搜尋此網誌

2011年5月18日 星期三

使用者設定檔,Roaming Profile之設定,可強制某PC不使用Roaming Profile

請參考MS的文件 http://technet.microsoft.com/en-us/library/cc738596(WS.10).aspx


利用Group Policy中的Computer Configuration\Administrative Templates\System\User Profiles\只能使用本機使用者設定檔   & 防止漫遊設定檔的變更傳播到伺服器 即可。
If you enable both the Prevent Roaming Profile changes from propagating to the server setting and the Only allow local user profiles setting, roaming profiles are disabled for that computer.

以下為詳細說明:
Configuring Roaming User Profiles
Updated: March 28, 2003
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Before you create a roaming user profile, you need to create each user account. Then, log on to a server as an administrator to create a network share to store the roaming user profiles, designate the groups of users to receive the roaming user profiles, and grant all users Full Control permissions.
Use the following procedures when you create and manage roaming user profiles.

Creating Roaming User Profiles

To perform the following procedure, you must be a member of the Account Operators group, Domain Admins group, or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. For enhanced security, consider using the Runas command to perform this procedure.

To create a roaming user profile

  1. Open Active Directory Users and Computers.
  2. Click the domain and the OU where the user account resides.
  3. Right-click the user account for which to set a roaming profile, and then click Properties.
  4. Click the Profile tab, and then type the profile path information in Profile path. (Use the full path in each user account. For example, type \\Server\ShareName\UserName.)
Another way to populate the profile path is to use an Active Directory® Service Interfaces (ADSI) script. ADSI provides a single set of interfaces for managing resources on the network. You can use ADSI in combination with Microsoft® Visual Basic® Scripting Edition (VBScript) or JScript scripts to manage Active Directory resources such as users and services.
For information about ADSI and ADSI scripts, see the Microsoft Platform SDK link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.

Changing User Profile Type from Local to Roaming

Typically, a large organization has many users with local profiles. For ease of management, you might want to change many of the local profiles to roaming profiles. Moving user’s data and settings from the workstation to a server reduces the user’s dependence on the workstation’s availability, simplifies user data management, and allows centralized account management.

To create a roaming user profile for a user that has a local profile

  1. Open Active Directory Users and Computers.
  2. Click the domain and the OU where the user account resides.
  3. Right-click the appropriate user account for which to set a roaming profile, and then click Properties.
  4. Click the Profile tab, and type the profile path information in Profile path (for example, type \\Server\ShareName\UserName).
Note
  • To change a user’s local profile to a roaming profile for a user who uses multiple computers simultaneously, the user must log off last from the computer that has the profile that the user wants to use.

Disabling Roaming User Profiles on Certain Computers

You can prevent computers from receiving roaming profiles by enabling the Only allow local user profiles policy setting, which blocks roaming profiles from being used on a computer. By default, when roaming profile users log on to a computer, the user’s roaming profile is copied to the local computer. If the user has previously logged on to this computer, the roaming profile is merged with the local profile. Similarly, when the user logs off from this computer, the local copy of the profile, including any changes the user made, is merged with the server copy of the profile.
If you enable the Only allow local user profiles policy setting, the following occurs on the affected computer: When the user first logs on, the user receives a new local profile instead of the roaming profile. At logoff, changes are saved to the local profile. All subsequent logons use the local profile.
If you enable both the Prevent Roaming Profile changes from propagating to the server setting and the Only allow local user profiles setting, roaming profiles are disabled for that computer. These policy settings are in the Computer Configuration\Administrative Templates\System\User Profiles node.

沒有留言:

張貼留言