Small Office Setup

blackarc

Member
Jun 15, 2004
26
0
0
Hey guys, I am dealing with an office that has 10 computers and a software program that needs to access files from a central location (aka server). I have considered just using workgroups, however the idea of domains and active directory struck me as the owner of the company already has W2k3 Standard Edition.

I was wondering if setting it up so a person could log into their account on any computer and their desktop would look the same (roaming user accounts?) was difficult. Also, the office is going to need to support VPN for future branches. I did purchase them a D-link firewall and VPN unit.

Sorry for the simple and basic questions, however, help would be appreciated.

Thanks!
 

casper114

Senior member
Apr 25, 2005
814
0
0
No setting up roaming user accounts is not difficult. The basic technique behind creating a roaming profile involves creating a shared folder on the server, creating the user a folder within the share, and then defining the user?s profile location through the group policy.

For example, suppose that you wanted to implement roaming profiles in your own organization. The first thing that you would have to do is to create an empty folder on one of your file servers. You can call the folder anything that you want, but I have traditionally named this folder PROFILES. After you create the Profiles folder, you must share the folder. I recommend sharing the folder in a way that gives everyone full control at the share level. I would then recommend controlling permissions at the NTFS level.

When I define the NTFS permissions, I allow everyone to have read access to the PROFILES folder. I then create sub folders for each user. The sub folder?s name should match the user?s name. As you create each user?s individual folder, you will need to define some NTFS permissions. I recommend granting the Administrator and the user full control over the folder. You should also make the user the owner of the folder. After you have set these permissions, you should block parent permissions from propagating to the folder. Otherwise, everyone will be able to read anything in the user?s profile folder.

In most situations, this will take care of the necessary permissions. However, I have seen at least one network in which the backup software was unable to backup the user?s profile directories until the backup program?s service account was granted access to each user?s folder. That is the exception rather than the rule though.

Once you have created the necessary folders and defined the appropriate permissions, it?s time to redirect the user?s profile. To do so, open the Active Directory Users and Computers console, right click on a user account, and select the Properties command from the resulting shortcut menu. When you do, you will see the user?s properties sheet. Now, select the properties sheet?s Profile tab. The very first field on the tab is the profile path. Enter the user?s profile path as: \\server_name\share_name\user_name. For example, if you created a share named PROFILES on a server named TAZ, then the path to Brien?s profile should be \\TAZ\PROFILES\Brien. Click OK and then the user?s profile will be roaming starting with the next login.