Hi everyone, I'm about to install a Samba PDC in a network that previously was working as a workgroup. All the users have been logging into their local machines as "administrator" and all with the same password. What I would really like to do is to move their profiles with them, but as they are all using the same username and the like I can see this is going to cause problems. So far I have been thinking about doing the following: 1) Create a second administrator account on each machine 2) Login as the second administrator and copy the "administrator" profile to another folder, renamed for the new user's username (e.g. "Documents and Settings\Administrator" -> "Documents and Settings\DOMAIN.username") 3) Change ownership/permissions on the new profile folder to match that of the new user I'm also planning on making sure that roaming profiles are disabled using the "LocalProfile" registry key that Michael Lueck recently posted about on here. Users will have a network-home folder that will be backed up which should be plenty enough for them. Can anyone point out what problems this will cause? I think there is going to be an issue with the registry, is the SID in there somewhere? How can I reset it? Is there a better way of doing this? Many thanks, Mark Lidstone IT and Network Support Administrator BMT SeaTech Ltd Grove House, Meridians Cross, 7 Ocean Way Ocean Village, Southampton. SO14 3TJ. UK Tel: +44 (0)23 8063 5122 Fax: +44 (0)23 8063 5144 E-Mail: mailto:mark.lidstone@bmtseatech.co.uk Website: www.bmtseatech.co.uk ========================================================================Confidentiality Notice and Disclaimer: The contents of this e-mail and any attachments are intended only for the use of the e-mail addressee(s) shown. If you are not that person, or one of those persons, you are not allowed to take any action based upon it or to copy it, forward, distribute or disclose the contents of it and you should please delete it from your system. BMT SeaTech Limited does not accept liability for any errors or omissions in the context of this e-mail or its attachments which arise as a result of Internet transmission, nor accept liability for statements which are those of the author and not clearly made on behalf of BMT SeaTech Limited. =========================================================================
I guess there are not too many users to move over? (also that you are using win2k/xp) There is a way to move the profiles *after* they have been joined to the PDC. Log in to the machine with the new username, this will create a new profile, log out immediately. Log in as an admin account (but not the "addministrator" that the users were using) Right click my computer > properties > advanced > user profiles > settings. Select the old account and click copy to.. choose the new user folder in documents and settings (this will warn that there is alreadyy a profile there and it will be cleared > just ok it. The last bit to do is change permission to use (or something very similar) change this to the new username (make sure you put it in the format DOMAIN\user) - this will copy the profile flawlessly to the new user, a bit slow if there are a number of them, but less than 5 or so and its a good fix. Hope that helps, H Mark Lidstone wrote:>Hi everyone, > >I'm about to install a Samba PDC in a network that previously was >working as a workgroup. All the users have been logging into their >local machines as "administrator" and all with the same password. > >What I would really like to do is to move their profiles with them, but >as they are all using the same username and the like I can see this is >going to cause problems. > >So far I have been thinking about doing the following: > > 1) Create a second administrator account on each machine > 2) Login as the second administrator and copy the >"administrator" profile to another folder, renamed for the new user's >username (e.g. "Documents and Settings\Administrator" -> "Documents and >Settings\DOMAIN.username") > 3) Change ownership/permissions on the new profile folder to >match that of the new user > >I'm also planning on making sure that roaming profiles are disabled >using the "LocalProfile" registry key that Michael Lueck recently posted >about on here. Users will have a network-home folder that will be >backed up which should be plenty enough for them. > >Can anyone point out what problems this will cause? I think there is >going to be an issue with the registry, is the SID in there somewhere? >How can I reset it? Is there a better way of doing this? > >Many thanks, > >Mark Lidstone >IT and Network Support Administrator > >BMT SeaTech Ltd >Grove House, Meridians Cross, 7 Ocean Way >Ocean Village, Southampton. SO14 3TJ. UK >Tel: +44 (0)23 8063 5122 >Fax: +44 (0)23 8063 5144 > >E-Mail: mailto:mark.lidstone@bmtseatech.co.uk >Website: www.bmtseatech.co.uk >=======================================================================>=>Confidentiality Notice and Disclaimer: >The contents of this e-mail and any attachments are intended only for >the >use of the e-mail addressee(s) shown. If you are not that person, or one >of those persons, you are not allowed to take any action based upon it >or >to copy it, forward, distribute or disclose the contents of it and you >should please delete it from your system. BMT SeaTech Limited does not >accept liability for any errors or omissions in the context of this >e-mail >or its attachments which arise as a result of Internet transmission, nor >accept liability for statements which are those of the author and not >clearly made on behalf of BMT SeaTech Limited. >=======================================================================>=> > >
