Wednesday, June 25, 2008

Roaming Profiles... just not in the computer labs - part 2

I just figured out a way to have dynamic roaming profiles. Works perfect with both Active Directory on Windows Server 2003 and AD on Windows Server 2008.

Say we have a user bob. Here are three senarios for bob:
  • Senario #1: When bob logs into a computer in his office computer we want him to get his roaming profile that has to do with his job.
  • Senario #2: When bob logs into a computer in the Computer Sciense department we want him to get his roaming profile that has specific user settings for programming and coding softare.
  • Senario #3: When bob logs into a computer in the General Access Computer Labs we want him to get a generic profile optimized for the lab system.
Here's our solution:
AD Setting: Bob's user account in Active Directory has a the profile path box set to %profilepath%.
  1. In Senario #1 above, all the computers in bobs department have a System Enviorment variable set of profilepath=\\servershare\profiles\%username%

  2. In Senario #2 above, all the computers in the Computer Science department have a System Enviorment variable set of profilepath=\\computerscience\profiles\%username%

  3. In Senario #3 above, all the computers in the General Access Computer Lab are in an OU in Active Directory that have the following Group Policy applied to them: Computer Configuration \ Policies \ Administrative Templates \ System \ User Profiles \ Only allow local user profiles = enabled ). What this does is forces the system to use the default profile on the Lab machine. When we build the image for our lab machines we setup the profile exactly like we want it and then log in with an admin account and using the profile tool under Computer Properties we copy the model profile over the top of the default User folder (hidden folder in documents and settings). Now every user that logs into the lab gets the same experiance. We also use a product called DeepFreeze, that sets the system back to original image state after every reboot.

No comments:

Post a Comment