[CNBarnes]

Here's the situation - I run a student computer lab of about 20 machines for my department. The software we have installed on these computers is specific to our department (and licensed only for our machines).

The students all already have an account in a domain, managed by another department (that department runs the "general purpose labs" that all students on campus use). I have permissions to join the computers in the student lab to their domain (in our own OU), but nothing else.

Note: that means I do not have access to the users accounts themselves (ie. no access to Active Directory Computers & Users). This is a key fact to remember....


The folks that run the generic labs don't want the students to use their normal roaming profile when they logon in my lab (says doing that corrupts too many profiles - and frankly, I believe them). Honestly, I'd rather the students use a mandatory profile when they logon in my lab anyway. So....

I followed the directions on http://www.tweakxp.c...ticle37356.aspx to create a mandatory profile on the local machine.


MY PROBLEM IS that I have no way to assign this mandatory profile to the students that logon in my lab. Note that even if I did have access to ADCU on the DC, I wouldn't want to modify the student's profile location - the mandatory profile setting needs to take place ONLY when they logon in my lab. If they goto another lab, they need to get their normal (roaming) profile.


Can this even be done?

.... by me, or do the Admins of the DC need to do it (in a policy)?

........ How?

[Advertisements]

Hmmm. 10 views, but no comments. This isn't a good sign.

[CNBarnes]

Hmmm. 10 views, but no comments. This isn't a good sign.

[dsenette]

you would have to have a separate domain with separate users for each student

any profile assignments made on the domain user level take effect over any other OU placement (i.e. you can have a user in the "special lab" ou...but if the profile applies to the "general lab" settings...then the general lab settings will apply) there's no way for the user to use one roaming profile on X computer and a different one on Z computer


i personally couldn't see where logging on to a different machine would corrupt the roaming profile...but...I'm open to the concept that it's possible

when they use the computers in your lab.....are they just using the machines for the specific software that you're using? i mean...is the only purpose for them logging on there to do work in that one class? if so you COULD just set up a "default" user for that lab....or you could get special and create a separate domain...but then you'd need to recreate users etc..

[Commodore64]

Make a default local account for the PC's in your lab. Have all the users log in with that account. If they need to access network resources or save thier data to network resources, map a drive or make shortcuts to the network resources, when they try to access the network resources it will prompt them for thier domain username and password which they can enter.

Just remember when prompted for the name and password they must type in this format:

*DOMAIN\Username
*password

Edited by Commodore64, 06 September 2007 - 03:06 PM.

[CNBarnes]

you would have to have a separate domain with separate users for each student

Doing that would pretty much defeat one of the main objectives - to allow the students to use a userid/password they already own (single signon is a big deal around here).

Not to mention that my department doesn't own a single Windows server (we're a Linux shop), so we're not about to put up one just for students. There is an underlying tone (among the faculty) that "they ought to learn *nix anyway".

any profile assignments made on the domain user level take effect over any other OU placement (i.e. you can have a user in the "special lab" ou...but if the profile applies to the "general lab" settings...then the general lab settings will apply) there's no way for the user to use one roaming profile on X computer and a different one on Z computer

Isn't there a setting in Group Policies (which could be set for my OU) which can simply turn off roaming profiles (I was told that this was possible...). If that is the case, I guess I could just allow folks to logon, and create a local profile (based on the local "c:\doc-set\default users\" directory). Yes, when they logoff, that profile would persist - but I can clean those up with a script run every time the machine is rebooted.

Would this be a workable alternative?

[dsenette]

i THINK i recall a setting that could do that...but i'll have to research that (not enough time left today to do it)...

[CNBarnes]

i THINK i recall a setting that could do that...but i'll have to research that (not enough time left today to do it)...

I found a pretty good article that talks about it
http://searchwinit.t...roupPolch08.pdf
(that is only Chapter 8)

The part about GP and profiles is about halfway down, on page 352.