Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Questions about Domain Controllers...


  • Please log in to reply
9 replies to this topic

#1 David Ashcroft

David Ashcroft

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 12 January 2011 - 07:58 AM

I have been playing with Domain Controllers on my virtual machines for a couple of days now, i am finding it a little overwhelming but im starting to understand it a little now (i think)...

I just have a few more questions

1. When you delete an item to the Recycle bin it appears to vanish into thin air, is there any way i can recover the items from the recycle bin, or would it be possible to make all deleted items go to a location on the server so that they can be recovered later if needed....

2. Is there any way i can make a default desktop? Ill use my College as an Example: When we logon all the desktop icons are organised is a particular order....we can delete the icons, create more icons, move them around etc...however when we log off and back on again, they are back to the default setting, how would i go about setting this type of thing up?

3. At the moment if a Windows update becomes available it says you need administrative permissions to be able to install them, is there a way i can give users certain rights to update and install certain software to the computer, if so then how would i go about doing this ?

4. I have been using the Group Policy Manager obviously to apply policies to groups, however i have found to make any changes happen i run gpupdate/force, do i also need to run this on the client computers? Because i have found that i need to restart the client computers to get most policies i change to update...If i do need to run the command, is there anyway i can do it from the server instead of having to go to each individual client computer...

5. I use software that allows me to remote access each computer, issue commands etc, its called NetOP.... Is there any way i can get this software to start running when the computer is turned on (and the logon screen is showing) without any users actually having to login for it to load the software?

I THINK that this is all the questions i have for the moment...Anyone who is able to help, i appreciate it very much!

BC AdBot (Login to Remove)

 


#2 Baltboy

Baltboy

    Bleepin' Flame Head


  • BC Advisor
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:12:02 PM

Posted 12 January 2011 - 04:21 PM

1. Not sure what you mean here. The recycle bin should work the same way as all windows OS's. If you delete a file/folder it should go to the recycle bin. open the bin the deleted files/folders should be there and you right click the file and select restore.

2.What you are looking for here is called a Mandatory profile. Basically choose one user, login and create the desktop profile you want. Copy that profile to a folder all users have access to and rename the extension to ".man" (without the quotes of course). Now when you create a new user point them to the mandatory profile in the user settings in AD users and computers. Existing users can be changed by pointing their profile to the mandatory profile as well but they will not be able to access anything they stored prior on the desktop after that change.

3.Are you talking about the server here or the workstations? For the workstations you can make the user a local admin if need be then they should be able to install the updates.

4.If the client computer is logged off the next time someone logs on the new group policy will be enforced.

5. I have never tried to do this and I'm not sure if it is possible. It would have to be a registry edit for sure. Either in HKLM or HKU. I would try the HKU\software\microsoft\windows\currentversion\run and add a new key that loads the exe for the program.
Get your facts first, then you can distort them as you please.
Mark Twain

#3 David Ashcroft

David Ashcroft
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 12 January 2011 - 04:36 PM

Thanks for the reply, helped a lot! :)

As for the Recycle bin, I can confirm that when an item is deleted it does not go to the recycle bin..However, I think I know why now...The Desktop, My Documents folders etc are set to redirect to a folder on the Server (I did this so that any user is able to logon from any computer and still be able to access their files and folders, did I do this right or is there another method to allow users to access their files regardless of the computer they are logged onto?) The computers must be picking up the desktop and my documents as a network location (which technically it is) and when you delete a file on a shared drive on network it doesn't go to the recycle bin...Is there a way to stop files from deleting in this way as as far as i am aware its pretty much delete forever right ?

Finally, for the updates...Ideally I would not like to give the users local admin, because then it means they will be able to edit administrative settings on that computer right? I don't really want them to do that at all, I just want it so for example, if an adobe flash player update or windows update etc becomes available..then they are able to update it :)

Thanks very much again for the reply, much appreciated! :)

Sorry if I seem really dumb by the way, brand new to all this, just trying to learn by asking questions and getting some hands on experience with it, best way to learn imo :)

#4 Baltboy

Baltboy

    Bleepin' Flame Head


  • BC Advisor
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:12:02 PM

Posted 12 January 2011 - 05:32 PM

I think your recycle bin problem is due to the desktop redirect. In order to make the user logon to the same desktop regardless of the computer is called a roaming profile. See the article here: http://technet.microsoft.com/en-us/library/cc738596(WS.10).aspx

As a local administrator(ie meaning their machine only) they will only be able to do administrative things that relate to the local computer like install printers, device drivers, updates, programs, ect. They cannot change or do anything that has to do with group policy or the domain as that requires them to be a domain leveladministrator.
Get your facts first, then you can distort them as you please.
Mark Twain

#5 David Ashcroft

David Ashcroft
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 12 January 2011 - 06:56 PM

Roaming Profiles seem to work MUCH better :) !!

How does it know what files to move to the server though?

For example Email storage in outlook express? How would it know to move that to the server and not keep it locally just on that computer...

Is there any way to change what it takes to the server and what comes from the local machine?

