfortunately, in this situation, a copy will still be a copy no matter how get it over to another computer. The easiest way to make this happen is to create a GPO and run a script to copy the profile to each laptop/computer when the computer is on the network. What you would do is, create the default profile, when you're satisfy with the final profile, copy the default profile onto your domain DFS root, i.e,... \\yourdomain.com\sysvol\netlogon\ProfileName

Have the GPO run the script to copy the profile from your domain DFS to the local computer, you can apply this GPO to only certain laptops or container (OU). You'll want to put an "IF EXIST" statement to check if profile exist, if so, "GO TO EXIT".  This way script doesn't run the copy over/over to the same computer.  

Of course, be sure to test this before final deployment. If you have a lot of laptops, depending on the size you make your default profile and the speed of your network, your internal network or Internet will be affect if all or some computers are getting the copy at the same time.

For future workstations/laptops, just make the default profile as part of the computer's image.
0
 

Author Closing Comment

by:amandajgolf
ID: 39278759
Good advise and easy to follow instructions.  Thank you.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question