Hi Hamish, There are 7 users, but I was planning on having to visit each machine separately anyway. That's basically what I was looking at doing, but you're right - doing it after joining the machine to the domain seems to make more sense. On a bit of a side note - does anyone know if it's possible to turn off roaming profiles at the Samba server end? On Windows it's an option you can set on a per-user basis, which is pretty handy. For instance, we have a couple of user accounts for testing software, and it's good to know that if something goes really screwy with the account's registry, we only have to clean it off the computer it went wrong on. Thanks, Mark Lidstone IT and Network Support Administrator BMT SeaTech Ltd Grove House, Meridians Cross, 7 Ocean Way Ocean Village, Southampton. SO14 3TJ. UK Tel: +44 (0)23 8063 5122 Fax: +44 (0)23 8063 5144 E-Mail: mailto:mark.lidstone@bmtseatech.co.uk Website: www.bmtseatech.co.uk ========================================================================Confidentiality Notice and Disclaimer: The contents of this e-mail and any attachments are intended only for the use of the e-mail addressee(s) shown. If you are not that person, or one of those persons, you are not allowed to take any action based upon it or to copy it, forward, distribute or disclose the contents of it and you should please delete it from your system. BMT SeaTech Limited does not accept liability for any errors or omissions in the context of this e-mail or its attachments which arise as a result of Internet transmission, nor accept liability for statements which are those of the author and not clearly made on behalf of BMT SeaTech Limited. ======================================================================== -----Original Message----- From: Hamish [mailto:captainmish@gmx.net] Sent: 06 July 2004 10:03 To: Mark Lidstone Cc: samba@lists.samba.org Subject: Re: [Samba] Moving Profiles I guess there are not too many users to move over? (also that you are using win2k/xp) There is a way to move the profiles *after* they have been joined to the PDC. Log in to the machine with the new username, this will create a new profile, log out immediately. Log in as an admin account (but not the "addministrator" that the users were using) Right click my computer > properties > advanced > user profiles > settings. Select the old account and click copy to.. choose the new user folder in documents and settings (this will warn that there is alreadyy a profile there and it will be cleared > just ok it. The last bit to do is change permission to use (or something very similar) change this to the new username (make sure you put it in the format DOMAIN\user) - this will copy the profile flawlessly to the new user, a bit slow if there are a number of them, but less than 5 or so and its a good fix. Hope that helps, H Mark Lidstone wrote:>Hi everyone, > >I'm about to install a Samba PDC in a network that previously was >working as a workgroup. All the users have been logging into their >local machines as "administrator" and all with the same password. > >What I would really like to do is to move their profiles with them, but>as they are all using the same username and the like I can see this is >going to cause problems. > >So far I have been thinking about doing the following: > > 1) Create a second administrator account on each machine > 2) Login as the second administrator and copy the"administrator">profile to another folder, renamed for the new user's username (e.g. >"Documents and Settings\Administrator" -> "Documents and >Settings\DOMAIN.username") > 3) Change ownership/permissions on the new profile folder tomatch>that of the new user > >I'm also planning on making sure that roaming profiles are disabled >using the "LocalProfile" registry key that Michael Lueck recently >posted about on here. Users will have a network-home folder that will >be backed up which should be plenty enough for them. > >Can anyone point out what problems this will cause? I think there is >going to be an issue with the registry, is the SID in there somewhere? >How can I reset it? Is there a better way of doing this? > >Many thanks, > >Mark Lidstone >IT and Network Support Administrator > >BMT SeaTech Ltd >Grove House, Meridians Cross, 7 Ocean Way >Ocean Village, Southampton. SO14 3TJ. UK >Tel: +44 (0)23 8063 5122 >Fax: +44 (0)23 8063 5144 > >E-Mail: mailto:mark.lidstone@bmtseatech.co.uk >Website: www.bmtseatech.co.uk >======================================================================>>=>Confidentiality Notice and Disclaimer: >The contents of this e-mail and any attachments are intended only for >the >use of the e-mail addressee(s) shown. If you are not that person, orone>of those persons, you are not allowed to take any action based upon it >or >to copy it, forward, distribute or disclose the contents of it and you >should please delete it from your system. BMT SeaTech Limited does not >accept liability for any errors or omissions in the context of this >e-mail >or its attachments which arise as a result of Internet transmission,nor>accept liability for statements which are those of the author and not >clearly made on behalf of BMT SeaTech Limited. >======================================================================>=> > >
Hi Jonathan,
Thanks for that information. Looks like I've got a bit of light reading
to do tonight.
As for the Logon Path stuff at the end, I suppose it could be expanded
(albeit messily) to having "include = smb.conf.%U" and a default
"logon
path" setting in smb.conf and have separate "smb.conf.username"
files
with "logon path" (and any other per-user settings) overridden? E.g.
smb.conf
[global]
logon path = //server/profile
include = smb.conf.%U
[profile]
directory = /home/profiles/%U
browseable = no
smb.conf.testuser
[global]
logon path =
Thanks again,
Mark Lidstone
IT and Network Support Administrator
BMT SeaTech Ltd
Grove House, Meridians Cross, 7 Ocean Way
Ocean Village, Southampton. SO14 3TJ. UK
Tel: +44 (0)23 8063 5122
Fax: +44 (0)23 8063 5144
E-Mail: mailto:mark.lidstone@bmtseatech.co.uk
Website: www.bmtseatech.co.uk
========================================================================Confidentiality
Notice and Disclaimer:
The contents of this e-mail and any attachments are intended only for
the
use of the e-mail addressee(s) shown. If you are not that person, or one
of those persons, you are not allowed to take any action based upon it
or
to copy it, forward, distribute or disclose the contents of it and you
should please delete it from your system. BMT SeaTech Limited does not
accept liability for any errors or omissions in the context of this
e-mail
or its attachments which arise as a result of Internet transmission, nor
accept liability for statements which are those of the author and not
clearly made on behalf of BMT SeaTech Limited.
