RE: [Samba] Desktops for non-roaming profiles
I have used it, and I believe it fails. If you look at the link I posted, it'll explain what I experienced... Dennis -Original Message- From: Ryan Bair [mailto:[EMAIL PROTECTED] Sent: Monday, March 24, 2008 6:18 PM To: Dennis McLeod Cc: Ryan Steele; samba@lists.samba.org Subject: Re: [Samba] Desktops for non-roaming profiles I'd recommend trying USMT ( user state migration tool ) from Microsoft. It has options specifically for migrating local account data and settings to domain accounts. I have not used it for the purpose so more research would be advised before diving in. On Mon, Mar 24, 2008 at 7:39 PM, Dennis McLeod [EMAIL PROTECTED] wrote: Yeah, in my domain, it's simply a matter of logging on as the domain user, then doing the profile copy as described. I get all of the user settings, documents, Outlook Profile, etc. Just not cookies, passwords, etc. I can open Outlook, but have to re-enter their login information do download email (POP, not Exchange...). Same on some websites. Then there are permission issues, too. I made a group, (other than domainusers) put my users in there, and made that group part of the local administrators group. Does the test user have Administrator permissions on the machine. Not that you want to run this way, but a good way to test. How about a domain user with NO local account. Does that get you a new profile based off of the default profile? With or without the other issues? Good luck Dennis The whole thread I gave may be better than that particular message I pointed you at.: http://groups.google.com/group/linux.samba/browse_thread/thread/42370e da9bdb 3ef0/9c8b4de804545326?#9c8b4de804545326 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ryan Steele Sent: Monday, March 24, 2008 4:19 PM To: samba@lists.samba.org Subject: Re: [Samba] Desktops for non-roaming profiles Hi Dennis, Dennis McLeod wrote: Are you trying to use the EXISTING profile on the machine? Yeah... It's not going to be as seamless as you would like. Darn. :-) Basically, you will have to sit in front of each machine, join it to the domain, log in as the user into the domain to create the local profile), reboot (to free up the user profile - logging out doesn't work), log in as administrator, look at c:\documents and settings to get the name of the new profile (usually the username appended with a .domainname), then right click on My computer, properties, advanced, user profiles, highlight the old profile, copy to button, point it at the new user profile, change permissions to the new user (or if it's a generic profile, use everyone). Then, log back out, and in as the NEW domain user, and see what you get. It does seem to copy the desktop items (and probably other things as well), but drops me in to C:\, and I get weird behaviors. It's unable to load the Windows Classic theme (I get the error The theme could not load. Unspecified error.), and exhibits odd behaviors (loading the XP theme turns the XP theme off, for example). The permissions look right to me... It will not copy cookies or passwords (Outlook) so those will need to be fixed. How about background, appearance, etc.? None of those are preserved in my tests, though it probably has to do with the aforementioned problem (defaulting to C:\). Microsoft has a user migration tool which is supposed to do this, but it doesn't work, IMHO. I chose to migrate a few, and rebuild a few. It might take me a year, but they'll get moved, eventually. Also, I had to set local machine policy to Only allow local profiles and Prevent Roaming profile changes from Propagating to the server: Yeah, that helped. Start, Run, gpedit.msc, Computer Configuration, Administrative Templates, system, User Profiles. registry string: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] LocalProfile=dword:0001 ReadOnlyProfile=dword:0001 This might be why it's going to \TEMP. XP want's to pull down a roaming policy, but there exists none. I think that may be the case as well. If that's the case I would suspect you won't have the second (.domainname) profile in c:\documents and settings Until I changed those two entries, you're right I didn't. If you have a local user named bob, and a domain user named bob, and bob already has a local profile, if you log into the domain as bob, you should get a second profile named bob.domainname.. HTH, Dennis Here's another reference: http://groups.google.com/group/linux.samba/msg/9c8b4de804545326 That didn't seem to fly for me either. I'm interested to hear what you think with regards to it dropping me to C
Re: [Samba] Desktops for non-roaming profiles
Hey folks, Just wanted to let you know that this process worked for me: 1. Log on to the domain with the domain user. 2. Reboot 3. Log on as the local administrator 4. Copy the profile (Start - My Computer - Properties - Advanced - User Profiles), making sure to grant permissions to the domain user 5. Log off 6. Log on as the domain user. Failing to grant the permissions in step #4 was a pitfall I hit, but once I got that sorted out, the migration seemed to go well. I haven't done extensive testing on what exactly got copied over (looked okay, but it's possible cookies, passwords, etc. didn't get migrated - TBD), but upon initial inspection, things looked okay. Thanks in advance for all who provided advice and insight. Best Regards, Ryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Desktops for non-roaming profiles
