Revert roaming profiles to local profiles?

On Windows Small Business Server 2003, how would you go about reverting
roaming profiles to local profiles for the users?

It is a home business with only 1 PC and 2 laptops attached to a 2003
Windows Small Business Server. I think it's overkill, but its what they
have presently.

They are frustrated at the long shut down and boot up times, so I thought
that moving their roaming profiles back to the desktops (especially since
there is no "roaming" taking place) would help them with this issue.

Does anyone know how this is done?

jim

 

testing 1, 2...

testing 1, 2, 3......

is this thing on?

jim

 

Hi - note that it's best to post SBS questions in
microsoft.public.windows.server.sbs - it does a lot of things its own way
and you need to be careful, as trying to do certain tasks with normal
techniques will often botch SBS badly, no matter how good a tech you are.
I'm setting up this reply to go there as well via crosspost.

And be patient, grasshopper- this is a public newsgroup. You may often need
to wait several days - and if you don't get any replies, perhaps everyone's
busy, or nobody knows the answer, or you're in the wrong group, or you need
to rephrase your question, or some combination of the above.

That all being said

To get rid of roaming profiles, simply delete the profile path from the
user's ADUC properties. Done. Next time the user logs in to their
workstation, ain't no roaming profile. Done.

That said- I use roaming profiles on my own home network as well as pretty
much all the networks I support, & personally find them very handy. Even if
you never log into another workstation, it means that replacing a failed
desktop hard drive is a lot easier. If you set up profiles properly they
should work. I'll bet your users' profiles have gotten far too large &
they're not using folder redirection.

I'm including my standard boilerplate below just in case you're interested.
Since you've got laptop users as well, you may want to enable offline files
for them in a separate GPO (put them in their own OU, created at the same
level as SBSComputers) and apply loopback processing - you won't want to
redirect anything but My Documents for them. I disable offline files in a
GPO for desktop users.

********************
General tips:

1. Set up a share on the server. For example - d:\profiles, shared as
profiles$ to make it hidden from browsing. Make sure this share is *not* set
to allow offline files/caching! (that's on by default - disable it)

2. Make sure the share permissions on profiles$ indicate everyone=full
control. Set the NTFS security to administrators, system, and users=full
control.

3. In the users' ADUC properties, specify \\server\profiles$\%username% in
the profiles field

4. Have each user log into the domain once - if this is an existing user
with a profile you wish to keep, have them log in at their usual
workstationand log out. The profile is now roaming.

5. If you want the administrators group to automatically have permissions to
the profiles folders, you'll need to make the appropriate change in group
policy. Look in computer configuration/administrative templates/system/user
profiles - there's an option to add administrators group to the roaming
profiles permissions. Do this *before* the users' roaming profile folders
are created - it isn't retroactive.

********************
Notes:

Make sure users understand that they should not log into multiple computers
at the same time when they have roaming profiles (unless you make the
profiles mandatory by renaming ntuser.dat to ntuser.man so they can't change
them, which has major disadvantages),. Explain that the 'last one out wins'
when it comes to uploading the final, changed copy of the profile. If you
want to restrict multiple simultaneous network logins, look at LimitLogon
(too much overhead for me), or this:
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768

********************
Keep your profiles TINY. Via group policy, you should be redirecting My
Documents (at the very least) - to a subfolder of the user's home directory
or user folder. Also consider redirecting Desktop & Application Data
similarly..... so the user will end up with:

\\server\users\%username%\My Documents,
\\server\users\%username%\Desktop,
\\server\users\%username%\Application Data.

[Alternatively, just manually re-target My Documents to
\\server\users\%username% (this is not optimal, however!)]

You should use folder redirection even without roaming profiles, but it's
especially critical if you *are* using them.

If you aren't going to also redirect the desktop using policies, tell users
that they are not to store any files on the desktop or you will beat them
with a stick. Big profile=slow login/logout, and possible profile
corruption.

********************
Note that user profiles are not compatible between different OS versions,
even between W2k/XP. Keep all your computers. Keep your workstations as
identical as possible - meaning, OS version is the same, SP level is the
same, app load is (as much as possible) the same.