========================================================================
-----Original Message-----
From: Jonathan Johnson [mailto:jon@sutinen.com]
Sent: 06 July 2004 16:27
To: Mark Lidstone
Cc: Hamish; samba@lists.samba.org
Subject: RE: [Samba] Moving Profiles
I've done this many times. More than I care to admit. :-)
Here's an archive of a previous post that I made on the subject:
http://lists.samba.org/archive/samba/2004-June/087799.html
You'll also want to read this afterthought:
http://lists.samba.org/archive/samba/2004-June/087800.html
My instructions are basically the same, but more detailed; one VERY
important thing you will need to do is manually edit the user's registry
hive to change paths (see the first link for instructions). Also, you'll
need to join the domain and log in with the new username BEFORE
migrating the profile, as WinNT/2K/XP will create a new profile with an
unused folder name for a new logon.
This means that if you log in for the first time as 'fred' and there is
no 'fred' profile, a profile named 'fred' will be created. If
there IS a
'fred' profile, or even an empty folder named 'fred', then the
new
profile will be named 'fred.DOMAIN' or 'fred.000'. If
there's already a
'fred.DOMAIN' or 'fred.000' folder, then the new profile will be
named
'fred.DOMAIN.000' or 'fred.001' and so on. It's messy, but
NT et al is
paranoid about destroying data in this context.
As for diabling roaming profiles, see the 'Logon Path' parameter:
http://us2.samba.org/samba/docs/man/smb.conf.5.html#LOGONPATH
hint: include 'Logon Path =' (no paramaters) to disable roaming profiles
altogether.
--Jon Johnson
Sutinen Consulting, Inc.
jon@sutinen.com
On Tue, 6 Jul 2004, Mark Lidstone wrote:
> There are 7 users, but I was planning on having to visit each machine
> separately anyway. That's basically what I was looking at doing, but
> you're right - doing it after joining the machine to the domain seems
> to make more sense.
>
> On a bit of a side note - does anyone know if it's possible to turn
> off roaming profiles at the Samba server end? On Windows it's an
> option you can set on a per-user basis, which is pretty handy. For
> instance, we have a couple of user accounts for testing software, and
> it's good to know that if something goes really screwy with the
> account's registry, we only have to clean it off the computer it went
> wrong on.
>
> -----Original Message-----
> From: Hamish [mailto:captainmish@gmx.net]
> Sent: 06 July 2004 10:03
> To: Mark Lidstone
>
> I guess there are not too many users to move over? (also that you are
> using win2k/xp) There is a way to move the profiles *after* they have
> been joined to the PDC.
> Log in to the machine with the new username, this will create a new
> profile, log out immediately. Log in as an admin account (but not the
> "addministrator" that the users were using) Right click my
computer >
> properties > advanced > user profiles > settings. Select the old
account>
> and click copy to.. choose the new user folder in documents and
> settings
>
> (this will warn that there is alreadyy a profile there and it will be
> cleared > just ok it. The last bit to do is change permission to use
(or>
> something very similar) change this to the new username (make sure you
> put it in the format DOMAIN\user) - this will copy the profile
> flawlessly to the new user, a bit slow if there are a number of them,
> but less than 5 or so and its a good fix.
> Hope that helps,
> H
>
> Mark Lidstone wrote:
>
> >Hi everyone,
> >
> >I'm about to install a Samba PDC in a network that previously was
> >working as a workgroup. All the users have been logging into their
> >local machines as "administrator" and all with the same
password.
> >
> >What I would really like to do is to move their profiles with them,
but>
> >as they are all using the same username and the like I can see this
is > >going to cause problems.
> >
> >So far I have been thinking about doing the following:
> >
> > 1) Create a second administrator account on each machine
> > 2) Login as the second administrator and copy the
> "administrator"
> >profile to another folder, renamed for the new user's username
(e.g.
> >"Documents and Settings\Administrator" -> "Documents
and
> >Settings\DOMAIN.username")
> > 3) Change ownership/permissions on the new profile folder to
> match
> >that of the new user
> >
> >I'm also planning on making sure that roaming profiles are disabled
> >using the "LocalProfile" registry key that Michael Lueck
recently
> >posted about on here. Users will have a network-home folder that
will > >be backed up which should be plenty enough for them.
> >
> >Can anyone point out what problems this will cause? I think there is
> >going to be an issue with the registry, is the SID in there
somewhere? > >How can I reset it? Is there a better way of doing this?
> >