Hi list, In my current organization, we aren't going to be using roaming profiles (for various reasons, it's not desired). I'm moving us from no domain controller to Samba as a PDC (with an OpenLDAP backend), and I'm trying to make the process as invisible as possible to the end users. Each XP user's local desktop exists at: C:\Documents and Settings\username ...and I'd like Samba to log them in to the domain and use that as their local desktop. Currently, on my test machines it's setting their local desktop as: C:\Documents and Settings\TEMP ...which isn't quite what I want, as the desktop icons are located in ...\username, not ...\TEMP. I don't get any errors, the Event Viewer yields nothing, and the folder C:\Documents and Settings\username has the proper permissions (as the local machine's administrator, I added them by browsing to the domain controller and selecting the user from the list) In my global section of the smb.conf, I've got: domain master = yes preferred master = yes domain logons = yes logon script = logon.bat logon drive = H: logon home = \\%N\%u ...and the [netlogon] share is pretty vanilla. I guess what I need to know is whether I can tell Samba somehow to try and first use C:\Documents and Settings\username, and THEN fall back to other options. Is this possible (and feasible)? Thanks, Ryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Desktops for non-roaming profiles
Are you trying to use the EXISTING profile on the machine? It's not going to be as seamless as you would like. Basically, you will have to sit in front of each machine, join it to the domain, log in as the user into the domain to create the local profile), reboot (to free up the user profile - logging out doesn't work), log in as administrator, look at c:\documents and settings to get the name of the new profile (usually the username appended with a .domainname), then right click on My computer, properties, advanced, user profiles, highlight the old profile, copy to button, point it at the new user profile, change permissions to the new user (or if it's a generic profile, use everyone). Then, log back out, and in as the NEW domain user, and see what you get. It will not copy cookies or passwords (Outlook) so those will need to be fixed. Microsoft has a user migration tool which is supposed to do this, but it doesn't work, IMHO. I chose to migrate a few, and rebuild a few. It might take me a year, but they'll get moved, eventually. Also, I had to set local machine policy to Only allow local profiles and Prevent Roaming profile changes from Propagating to the server: Start, Run, gpedit.msc, Computer Configuration, Administrative Templates, system, User Profiles. registry string: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] LocalProfile=dword:0001 ReadOnlyProfile=dword:0001 This might be why it's going to \TEMP. XP want's to pull down a roaming policy, but there exists none. If that's the case I would suspect you won't have the second (.domainname) profile in c:\documents and settings If you have a local user named bob, and a domain user named bob, and bob already has a local profile, if you log into the domain as bob, you should get a second profile named bob.domainname.. HTH, Dennis Here's another reference: http://groups.google.com/group/linux.samba/msg/9c8b4de804545326 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ryan Steele Sent: Monday, March 24, 2008 1:24 PM To: samba@lists.samba.org Subject: [Samba] Desktops for non-roaming profiles Hi list, In my current organization, we aren't going to be using roaming profiles (for various reasons, it's not desired). I'm moving us from no domain controller to Samba as a PDC (with an OpenLDAP backend), and I'm trying to make the process as invisible as possible to the end users. Each XP user's local desktop exists at: C:\Documents and Settings\username ...and I'd like Samba to log them in to the domain and use that as their local desktop. Currently, on my test machines it's setting their local desktop as: C:\Documents and Settings\TEMP ...which isn't quite what I want, as the desktop icons are located in ...\username, not ...\TEMP. I don't get any errors, the Event Viewer yields nothing, and the folder C:\Documents and Settings\username has the proper permissions (as the local machine's administrator, I added them by browsing to the domain controller and selecting the user from the list) In my global section of the smb.conf, I've got: domain master = yes preferred master = yes domain logons = yes logon script = logon.bat logon drive = H: logon home = \\%N\%u ...and the [netlogon] share is pretty vanilla. I guess what I need to know is whether I can tell Samba somehow to try and first use C:\Documents and Settings\username, and THEN fall back to other options. Is this possible (and feasible)? Thanks, Ryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Desktops for non-roaming profiles
Hi Dennis, Dennis McLeod wrote: Are you trying to use the EXISTING profile on the machine? Yeah... It's not going to be as seamless as you would like. Darn. :-) Basically, you will have to sit in front of each machine, join it to the domain, log in as the user into the domain to create the local profile), reboot (to free up the user profile - logging out doesn't work), log in as administrator, look at c:\documents and settings to get the name of the new profile (usually the username appended with a .domainname), then right click on My computer, properties, advanced, user profiles, highlight the old profile, copy to button, point it at the new user profile, change permissions to the new user (or if it's a generic profile, use everyone). Then, log back out, and in as the NEW domain user, and see what you get. It does seem to copy the desktop items (and probably other things as well), but drops me in to C:\, and I get weird behaviors. It's unable to load