No announcement yet.

Mandatory Profiles - Windows Xp - Wireless

  • Filter
  • Time
  • Show
Clear All
new posts

  • Mandatory Profiles - Windows Xp - Wireless

    Good Day,

    I have a current scenario issue of which help would be much appreciated.

    I work in schools and have put a new system in each of these schools. The system comprises of a 2003 Server, 20+ desktops with Windows XP Pro and 20+ laptops with Windows XP Pro. All of the computers have gigabit NICS in them and the laptops have wireless. Predominantly Atheros.

    I have created an AD structure to help categorise all the computers and users on the network. As an example you would have SCHOOL NAME as the top most level, say level 1. Then you would have DEVICES, USERS, two sub categories, level 2. Under DEVICES you would have locations ie ICT SUITE, ADMIN, YEAR6, MOBILELAPTOPS etc. Under USERS you would have MANAGEMENT, CURRICULUM, ADMIN, PUPILS etc.

    With this setup I had an issue which was that the group policy was not updating on the machines. After an exhaustive search I found that the problem was to do with the gigabit network adapters on the servers and clients. Some of these adaptors actually cause a problem with group policy updates and has something to do with the fact that they are still negotiating over the network whilst the group policy updates are meant to take place. Hence the group policy updates do not happen. See which did solve this problem but it meant setting DisableDHCPMediaSense through a registry edit. This basically means that if you pull the network lead out of the computer, it does not register it has been disconnected. On the flip side, there is a shorter timeframe for the gigabit nics to get an ip address and so they are able to get the group policy updates. Not an ideal solution and it creates its own problems as mentioned below.

    The second issue is to do with mandatory profiles on Windows XP. On Windows 2000 you could have a mandatory profile that was cached on the computer. Unfortunately on Windows XP, any mandatory profiles are deleted on boot up. I do not know why Microsoft changed this but they have and it causes me great pain.

    My problem is that I want to have a profile that the children use which cannot be changed but is stored locally to speed up log in times. There are two ways I know of for doing this which is to either turn the profile into a mandatory profile, and there are a few methods for doing this; or to change the "do not propogate to server" group policy setting to enabled. The problem with changing the profile to mandatory is that Windows XP deletes the cached profile on system boot up. I need the profiles to stay cached so that it speeds up login times. The issue with changing the group policy setting “do not propagate to server” is that this applies to computers and not users. Hence if a teacher logs in, who is allowed to change their desktop settings and the like, they will be unable to save their changes on that computer. So that rules out both of those possible solutions.

    Ideally what I would like is a way of mandatory profiles staying cached on Windows XP? If this is not possible, then at least a way of using the group policy setting “do not propagate to server” to work with users rather than computers? Alternatively a third solution that I cannot think of would be great?

    The last issue which causes a problem is specific to the laptops on the network. The laptops have to be able to boot up and log in connected to the network but also when they are not connected to the network. The laptops have to be able to receive group policy updates when they are connected to the network. The policies must also be enforced when the laptops have booted up and logged in away from the network.

    Now the laptops log in fine when they have a network cable plugged into them and they are switched on. The problem occurs when they do not have a network cable plugged in. In this instance they take a long time to log in. This is similar even if a wireless network is available and the user logs in before the wireless adapter has picked up an ip address. On top of this, if the laptop was connected to the network and then had the network cable disconnected or wireless dropped, the laptop does not recognise it is off the network. This is due to the DisableDHCPMediaSense being set. Hence if the user clicks on a network drive, they have to wait about a minute for the laptop to realise it is not connected to the network and then it finally goes into offline mode.

    If you try to log in on the laptop and it is not on the network it takes about a minute after you have hit return for the laptop to realise it is not connected to the network and then it gives you an error message to that effect before finally logging you in with the locally stored profile. This issue is aggravated with the mobile laptop trolleys in the schools which can be moved from classroom to classroom. These laptops connect to the network via a wireless connection. Again, the above issue is aggravated in this scenario as it takes about a minute plus for the laptop to get an ip address. If people try to log in before this, they get the minute wait treatment before logging in. If someone knows how to speed up the log in times that would be most helpful? Also, if there is a way to stop the error message coming up?

    Anyone who can help with any of these issues will have to be quite a technically gifted individual. I have spent nearly a year trying to sort this out. Any and all help is much appreciated.