Topic: workgroup or domain controller

[ronald1969]

I have been using SME server for a couple of years and am very satisfied.

I'm now looking for a way to manage users central and give them the oportunity to logon on any PC (all XP PC's) without having to configure every user on every PC. So all their data/desktop/settings should also be stored central.

Is this done by using SME as a domain controller. Now my SME server is working as a workgroup controller.

What are the (dis)advantages of a domain controller, how does it work and how do I configure this?

[raem]

ronald1969

> So all their data/desktop/settings should also be stored central.

Configure sme as domain controller, but also enable roaming profiles. This will allow your users to logon anywhere with the same settings. All your workstations should ideally be indentical hardware & you should also configure your workstations identically and have the same software installed on all workstations.

[Tib]

ronald1969

I found roaming profiles to be a real pain .... couldn't wait to turn it off.

Also if you use Outlook it's usless .. you still have to setup each users Outlook ... unless I was missing something. I also found Roaming Profiles you have to close down Outlook on one machine and then open it on the other if you use .pst files ... it's fine if you use IMAP.

The shutting down of a machine can take ages if you have a few users setup on a machine as well as it syncs all the profiles ... and if you just leave it to finish and turn off it sometimes doesn't because you may have access database files in your profiles and guess what ... it doesn't like them either.  You can setup rules so it ignores certain types of files but again you have to set that up on each machine seperatly ... so now your back to square one.

Over all I get less complaints now with Roaming Profiles turned off.

I have just over 40 PC users and it's not a big job to setup users on multilple machines ... not that there are so many multiple machine users anyway.

Regards,

Tib

[Tib]

All your workstations should ideally be indentical hardware

I didn't find any problems with diff hardware ... but

you should also configure your workstations identically and have the same software installed on all workstations

Software yes ... if you don't have the same software loaded on a work station and the person with more software loaded logs on then you have all sorts of errors and dead icons come up.

I still use my server as a domain controller as thats how I connect to share etc using the Logon Script

Regards,

Tib

[ronald1969]

Tib, RayMitchel,

Both thanks for your answers.

As I am very unknown to domain controllers and have always used my SME server configured as workgroup controller I do not understand what are the (dis)advantages of using the SME server as a domain controller.

Now I have made some Ibays/users/groups and have given them their correct rights to these Ibays. On every XP-machine I create networkconnections with correct Drive-letters.

Can you explain me what are the differences and most important the (dis)advantages of using a domain controller instead of a workgroup controller.

Ronald

[raem]

ronald1969

> Can you explain me what are the differences and most important the
> (dis)advantages of using a domain controller instead of a workgroup controller.

They are different security models.
All workstations that join a domain (ie logon to a domain controller) are trusted.

Search Google for more details.

[idp_qbn]

Domain Controllers allow you to manage users centrally. This can be a very significant thing, especially if you have remote users ...and remote can mean just a few rooms away not just in another building ir another city. Running between machines can be a pain.

BUT - you really need to understand Win2K and user profiles and security policies etc to get the most out of this.

Problems - there can be many if you get things wrong. The worst (even if everything is working OK) is when you allow users to have a lot of control over their desktop.....this gets included in the user profile and is downloaded when they log on and uploaded when they logoff. I have seen users with nearly a Gb of profile and they can take 10 minutes to logon over a VPN.

Basically, you need to assess how many people need roaming profiles before you decide to implement it. You may be surprised how few need that....maybe none!

If you do go down the roaming profiles path, make the profiles Mandatory so they can't change them (Remember, this is a WORK PC not their home toy) to keep the profile size down. (You can seet a max profile size but if they exceed it, they can't logoff until they reduce it and what user knows how to do that?)

There is a good link on Win2k Server stuff (which is what SAMBA is emulating) at
http://www.windowsitpro.com/windowsnt20002003faq/

Cheers - and good luck.javascript:emoticon('')
Very Happy
Ian

[cool34000]

Outlook archives aren't synchronisable as it's a database...

You have to move your PSTs on your server (in an ibay for example) and configure Outlook to use this PST instead of the one on the local machine. It works on w2k3 and w2k servers... Didn't try it on SME, but it should work i guess...