Announcement

Collapse
No announcement yet.

setting up profiles and homedirs - procedure

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • setting up profiles and homedirs - procedure

    Hello,

    I'm looking for the right procedure to implement roaming profiles and homedirs.
    Currently i set up a home test lab with a server and a client

    I made a script that creates my OU's and users.
    Now when it creates the users, it grabs the data from an excel spreadsheet.
    I also included a line in this script that automatically sets the path to the profile and the homedir
    (\\server\userData\homes$ and \\server\userData\profiles$)
    I shared these two folders (share permissions - read)

    1) Does this folder need everyone - Full Control ?

    Now i want to use these account, so logon from a client with a random user account
    What i thought would happen is, the user profiles gets created and gets copied to the profiles folder on the server, same for the homedir.

    Now when i logon from the client this goes very slow, too slow i think.
    So is there something wrong with the way i set it up ? If so, what am i doing wrong ?

    Thanx in advance everyone.

  • #2
    Re: setting up profiles and homedirs - procedure

    Originally posted by spoofer View Post
    Hello,

    I'm looking for the right procedure to implement roaming profiles and homedirs.
    Currently i set up a home test lab with a server and a client

    I made a script that creates my OU's and users.
    Now when it creates the users, it grabs the data from an excel spreadsheet.
    I also included a line in this script that automatically sets the path to the profile and the homedir
    (\\server\userData\homes$ and \\server\userData\profiles$)
    I shared these two folders (share permissions - read)

    1) Does this folder need everyone - Full Control ?
    A. Never use the "everyone" group

    B. The roaming profiles share (and underlying NTFS permissions) will need to be ACLd for modify permissions for the user ID who owns the folder. It does not need full control. That's another thing to stay away from. Granting your users Full Controll allows them to play with NTFS permissions and that's a recipe for their own demise. The only one who ever needs full control is an administrator. I have yet to ever come across an application that would need full control. At most they will need MODIFY. The only 2 things that FULL CONTROL gives someone beyond MODIFY is the ability to change permissions and the ability to take ownership of files and folders.

    C. If that data folder is their home folder, you are going to need more than just READ permissions on that guy too. MODIFY should do the trick.

    Originally posted by spoofer View Post
    Now i want to use these account, so logon from a client with a random user account
    What i thought would happen is, the user profiles gets created and gets copied to the profiles folder on the server, same for the homedir.

    Now when i logon from the client this goes very slow, too slow i think.
    So is there something wrong with the way i set it up ? If so, what am i doing wrong ?

    Thanx in advance everyone.
    VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
    boche.net - VMware Virtualization Evangelist
    My advice has no warranties. Follow at your own risk.

    Comment


    • #3
      Re: setting up profiles and homedirs - procedure

      Originally posted by jasonboche View Post
      A. Never use the "everyone" group

      B. The roaming profiles share (and underlying NTFS permissions) will need to be ACLd for modify permissions for the user ID who owns the folder. It does not need full control. That's another thing to stay away from. Granting your users Full Controll allows them to play with NTFS permissions and that's a recipe for their own demise. The only one who ever needs full control is an administrator. I have yet to ever come across an application that would need full control. At most they will need MODIFY. The only 2 things that FULL CONTROL gives someone beyond MODIFY is the ability to change permissions and the ability to take ownership of files and folders.

      C. If that data folder is their home folder, you are going to need more than just READ permissions on that guy too. MODIFY should do the trick.
      Ok so what i basicly have to do is
      1) create the needed groups (place global groups in domain local groups, where i put the permissions on)
      2) place the domain local groups in the share acl for both the folders
      3) set the share permission to change

      is this correct ?

      // ok i did the steps as above and think there is still something wrong

      Now the folder for the user gets created in the profiles folder on my server
      But on the client side, i keep seeing, Loading personal data (setting up the new profile on the server probably ?)

      For NTFS permissions on both the folders
      I just had to add the correct group to the ACL of the homes share and give that usergroup modify, right ?
      Profiles share just needed the standard NTFS permissions ?
      Last edited by spoofer; 2nd May 2007, 14:24.

      Comment

      Working...
      X