*********************
If you also have Terminal Services users, make sure you set up a different
TS profile path for them in their ADUC properties - e.g.,
\\server\tsprofiles$\%username%

********************
Do not let people store any data locally - all data belongs on the server.

********************
The User Profile Hive Cleanup Utility should be running on all your
computers. You can download it here:
http://www.microsoft.com/downloads/...6D-8912-4E18-B570-42470E2F3582&displaylang=en

********************
Roaming profile & folder redirection article -
http://www.windowsnetworking.com/ar...e-Folder-Redirection-Windows-Server-2003.html

 

JIM How much Memory does this server have?
and what is the CPU
and RAID Configuration? RAID1 5 Etc?
Hard Drives? IDE SATA SCSI?

Lack of Memory can really cause a slow start up and shut down of any sbs
Server.
In addition look at the logs and see what errors.

In addition Define LONG?
1/2hr?

Then the Next question I have, is Why are they needing to shut it down?
Mine runs 24/7

Russ
--

SBITS.Biz
Microsoft Gold Certified Partner
Microsoft Certified Small Business Specialist.
MCP, MCPS, MCNPS, (MCP-SBS)
North America Remote SBS2003 Support - http://www.SBITS.Biz


-

"Lanwench [MVP - Exchange]"

 

If I understood the post correctly, it's an issue with the login / shutdown
time on the *workstations*.

 

"Lanwench [MVP - Exchange]"

Thanks for the pointers and for crossposting this for me. I'll subscribe to
that group as well.

They have gotten quite large, and they are not willing to delete any of the
files that they say are necessary to perform the functions of their
business. And, who could blame them?

I prefer a 2nd hard drive and Acronis True Image to roaming profiles or to
using RAID 0 or 1.

With True Image, you have daily change backups wich can help you to replace
accidentally changed or deleted files, you are better protected from viruses
and such because of the hidden Acronis Secure Zone than you are with
regular, exposed backups, and you have an image of the entire drive (which
means no re-installing applications OR data - just snap the image to the new
hard drive. Oh...and TrueImage will email me if there is a problem doing or
validating a backup - something that is invaluable when supporting many
different small businesses, and something I have yet to see on a RAID
configuration.

Wow!

Thanks for that EXCELLENT post. But, (and I probably didn't know how to ask
this right) I really need to know how to keep the current user's roaming
profile - only make it a local profile, on her local PC, instead of roaming
and on the server.

IMHO, SBS was waaaaay over the top for this small CPA business. All it is
being used for is a really expensive file server. It doesn't do anything
but serve as a repository for files. No website, no exchange use, no true
servers for client server apps, and, IMHO, no reason for SBS to be on site.

Because it is SBS, software that I typically use to backup and defrag
desktops skyrockets from $79 and $49 respectively to $679 and $249. That's
simply ridiculous for a simple file server.

If I can get the roaming profile saved back to her PC and used as a local
profile, I'll do away with SBS at this location and set up an XP Pro box for
their file server. It'll save them $800 immediately and supply ongoing
savings for their small business.

I am not against SBS. I know that there are situations where it does a
fantastic job and makes life easier for all involved (especially the
admin's). But, I also know that you need to match the OSs and systems to
the size of the business, their special technical skillset and their budget.
My predecessor, although certainly highly skilled, seemed to miss that.

Thanks for your excellent post, I am keeping it as a reference for future
use.

Now, if I can just move that profile back to the desktop.....

jim

 

"Lanwench [MVP - Exchange]"

That is correct. Logging in on a workstation can take 5-7 minutes. They
typically log in, and begin working on some paperwork or eating breakfast or
whatever while the login completes.

That is not acceptable to them or me.

jim

 

Inline -

Who suggested that they do that? Not me! Folder redirection. That's what I
suggested.

Well - okay, but that's not a reasonable comparison so it isn't really
germane. RAID's on your server & has no bearing on this (and RAID0 is
running with scissors - hardware RAID 5 would be better than 1, but 1+0 is
the best of all). And Acronis is a swell program; I use their software a
lot, but it has nothing to do with their profiles either. I know you aren't
keen on them running SBS at all - but they've got it, and you haven't
written anything that makes me think it unsuitable for them *if* you get it
set up properly.

