How do I host user login from server? 2

[mcrelld]

Getting feet wet with Windows 2K server.

I would like to have user authentication and home directory files centralized on the server. I would like any user to be able to login on any client PC, as if in a classroom or lab.

My W2K server is a brand new installation, and it is the only one on my network. I do have a DNS server.

Any reference to an article or FAQ would be great.

Thanks.

 

[Seaspray0]

Part of the answer depends on the operating system on the client. If it is 2000 or XP, you will first need to have those computers join the domain (right click my computer>properties>network identification tab). You will need administrator propereties on the client and you will also may need to specify a domain administrator account. Computer accounts will automatically be created in active directory for the client computers if you haven't already done so manually. For other windows clients, you will need to set the properties to log into a NT domain, and manually create computer accounts for them in active directory. Once done, any user with a domain account can log into any client.
As for centralizing the home folder, you have a few options. You can use roaming profiles (desktop icons, settings, my documents folder, start menu shortcuts, etc will be preserved no matter the client computer logged into. Create a shared folder with default share permissions (example: call it user$ on server1). In NTFS permissions (security tab), use the advanced button in NTFS permission and highlight everyone. Click the view/edit button and change the permissions to "List folder/read data" and "create folders/append data" only. In active directory users and computers, go to the profile tab for your users and set the profile path to \\server1\user$\%username% for each user you wish to use roaming profiles. When a user logs on, it will use the roaming profile. A folder will be created for each roaming user in \\server1\user$ by the system and will give each user exclusive rights only to their profile folder.
You also can redirect local paths for them as well using the same technique.
Notice that I used a dollar sign in the share. That makes it a hidden share and it won't be visible in my network places/network neighborhood but it is there. (do start>run>\\server1\share$ and you will see it).

 

[mcrelld]

Got it. Very helpful.

After visiting the 'Network ID' dialog on the client box, the next restart was followed by an appropriate network login.

The user settings and docs remained local, but I found the user profile path settings on the server.

Thanks for taking the time to tap out that post.

 

[Seaspray0]

Actually, the profile is on the server. It is cached on the client. If you log into the domain on another client computer, it will load your profile from the server. This does increase the time in the boot process depending on how big the profile gets. You may wish to institute quotas to limit the amount of space users can consume on the partition that shares the profiles (in explorer, right click drive letter>properties>quotas tab). Enable quota management now before your users access the domain, even if you don't limit disk usage to them. Quota management won't affect users who already have saved something to the drive, only users writting to the drive for the first time.

 

[mcrelld]

Apologies - not clearly written ...

First I added the client computers, the network user accounts, then from a client PC, logged on as a user of the network domain. I noticed a new user folder created on the C drive. (network user - local user dir)

Then I configured the user$ folder on the server. After logging in again on the client PCs, user folders appeared on the server. (network user - network user dir)

To test this, I would logon as fred on PC1, create a file, save to 'My Documents', and then logout. The file was not saved in the \\server\user$\fred directory, but on C drive. At the same time, Start menu items, desktop pattern, etc. did roam with the user.

Is that right? Did I create a situation by not configuring the user$ share and profile paths before the first logon?

Again, thanks.

 

[Seaspray0]

The cached profile is synchronized back to the roaming profile when the user logs off. It is supposed to copy all changes from the cache back to the profile path. The file you created should have been coppied back to the server at logoff. Since the folder was created in your share for the roaming profile, you are in good shape there. I only have 2 computers in a test environment to study for MCSE with so its a little hard for me to do alot of the functionallity of a full network environment. Answering questions in this forum helps me hone my skills on real problems so I'll be good enough to get your job. If the files are not saving right in the my documents in the profile (they're supposed to), then you can also consider redirecting the home folder as well. You can do this through AD users and computers or group policy if you wish (add group policy in an MMC and browse to the policy you wish to edit). The settings will be under user configuration\windows settings\folder redirection\my documents. right click my documents>properties. One side note: if you redirect the my documents to another share on the same drive as the profile, it will reduce logon time because the syncronization will not have to travel over a network. You are, however, really going to need a hard drive with enough space to accomodate storing everyones junk.

 

[mcrelld]

Funny, but the extent of my WIN network at the moment is two users and the server. On a seperate note, I upgraded the NIC in my server, and changed IP. Although I was aware of what to do in preparation, I was still very pleased with how well the server and clients handled this disruption. The clients cache while network services are down - what a concept!

I will do my MS homework now.

Thanks for the help.

 

[AgentM]

Is folder redirection a feature of win2Kserver
or can Win2KP do it too.

Please let me know.

Thank you.

 

[Seaspray0]

You can redirect folders for local users in windows 2000 pro. pull up computer management and pick a local user out of the users folder. Right click, properties, and look at the profile tab. You can redirect the profile as well as the home folder. Domain users are handled by the server, local users can be handled by the local machine.

 

[neutec]

You will need to create a fold used to shared your roaming profiles. Onyour server create a folder for example named Profiles). Then you will need to share this folder to everyone that has a roaming profile. After you have done that you can now add your profile path from profile tab under properties of AD Users and Computers. Make sure you use the network path, i.e. \\server_name\share_folder\%username%

Now try to login in again. This time the server has a place to store your roaming profile.

 

[ravantti]

Hi,
I was practicing the roaming profiles some time ago. The server/network structure was good and new. Even though we had lots of problems with the concept. The main thing to take in account before startin using roaming profiles are to my opinion:
1. Make sure that the workstations use the same operating system level throughout the system. For example different service pack levels may cause problems. If you have different language versions of windows it can also cause problems. To some extent you can also have problems if the same use uses laptop and desktops.
2. Make sure you have a well performing network. The loading of profile and profile updates between server and workstation can make logins and logouts relly slow.
3. Make a good plan of user policies. There are several thing that will be stored to roaming profile if you don't restrict the user rights. For example if a user is allowed to change desktop they can save big files there and the profile will grow. Then if you then restrict the size of the profile you'll sure get lots of phonecalls.
4. Check out and plan how are you going to utilize printers with roaming profiles.

Anyway, it can be done but requires good plannig to avoid extra work. I did this in an environment of 3 x W2000 servers and about 140 users. We had a brand new switched network, well performing servers and pretty new workstations running W2000. Romaing profiles worked pretty well. I would not try it again if there is a slow network or very much different workstations with different levels of operating systems.