Thanks very much so far :)



EDIT:

Also, i tried to log on before and it came up "cannot move roaming profile from server to local area" or something similar.. i believe it was because i was logged on 2 times... Is it possible to make it so the computer does not allow logins if the server is not connected....

Edited by David Ashcroft, 12 January 2011 - 07:03 PM.


#6 Baltboy

Baltboy

    Bleepin' Flame Head


  • BC Advisor
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:12:02 PM

Posted 12 January 2011 - 09:07 PM

Basically almost all of the relevant user info is in their documents and settings folder so I assuming it moves them to the server. As far as I know there is no way to modify what it moves to form a roaming profile.

The domain setup at the workstation should not allow you to log on if the domain server is not available. You could however change the domain at the login to local and it would allow you into the computer. If you were using a roaming profile of course none of your stuff would be there and you would not have access to domain resources.
Get your facts first, then you can distort them as you please.
Mark Twain

#7 David Ashcroft

David Ashcroft
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 13 January 2011 - 01:50 PM

Baltboy, i would just like to thank you very much for all the help you have given me so far :)

Much appreciated!

I set up domain controllers at work today, took pretty much all day to get everything working correctly and test it all out....some some software related issues but managed to resolve all the issues :) Works great!

I think these are my final couple of questions for the time being, and I hope you can help me with them :)

The first question is about the Roaming Profiles...When a user with a Roaming Profile logs onto a computer, it creates their files etc locally on the machine in C:/documents and settings/USERNAME HERE...as well as this is also stores the copies on the server...When the user logs off it still keeps the copy of documents and settings locally....is there any way you can get this to remove the files locally after a certain amount of time...i am just thinking for example in a learning environment where users are moving around all the time, if it was to create local copies all the time, the local hard drive would fill up pretty quickly right?

The second question is that i need to map network drives when users login, i have done this using a simple script that runs when users login, is there a different way to auto map network drives for users when they login, or is the script the best way?

Thanks again!

#8 Baltboy

Baltboy

    Bleepin' Flame Head


  • BC Advisor
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:12:02 PM

Posted 16 January 2011 - 12:19 PM

Never bothered to look if they were saved locally before...... :blink: You learn something new everyday!! I always assumed that they were only saved on the server after they logged out of the client. Did some reading and it seems that the local cache is meant to speed up login times and reduce network overhead. As you said though it will really clog up the drives with a lot of different people using it. One way to reduse the local caching is to use redirected files....which you had already done before... however I think the major malfunction was that you had not established the roaming profile properly first. This will lower but not completely eliminate the local copy because some of the files need to be locally located in order for some portions of windows and aome programs to work properly. Try redirecting the my documents, desktop, and applcation data folders should save lots of space. oh and if you use a mandatory profile you can eliminate redirecting the desktop since it will not save any changes anyhow.

As far as mapping network drive prefer to use log on/log off scripts for two reasons. One it allows me to create differnt scripts for differnet groups or user needs. Two you can change them anytime and they are run as updated the next time the user logs in. The only thing I do is create one script that creates the drives and a seperate script that disconnects the drive a log off. Sometimes if all of the commands are in one script the OS will attempt to run the script before the mapped drive from the last time the script was run is logged of which results in an annoying error message...and an annoying number of calls from the end users. Using a separate log off script eliminates this potential conflict...and headaches!!!! :)
Get your facts first, then you can distort them as you please.
Mark Twain

#9 David Ashcroft

David Ashcroft
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 18 January 2011 - 09:22 PM

Never bothered to look if they were saved locally before...... :blink: You learn something new everyday!! I always assumed that they were only saved on the server after they logged out of the client. Did some reading and it seems that the local cache is meant to speed up login times and reduce network overhead. As you said though it will really clog up the drives with a lot of different people using it. One way to reduse the local caching is to use redirected files....which you had already done before... however I think the major malfunction was that you had not established the roaming profile properly first. This will lower but not completely eliminate the local copy because some of the files need to be locally located in order for some portions of windows and aome programs to work properly. Try redirecting the my documents, desktop, and applcation data folders should save lots of space. oh and if you use a mandatory profile you can eliminate redirecting the desktop since it will not save any changes anyhow.

As far as mapping network drive prefer to use log on/log off scripts for two reasons. One it allows me to create differnt scripts for differnet groups or user needs. Two you can change them anytime and they are run as updated the next time the user logs in. The only thing I do is create one script that creates the drives and a seperate script that disconnects the drive a log off. Sometimes if all of the commands are in one script the OS will attempt to run the script before the mapped drive from the last time the script was run is logged of which results in an annoying error message...and an annoying number of calls from the end users. Using a separate log off script eliminates this potential conflict...and headaches!!!! :)


After all the help you have given me im glad i managed to alert you to something new ;)

Thanks again for all the help, it really is much appreciated, and thanks to you ive learnt an awful lot more than what i would have done on my own :)

Thanks again!

#10 Baltboy

Baltboy

    Bleepin' Flame Head


  • BC Advisor
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:12:02 PM

Posted 19 January 2011 - 08:43 PM

no problem. :thumbup2:
Get your facts first, then you can distort them as you please.
Mark Twain




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users