Sounds great. Thanks. But are you also confirming that I have to use roaming profiles to use cached credentials? I have read some of the possible scenarios where roaming profiles can cause loss of information. It also seems that to keep these profiles to a reasonable size and thus keep logon times within reason, I might want to remap My Documents, Outlook Express store folder, Outlook .pst files, and possibly others. Do you have any thoughts on these issues?
Also, I am still concerned about what appears to me to be a limit on caching 50 logons. Windows 2000 security policy default is to limit the user to caching 10 previous logons with a maximum of 50. Perhaps I misunderstand this policy. Thanks again. ----- Original Message ----- From: "Doug MacFarlane" <[EMAIL PROTECTED]> To: "Scott Werschke" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, September 04, 2003 3:25 PM Subject: Re: [Samba] Laptop users as domain members; profiles > > Go ahead and add them to the domain. > > Once they have logged on to the domain once, they can disconnect from the > domain and still log onto it. They will get a message that "No Domain > Controller Was Available to Authenticate Your Logon . . . You have been > logged on with cached information." > > Profiles will get handled properly - when they come back to the domain, the > local profile is newer than the server-based one, so it will use the local > one, and write it back to the server when they log off. > > madmac > > > ----- Original Message ----- > From: "Scott Werschke" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, September 04, 2003 4:28 PM > Subject: [Samba] Laptop users as domain members; profiles > > > I would like to implement Samba as a PDC in our organization, but am > wrestling with how to handle laptop users. > > If I join them to the domain and give them a domain account, I will still > need to allow them a local account so that they can logon on the road. This > means that they will have two distinct accounts and two distinct profiles. > I could initially make the two profiles identical by copying the existing > profile to the domain profile or copying the existing profile to the default > profile before the domain profile is created, but subsequent changes to the > local profile would not be reflected in the domain profile and vice versa. > I anticipate that this could cause great headaches for users and > administrators. If a user created or edited documents, added e-mail > contacts or messages in outlook express or outlook, etc. as a domain user > while in the office, these changes would not be seen when they logged in on > the road as a local user. I am aware that I could have the users login on > the road as domain users using cached credentials, but to my knowledge (and > experiments seem to verify this) caching domain credentials is limited to > the use of roaming profiles. I would like to avoid what seem to me to be a > lot of headaches with roaming profiles, i.e., potential loss of data, > extensive logon time, etc. Further, there appears to be a limit to the > number of previous logons to cache - 50. I don't have the power to limit > the time of the trips our executives take or the number of times they are > allowed to logon on the road. > > The best solution I can come up with now is to remap there My Documents > folder, Oulook express store folder and Outlook .pst files for both accounts > to locations outside of the profiles. This is O.K. except the additional > work in setting up the client, the potential that I have missed something > critical that should be "non-exclusive" to the two profiles, and that I > don't have anyway of forcing them to login to the domain when they are in > the office. They could accidentally or intentionally login as a local user > in the office, and I would not be able to track usage in the office or > utilize logon scripts. > > I am aware that some organizations seem to have a policy of simply not > adding laptops to the domain, but with Samba this would also prevent me from > utilizing logon scripts. > > Any ideas would be appreciated. > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba