Revert roaming profiles to local profiles?

Discussion in 'Windows Server' started by jim, Feb 29, 2008.

  1. jim

    jim Guest

    On Windows Small Business Server 2003, how would you go about reverting
    roaming profiles to local profiles for the users?

    It is a home business with only 1 PC and 2 laptops attached to a 2003
    Windows Small Business Server. I think it's overkill, but its what they
    have presently.

    They are frustrated at the long shut down and boot up times, so I thought
    that moving their roaming profiles back to the desktops (especially since
    there is no "roaming" taking place) would help them with this issue.

    Does anyone know how this is done?

    jim
     
    jim, Feb 29, 2008
    #1
    1. Advertisements

  2. jim

    jim Guest

    testing 1, 2...

    testing 1, 2, 3......

    is this thing on?

    jim
     
    jim, Feb 29, 2008
    #2
    1. Advertisements

  3. Hi - note that it's best to post SBS questions in
    microsoft.public.windows.server.sbs - it does a lot of things its own way
    and you need to be careful, as trying to do certain tasks with normal
    techniques will often botch SBS badly, no matter how good a tech you are.
    I'm setting up this reply to go there as well via crosspost.

    And be patient, grasshopper- this is a public newsgroup. You may often need
    to wait several days - and if you don't get any replies, perhaps everyone's
    busy, or nobody knows the answer, or you're in the wrong group, or you need
    to rephrase your question, or some combination of the above.

    That all being said

    To get rid of roaming profiles, simply delete the profile path from the
    user's ADUC properties. Done. Next time the user logs in to their
    workstation, ain't no roaming profile. Done.

    That said- I use roaming profiles on my own home network as well as pretty
    much all the networks I support, & personally find them very handy. Even if
    you never log into another workstation, it means that replacing a failed
    desktop hard drive is a lot easier. If you set up profiles properly they
    should work. I'll bet your users' profiles have gotten far too large &
    they're not using folder redirection.

    I'm including my standard boilerplate below just in case you're interested.
    Since you've got laptop users as well, you may want to enable offline files
    for them in a separate GPO (put them in their own OU, created at the same
    level as SBSComputers) and apply loopback processing - you won't want to
    redirect anything but My Documents for them. I disable offline files in a
    GPO for desktop users.

    ********************
    General tips:

    1. Set up a share on the server. For example - d:\profiles, shared as
    profiles$ to make it hidden from browsing. Make sure this share is *not* set
    to allow offline files/caching! (that's on by default - disable it)

    2. Make sure the share permissions on profiles$ indicate everyone=full
    control. Set the NTFS security to administrators, system, and users=full
    control.

    3. In the users' ADUC properties, specify \\server\profiles$\%username% in
    the profiles field

    4. Have each user log into the domain once - if this is an existing user
    with a profile you wish to keep, have them log in at their usual
    workstationand log out. The profile is now roaming.

    5. If you want the administrators group to automatically have permissions to
    the profiles folders, you'll need to make the appropriate change in group
    policy. Look in computer configuration/administrative templates/system/user
    profiles - there's an option to add administrators group to the roaming
    profiles permissions. Do this *before* the users' roaming profile folders
    are created - it isn't retroactive.

    ********************
    Notes:

    Make sure users understand that they should not log into multiple computers
    at the same time when they have roaming profiles (unless you make the
    profiles mandatory by renaming ntuser.dat to ntuser.man so they can't change
    them, which has major disadvantages),. Explain that the 'last one out wins'
    when it comes to uploading the final, changed copy of the profile. If you
    want to restrict multiple simultaneous network logins, look at LimitLogon
    (too much overhead for me), or this:
    http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768

    ********************
    Keep your profiles TINY. Via group policy, you should be redirecting My
    Documents (at the very least) - to a subfolder of the user's home directory
    or user folder. Also consider redirecting Desktop & Application Data
    similarly..... so the user will end up with:

    \\server\users\%username%\My Documents,
    \\server\users\%username%\Desktop,
    \\server\users\%username%\Application Data.

    [Alternatively, just manually re-target My Documents to
    \\server\users\%username% (this is not optimal, however!)]

    You should use folder redirection even without roaming profiles, but it's
    especially critical if you *are* using them.

    If you aren't going to also redirect the desktop using policies, tell users
    that they are not to store any files on the desktop or you will beat them
    with a stick. Big profile=slow login/logout, and possible profile
    corruption.

    ********************
    Note that user profiles are not compatible between different OS versions,
    even between W2k/XP. Keep all your computers. Keep your workstations as
    identical as possible - meaning, OS version is the same, SP level is the
    same, app load is (as much as possible) the same.

    *********************
    If you also have Terminal Services users, make sure you set up a different
    TS profile path for them in their ADUC properties - e.g.,
    \\server\tsprofiles$\%username%

    ********************
    Do not let people store any data locally - all data belongs on the server.

    ********************
    The User Profile Hive Cleanup Utility should be running on all your
    computers. You can download it here:
    http://www.microsoft.com/downloads/...6D-8912-4E18-B570-42470E2F3582&displaylang=en

    ********************
    Roaming profile & folder redirection article -
    http://www.windowsnetworking.com/ar...e-Folder-Redirection-Windows-Server-2003.html
     
    Lanwench [MVP - Exchange], Feb 29, 2008
    #3
  4. JIM How much Memory does this server have?
    and what is the CPU
    and RAID Configuration? RAID1 5 Etc?
    Hard Drives? IDE SATA SCSI?

    Lack of Memory can really cause a slow start up and shut down of any sbs
    Server.
    In addition look at the logs and see what errors.

    In addition Define LONG?
    1/2hr?

    Then the Next question I have, is Why are they needing to shut it down?
    Mine runs 24/7 :)

    Russ
    --

    SBITS.Biz
    Microsoft Gold Certified Partner
    Microsoft Certified Small Business Specialist.
    MCP, MCPS, MCNPS, (MCP-SBS)
    North America Remote SBS2003 Support - http://www.SBITS.Biz


    -

    "Lanwench [MVP - Exchange]"
     
    Russ \(SBITS.Biz\), Feb 29, 2008
    #4
  5. If I understood the post correctly, it's an issue with the login / shutdown
    time on the *workstations*.
     
    Lanwench [MVP - Exchange], Feb 29, 2008
    #5
  6. jim

    jim Guest

    "Lanwench [MVP - Exchange]"
    Thanks for the pointers and for crossposting this for me. I'll subscribe to
    that group as well.
    They have gotten quite large, and they are not willing to delete any of the
    files that they say are necessary to perform the functions of their
    business. And, who could blame them?

    I prefer a 2nd hard drive and Acronis True Image to roaming profiles or to
    using RAID 0 or 1.

    With True Image, you have daily change backups wich can help you to replace
    accidentally changed or deleted files, you are better protected from viruses
    and such because of the hidden Acronis Secure Zone than you are with
    regular, exposed backups, and you have an image of the entire drive (which
    means no re-installing applications OR data - just snap the image to the new
    hard drive. Oh...and TrueImage will email me if there is a problem doing or
    validating a backup - something that is invaluable when supporting many
    different small businesses, and something I have yet to see on a RAID
    configuration.
    Wow!

    Thanks for that EXCELLENT post. But, (and I probably didn't know how to ask
    this right) I really need to know how to keep the current user's roaming
    profile - only make it a local profile, on her local PC, instead of roaming
    and on the server.

    IMHO, SBS was waaaaay over the top for this small CPA business. All it is
    being used for is a really expensive file server. It doesn't do anything
    but serve as a repository for files. No website, no exchange use, no true
    servers for client server apps, and, IMHO, no reason for SBS to be on site.

    Because it is SBS, software that I typically use to backup and defrag
    desktops skyrockets from $79 and $49 respectively to $679 and $249. That's
    simply ridiculous for a simple file server.

    If I can get the roaming profile saved back to her PC and used as a local
    profile, I'll do away with SBS at this location and set up an XP Pro box for
    their file server. It'll save them $800 immediately and supply ongoing
    savings for their small business.

    I am not against SBS. I know that there are situations where it does a
    fantastic job and makes life easier for all involved (especially the
    admin's). But, I also know that you need to match the OSs and systems to
    the size of the business, their special technical skillset and their budget.
    My predecessor, although certainly highly skilled, seemed to miss that.

    Thanks for your excellent post, I am keeping it as a reference for future
    use.

    Now, if I can just move that profile back to the desktop.....

    jim
     
    jim, Feb 29, 2008
    #6
  7. jim

    jim Guest

    "Lanwench [MVP - Exchange]"
    That is correct. Logging in on a workstation can take 5-7 minutes. They
    typically log in, and begin working on some paperwork or eating breakfast or
    whatever while the login completes.