Yes, but this is not relevant here either. On a network, data doesn't belong
on a workstation - it belongs on the server. Even in a workgroup, you should
designate one box as the "server". You can do image backups of workstations
if you want, but if your goal is to keep a server in place, I'd first focus
on fixing what's wrong.

You're most welcome

I described that already. Open the user's ADUC properties & simply remove
the profile path. When the user logs back in, take a look at the profile
status in control panel | system | advanced. It'll be local.

I'd sure hope not - websites are best outsourced.

Well, they *could* be using it as they've already got it.

Eh - that's a non-issue. A lot of small businesses don't have or need
application servers.

Easy, secured remote access. Centralized logins/passwords/security. Login
scripts. Centralized automated backups. Monitoring/reporting.
Yaddayaddayadda. Does this mean they *need* all these things or that this is
the only way to get them? Maybe not - but they already bought it, it's good
stuff, and I wouldn't immediately ditch it.

Yes, it's a pity they aren't using Exchange, but you could certainly change
that in a jiff.

NTBackup is included (SBSBackup) and works fine - and you need something
Exchange-aware. Image backups are *not* a substitute for regular full
backups in a Windows/Exchange/domain environment, although they're a useful
augmentation.

JKDefrag is free - and I don't back up desktops. I don't image them, either,
unless that's a special request. I don't store anything on a desktop I care
about - my data, and user profiles, are all on the server - if I have to
replace a workstation or do a lot of repair work I can always reinstall it.

Yes, but that's not what they've got - and a "simple file server" in a
workgroup for a CPA's office may or may not be suitable for them - PLUS they
already bought SBS.

Look, I can't say. I've seen 1- and 2- person offices that like and use the
features of SBS immensely and can't see working without it. It just appears
you've already decided that you don't want them to keep it - I'm suggesting
that you pull back a little and look at this from the standpoint that they
already *have* it and that it can be set up to work well *if* you do it
right and fix what was done badly before.

Except in labor costs, I don't see where this $ is coming from, unless they
don't have sufficient hardware to run this on as is. And there will be labor
costs involved if you pull this out, too.

Perhaps, but perhaps not...see above.

Yes, that happens. However, if you've done any work with AD/SBS before you
shouldn't find it tough to fix this so it's set up optimally & reaquires
little support. I support myriad small/medium businesses running AD &
Exchange, with or without SBS in the picture, and they require very little
regular maintenance - most of which I do remotely.

Glad you find it useful. It's based on years of experience.

That's a cinch. Just delete the path in ADUC as mentioned. But I wouldn't.


Best of luck out there.....

 

OK thanks,
I Recently was asked about a Server taking a while to shutdown.
So I associated when I didn't need to ...

Thanks LAN

Russ

--

SBITS.Biz
Microsoft Gold Certified Partner
Microsoft Certified Small Business Specialist.
MCP, MCPS, MCNPS, (MCP-SBS)
North America Remote SBS2003 Support - http://www.SBITS.Biz


-

 

<everything snipped because I may be completely off base here>

I did as you suggested (removed the path from the users account) and there
was no change in login times - approx 2 to 2.5 minutes to get past the
"applying personal settings" screen.

So, the profiles are not the problem.

I then removed the lone bat file set to run and unchecked all client
devices - still slow.

I created a new user and tested its login time - 1:50. This seems better,
but I see login times of less than 30 seconds in these cases and cannot seem
to isolate what is slowing my users logins down.

I even checked the DNS server to see that the PCs were pointed to it instead
of the DSL router.

I pinged the server and got <1ms times 1005 of the time.

Any ideas?

Perhaps I should post this line f questioning under a more appropriate
subject......

jim

 

Yep. Well - the *roaming* profiles aren't the problem now, for sure.

On this network? With this hardware?

Did you install the user profile hive cleanup tool? Try a workstation defrag
(jkdefrag is fast & free)?

Yes - that would be wise. Try posting a new message, including a bit more
(and updated) info.. Look at the event logs. Run gpupdate /force. Run
rsop.msc. You might also include the server hardware, workstation hardware,
& Ethernet hub/switch specs, as well as OS versions & SP levels.