the Windows Classic theme (I get the error The theme could not load. Unspecified error.), and exhibits odd behaviors (loading the XP theme turns the XP theme off, for example). The permissions look right to me... It will not copy cookies or passwords (Outlook) so those will need to be fixed. How about background, appearance, etc.? None of those are preserved in my tests, though it probably has to do with the aforementioned problem (defaulting to C:\). Microsoft has a user migration tool which is supposed to do this, but it doesn't work, IMHO. I chose to migrate a few, and rebuild a few. It might take me a year, but they'll get moved, eventually. Also, I had to set local machine policy to Only allow local profiles and Prevent Roaming profile changes from Propagating to the server: Yeah, that helped. Start, Run, gpedit.msc, Computer Configuration, Administrative Templates, system, User Profiles. registry string: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] LocalProfile=dword:0001 ReadOnlyProfile=dword:0001 This might be why it's going to \TEMP. XP want's to pull down a roaming policy, but there exists none. I think that may be the case as well. If that's the case I would suspect you won't have the second (.domainname) profile in c:\documents and settings Until I changed those two entries, you're right I didn't. If you have a local user named bob, and a domain user named bob, and bob already has a local profile, if you log into the domain as bob, you should get a second profile named bob.domainname.. HTH, Dennis Here's another reference: http://groups.google.com/group/linux.samba/msg/9c8b4de804545326 That didn't seem to fly for me either. I'm interested to hear what you think with regards to it dropping me to C:\. The user DOMAINNAME\bob has privileges to access C:\Documents and Settings\bob.DOMAINNAME, which I overwrote with the existing profile using the Windows profile copy mechanism. Thanks for your assistance thus far. Ryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Desktops for non-roaming profiles
Yeah, in my domain, it's simply a matter of logging on as the domain user, then doing the profile copy as described. I get all of the user settings, documents, Outlook Profile, etc. Just not cookies, passwords, etc. I can open Outlook, but have to re-enter their login information do download email (POP, not Exchange...). Same on some websites. Then there are permission issues, too. I made a group, (other than domainusers) put my users in there, and made that group part of the local administrators group. Does the test user have Administrator permissions on the machine. Not that you want to run this way, but a good way to test. How about a domain user with NO local account. Does that get you a new profile based off of the default profile? With or without the other issues? Good luck Dennis The whole thread I gave may be better than that particular message I pointed you at.: http://groups.google.com/group/linux.samba/browse_thread/thread/42370eda9bdb 3ef0/9c8b4de804545326?#9c8b4de804545326 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ryan Steele Sent: Monday, March 24, 2008 4:19 PM To: samba@lists.samba.org Subject: Re: [Samba] Desktops for non-roaming profiles Hi Dennis, Dennis McLeod wrote: Are you trying to use the EXISTING profile on the machine? Yeah... It's not going to be as seamless as you would like. Darn. :-) Basically, you will have to sit in front of each machine, join it to the domain, log in as the user into the domain to create the local profile), reboot (to free up the user profile - logging out doesn't work), log in as administrator, look at c:\documents and settings to get the name of the new profile (usually the username appended with a .domainname), then right click on My computer, properties, advanced, user profiles, highlight the old profile, copy to button, point it at the new user profile, change permissions to the new user (or if it's a generic profile, use everyone). Then, log back out, and in as the NEW domain user, and see what you get. It does seem to copy the desktop items (and probably other things as well), but drops me in to C:\, and I get weird behaviors. It's unable to load the Windows Classic theme (I get the error The theme could not load. Unspecified error.), and exhibits odd behaviors (loading the XP theme turns the XP theme off, for example). The permissions look right to me... It will not copy cookies or passwords (Outlook) so those will need to be fixed. How about background, appearance, etc.? None of those are preserved in my tests, though it probably has to do with the aforementioned problem (defaulting to C:\). Microsoft has a user migration tool which is supposed to do this, but it doesn't work, IMHO. I chose to migrate a few, and rebuild a few. It might take me a year, but they'll get moved, eventually. Also, I had to set local machine policy to Only allow local profiles and Prevent Roaming profile changes from Propagating to the server: Yeah, that helped. Start, Run, gpedit.msc, Computer Configuration, Administrative Templates, system, User Profiles. registry string: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] LocalProfile=dword:0001 ReadOnlyProfile=dword:0001 This might be why it's going to \TEMP. XP want's to pull down a roaming policy, but there exists none. I think that may be the case as well. If that's the case I would suspect you won't have the second (.domainname) profile in c:\documents and settings Until I changed those two entries, you're right I didn't. If you have a local user named bob, and a domain user named bob, and bob already has a local profile, if you log into the domain as bob, you should get a second profile named bob.domainname.. HTH, Dennis Here's another reference: http://groups.google.com/group/linux.samba/msg/9c8b4de804545326 That didn't seem to fly for me either. I'm interested to hear what you think with regards to it dropping me to C:\. The user DOMAINNAME\bob has privileges to access C:\Documents and Settings\bob.DOMAINNAME, which I overwrote with the existing profile using the Windows profile copy mechanism. Thanks for your assistance thus far. Ryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Desktops for non-roaming profiles