    That is not acceptable to them or me.

    jim
     
    jim, Feb 29, 2008
    #7
  8. Inline -

    Who suggested that they do that? Not me! Folder redirection. That's what I
    suggested.
    Well - okay, but that's not a reasonable comparison so it isn't really
    germane. RAID's on your server & has no bearing on this (and RAID0 is
    running with scissors - hardware RAID 5 would be better than 1, but 1+0 is
    the best of all). And Acronis is a swell program; I use their software a
    lot, but it has nothing to do with their profiles either. I know you aren't
    keen on them running SBS at all - but they've got it, and you haven't
    written anything that makes me think it unsuitable for them *if* you get it
    set up properly.
    Yes, but this is not relevant here either. On a network, data doesn't belong
    on a workstation - it belongs on the server. Even in a workgroup, you should
    designate one box as the "server". You can do image backups of workstations
    if you want, but if your goal is to keep a server in place, I'd first focus
    on fixing what's wrong.
    You're most welcome :)
    I described that already. Open the user's ADUC properties & simply remove
    the profile path. When the user logs back in, take a look at the profile
    status in control panel | system | advanced. It'll be local.
    I'd sure hope not - websites are best outsourced.
    Well, they *could* be using it as they've already got it.
    Eh - that's a non-issue. A lot of small businesses don't have or need
    application servers.
    Easy, secured remote access. Centralized logins/passwords/security. Login
    scripts. Centralized automated backups. Monitoring/reporting.
    Yaddayaddayadda. Does this mean they *need* all these things or that this is
    the only way to get them? Maybe not - but they already bought it, it's good
    stuff, and I wouldn't immediately ditch it.

    Yes, it's a pity they aren't using Exchange, but you could certainly change
    that in a jiff.
    NTBackup is included (SBSBackup) and works fine - and you need something
    Exchange-aware. Image backups are *not* a substitute for regular full
    backups in a Windows/Exchange/domain environment, although they're a useful
    augmentation.
    JKDefrag is free - and I don't back up desktops. I don't image them, either,
    unless that's a special request. I don't store anything on a desktop I care
    about - my data, and user profiles, are all on the server - if I have to
    replace a workstation or do a lot of repair work I can always reinstall it.
    Yes, but that's not what they've got - and a "simple file server" in a
    workgroup for a CPA's office may or may not be suitable for them - PLUS they
    already bought SBS.

    Look, I can't say. I've seen 1- and 2- person offices that like and use the
    features of SBS immensely and can't see working without it. It just appears
    you've already decided that you don't want them to keep it - I'm suggesting
    that you pull back a little and look at this from the standpoint that they
    already *have* it and that it can be set up to work well *if* you do it
    right and fix what was done badly before.
    Except in labor costs, I don't see where this $ is coming from, unless they
    don't have sufficient hardware to run this on as is. And there will be labor
    costs involved if you pull this out, too.
    Perhaps, but perhaps not...see above.
    Yes, that happens. However, if you've done any work with AD/SBS before you
    shouldn't find it tough to fix this so it's set up optimally & reaquires
    little support. I support myriad small/medium businesses running AD &
    Exchange, with or without SBS in the picture, and they require very little
    regular maintenance - most of which I do remotely.
    Glad you find it useful. It's based on years of experience.
    That's a cinch. Just delete the path in ADUC as mentioned. But I wouldn't.
    :)

    Best of luck out there.....
     
    Lanwench [MVP - Exchange], Mar 1, 2008
    #8
  9. OK thanks,
    I Recently was asked about a Server taking a while to shutdown.
    So I associated when I didn't need to ...

    Thanks LAN

    Russ

    --

    SBITS.Biz
    Microsoft Gold Certified Partner
    Microsoft Certified Small Business Specialist.
    MCP, MCPS, MCNPS, (MCP-SBS)
    North America Remote SBS2003 Support - http://www.SBITS.Biz


    -

     
    Russ \(SBITS.Biz\), Mar 1, 2008
    #9
  10. jim

    jim Guest

    <everything snipped because I may be completely off base here>

    I did as you suggested (removed the path from the users account) and there
    was no change in login times - approx 2 to 2.5 minutes to get past the
    "applying personal settings" screen.

    So, the profiles are not the problem.

    I then removed the lone bat file set to run and unchecked all client
    devices - still slow.

    I created a new user and tested its login time - 1:50. This seems better,
    but I see login times of less than 30 seconds in these cases and cannot seem
    to isolate what is slowing my users logins down.

    I even checked the DNS server to see that the PCs were pointed to it instead
    of the DSL router.

    I pinged the server and got <1ms times 1005 of the time.

    Any ideas?

    Perhaps I should post this line f questioning under a more appropriate
    subject......

    jim
     
    jim, Mar 1, 2008
    #10
  11. Yep. Well - the *roaming* profiles aren't the problem now, for sure.
    On this network? With this hardware?

    Did you install the user profile hive cleanup tool? Try a workstation defrag
    (jkdefrag is fast & free)?
    Yes - that would be wise. Try posting a new message, including a bit more
    (and updated) info.. Look at the event logs. Run gpupdate /force. Run
    rsop.msc. You might also include the server hardware, workstation hardware,
    & Ethernet hub/switch specs, as well as OS versions & SP levels.
     
    Lanwench [MVP - Exchange], Mar 1, 2008
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.