On 14-12-2023 23:10, Pluess, Tobias wrote:> One other question:
>
> If I have roaming profiles without folder redirections, users can
> login even if the network is currently down, using cached credentials.
> What would be a good way to configure a user profile that will be used
> on a laptop, which may be used while traveling, i.e. when the network
> is probably unavailable?
>
> on one hand, I like the idea that the entire profile is stored on the
> server, but on the other hand, this has indeed the big disadvantage
> that the entire profile is unavailable when the user has no network
> access.
>
I used these sources to set that up:
https://community.spiceworks.com/topic/1318592-offline-files-redirected-folders-unc-dfs-namespace-best-practices-setup
https://www.ajtek.ca/guides/the-adamj-method-for-folder-redirection-with-offline-files-part-1/
https://www.ajtek.ca/guides/the-adamj-method-for-folder-redirection-with-offline-files-part-2/
In smb.conf you can configure the csc policy per share:
1. No caching (samba: 'disable'). Disables client-side caching for the
share. Files and folders are not automatically cached locally on
clients and users cannot choose to cache files or folders locally.
2. Manual caching (samba: 'manual'). Enables manual selection of files
to be cached on the share. __This is the default setting__. By
default, no files or folders are cached on the local client. Users
can choose which files and folders they want to cache locally for
offline use.
3. Automatic document caching (samba: 'documents'). Enables user
documents to be automatically cached on the share. Only files and
folders that are accessed are cached locally.
4. Automatic program caching (samba: 'programs'). Enables programs and
user documents to be automatically cached on the share. Only files,
folders, and programs that are accessed are cached locally.
Additionally, this setting allows the client to run locally cached
executables even when connected to the network.
I have set csc policy as follows:
* [home] -> csc policy = programs
* [profiles] -> csc policy = disable
* [folders] -> csc policy = programs
* [all other shares] -> csc policy = disable
Together with the GPOs described in the links this should do the trick.
- Kees.
>
>
> On Thu, Dec 14, 2023 at 9:13?PM Kees van Vloten via samba
> <samba at lists.samba.org> wrote:
>
>
> On 14-12-2023 20:00, Stefan Kania via samba wrote:
> > If you don't delete the local profile the user will never get
the
> > roaming profile. You can also save the profile, then delete the
> > profile, let the user login and logoff and then copy the data
> back in
> > his roaming profile
>
> It is worse than that, if the machine has troubles getting the
> roaming
> profile at logon, it will create a temporary profile and after
> that you
> will not get the roaming profile anymore.
>
> Therefore I use a scheduled script that runs on boot. In case of
> trouble
> the user just has to reboot, which is probably the first thing
> they do.
>
> The script:
>
> # Remove .bak profiles, they can prevent users from getting a
> proper profile
> Get-ChildItem -Path "hklm:\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\ProfileList" | Where Name -like
"*.bak" |
> Remove-Item
> Get-ChildItem -Path "hklm:\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\ProfileGuid" | Where Name -like
"*.bak" |
> Remove-Item
>
> If this is stored (for example) in
> C:\Windows\del_temp_profiles.ps1 and
> this task in xml is stored in C:\windows\temp\del_temp_profiles.xml
>
> <?xml version="1.0" encoding="UTF-16"?>
> <Task version="1.2"
>
xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
> ?? <RegistrationInfo>
> ???? <URI>\Custom\custom_del_temp_profiles</URI>
> ?? </RegistrationInfo>
> ?? <Principals>
> ???? <Principal id="Author">
> ?????? <UserId>S-1-5-18</UserId>
> ???? </Principal>
> ?? </Principals>
> ?? <Settings>
>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
> ???? <IdleSettings>
> ?????? <Duration>PT10M</Duration>
> ?????? <WaitTimeout>PT1H</WaitTimeout>
> ?????? <StopOnIdleEnd>true</StopOnIdleEnd>
> ?????? <RestartOnIdle>false</RestartOnIdle>
> ???? </IdleSettings>
> ?? </Settings>
> ?? <Triggers>
> ???? <BootTrigger />
> ?? </Triggers>
> ?? <Actions Context="Author">
> ???? <Exec>
>
<Command>C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe</Command>
> ?????? <Arguments>-ExecutionPolicy Bypass -NonInteractive -File
> c:\Windows\del_temp_profiles.ps1</Arguments>
> ???? </Exec>
> ?? </Actions>
> </Task>
>
> then the command to get it scheduled should be
>
> schtasks /create /RU "NT AUTHORITY\SYSTEM" /XML
> C:\windows\temp\del_temp_profiles.xml
>
>
> - Kees.
>
> >
> > Am 14.12.23 um 11:48 schrieb Anders ?stling:
> >> On page 8, you mention that existing local profiles should be
> deleted.
> >> Is there any pre-cautions that should be taken before doing
> this (to
> >> prevent data loss for example)?
> >> The tutorial I straight forward for a new setup, but what is
your
> >> practice when it comes to updating an existing domain with
these
> >> features, again to prevent data loss and sad users.
> >
> >
> >
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>