I'd recommend trying USMT ( user state migration tool ) from Microsoft. It has options specifically for migrating local account data and settings to domain accounts. I have not used it for the purpose so more research would be advised before diving in. On Mon, Mar 24, 2008 at 7:39 PM, Dennis McLeod [EMAIL PROTECTED] wrote: Yeah, in my domain, it's simply a matter of logging on as the domain user, then doing the profile copy as described. I get all of the user settings, documents, Outlook Profile, etc. Just not cookies, passwords, etc. I can open Outlook, but have to re-enter their login information do download email (POP, not Exchange...). Same on some websites. Then there are permission issues, too. I made a group, (other than domainusers) put my users in there, and made that group part of the local administrators group. Does the test user have Administrator permissions on the machine. Not that you want to run this way, but a good way to test. How about a domain user with NO local account. Does that get you a new profile based off of the default profile? With or without the other issues? Good luck Dennis The whole thread I gave may be better than that particular message I pointed you at.: http://groups.google.com/group/linux.samba/browse_thread/thread/42370eda9bdb 3ef0/9c8b4de804545326?#9c8b4de804545326 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ryan Steele Sent: Monday, March 24, 2008 4:19 PM To: samba@lists.samba.org Subject: Re: [Samba] Desktops for non-roaming profiles Hi Dennis, Dennis McLeod wrote: Are you trying to use the EXISTING profile on the machine? Yeah... It's not going to be as seamless as you would like. Darn. :-) Basically, you will have to sit in front of each machine, join it to the domain, log in as the user into the domain to create the local profile), reboot (to free up the user profile - logging out doesn't work), log in as administrator, look at c:\documents and settings to get the name of the new profile (usually the username appended with a .domainname), then right click on My computer, properties, advanced, user profiles, highlight the old profile, copy to button, point it at the new user profile, change permissions to the new user (or if it's a generic profile, use everyone). Then, log back out, and in as the NEW domain user, and see what you get. It does seem to copy the desktop items (and probably other things as well), but drops me in to C:\, and I get weird behaviors. It's unable to load the Windows Classic theme (I get the error The theme could not load. Unspecified error.), and exhibits odd behaviors (loading the XP theme turns the XP theme off, for example). The permissions look right to me... It will not copy cookies or passwords (Outlook) so those will need to be fixed. How about background, appearance, etc.? None of those are preserved in my tests, though it probably has to do with the aforementioned problem (defaulting to C:\). Microsoft has a user migration tool which is supposed to do this, but it doesn't work, IMHO. I chose to migrate a few, and rebuild a few. It might take me a year, but they'll get moved, eventually. Also, I had to set local machine policy to Only allow local profiles and Prevent Roaming profile changes from Propagating to the server: Yeah, that helped. Start, Run, gpedit.msc, Computer Configuration, Administrative Templates, system, User Profiles. registry string: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] LocalProfile=dword:0001 ReadOnlyProfile=dword:0001 This might be why it's going to \TEMP. XP want's to pull down a roaming policy, but there exists none. I think that may be the case as well. If that's the case I would suspect you won't have the second (.domainname) profile in c:\documents and settings Until I changed those two entries, you're right I didn't. If you have a local user named bob, and a domain user named bob, and bob already has a local profile, if you log into the domain as bob, you should get a second profile named bob.domainname.. HTH, Dennis Here's another reference: http://groups.google.com/group/linux.samba/msg/9c8b4de804545326 That didn't seem to fly for me either. I'm interested to hear what you think with regards to it dropping me to C:\. The user DOMAINNAME\bob has privileges to access C:\Documents and Settings\bob.DOMAINNAME, which I overwrote with the existing profile using the Windows profile copy mechanism. Thanks for your assistance thus far. Ryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo
Re: [Samba] Desktops for non-roaming profiles
I've used it before and had mixed results, sometimes it works and other times it doesn't :-( As to the copying of profiles in general, this MSKB applies http://support.microsoft.com/default.aspx?scid=kb;en-us;811151 On 24 Mar 2008 at 21:17, Ryan Bair wrote: I'd recommend trying USMT ( user state migration tool ) from Microsoft. It has options specifically for migrating local account data and settings to domain accounts. I have not used it for the purpose so more research would be advised before diving in. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
