Let your users take their desktop from one computer to another painlessly. On August 10th John Sheesley explained how Microsoft and Novell use roaming profiles. If you couldn’t join us then, enjoy the transcript and we hope to see you on our next live Guild Meeting. You can find a schedule of Guild Meetings in your weekly TechProGuild Notes TechMail, or on the Guild Meeting calendar.

Let your users take their desktop from one computer to another painlessly. On August 10th John Sheesley explained how Microsoft and Novell use roaming profiles. If you couldn’t join us then, enjoy the transcript and we hope to see you on our next live Guild Meeting. You can find a schedule of Guild Meetings in your weekly TechProGuild Notes TechMail, or on the Guild Meeting calendar.

Note: TechProGuild edits Guild Meeting transcripts for clarity.

Welcome to the meeting
MODERATOR: Welcome ladies and gents. Tonight we have TechProGuild’s own John Sheesley.

JOHN SHEESLEY: Welcome to tonight’s Guild Meeting. Our topic tonight will be dealing with traveling users and portables on your network. Primarily, we’ll be dealing with roaming profiles in a Windows environment. Before we get started, let’s get a feel for what everyone is using. If you can, please describe your network environment.

WELL: I’m using Novell, Windows NT, and UNIX server.

JECASSERLY: I am a Microsoft Windows 98 user.

KEVINOSAR: I’m also a Win 98 user.

JCARLISLE2: I use Novell, WinNT, Win 98, and Linux.

SHARI: I use a Windows NT 4.0 server, but my workstations are NT, 98, and 95.

JOHN SHEESLEY: OK, as I suspected, a mostly Windows crowd. If anyone here is using Linux in their environment, I’ll pass those questions right off to our capable moderator for this evening, Jack Wallen.

JECASSERLY: I wanted to use Linux, but our software would not support it.

Traveling users and computers
JOHN SHEESLEY: Laptops and traveling users can be the most challenging users to deal with in your organization. This is especially true if you have several remote sites. Unfortunately, traveling can mean more than just laptops.

As people move in your organization (through promotions) or as computers move (people getting new systems) traveling has taken on a whole new meaning. Everyone knows how long it can take to get your desktop just the way you like it: just the right background, just the right font, just the right odd color combinations. As IS people, you’ve probably experienced the brief disorientation that can occur when you go to a user’s desk to fix something. “Oh… THERE is Network Neighborhood…. the Pinky icon.”

KITTYCARLISLE: Couldn’t it just as easily be “the brain” icon?

JOHN SHEESLEY: Well, no. Brain is always My Computer. It’s a rule.

If we can get confused, just think how confused our poor end users can get when you plop them in front of a new machine. In the good old DOS days, this wasn’t a problem. Everyone had a C:\> prompt. No matter what computer you went to, everything was the same. But now, as we’re living in a GUI world, things can get complicated. To help the situation, with the introduction of Windows 9x, Microsoft incorporated profiles into their operating systems. Profiles allow you to centrally store a user’s preferences.

JCARLISLE2: Does Linux have profiles? Is a profile the same as a roaming profile?

JOHN SHEESLEY: Nope. There are several kinds of profiles: There are local profiles, roaming profiles, and mandatory profiles. Local profiles reside, as you can guess, on the workstation. Local profiles aren’t really that useful in a network environment.

MODERATOR: Are profiles Microsoft’s answer to Linux’s multi-user ability?

JOHN SHEESLEY: Yes, in a way. It’s not so much multi-user as it is a collection of preferences stored, based on User ID.

MODERATOR: I can answer for Linux: On one machine you can have multiple users, and each user’s preferences are individual and none of them affect the other, unless you’re root, of course.

JCARLISLE2: Is this the same in NT Workstation?

JOHN SHEESLEY: Yes, it’s the same on NT Workstation, but it doesn’t work exactly the same way as it does in 9x.

JCARLISLE2: NT & 98?

KITTYCARLISLE: What about 95?

JOHN SHEESLEY: That’s the same way it basically works for Windows too. However you can also locate those profiles on your server and as a user moves from computer to computer the profile moves with them. That’s a roaming profile. Basically, it’s a local profile that’s stored on a server and follows the user.

MODERATOR: What about Sun’s answer to this? Has anybody seen the “smart card” technology that Sun developed? Every user has a card they swipe at a station and it sets their profile on that station. It’s quite ingenious.

JCARLISLE2: Is that profile unique to one machine, or if you have multiple machines can you have the same simultaneous profile?

JOHN SHEESLEY: After your user logs on to the network, but before the desktop loads, the workstation loads the settings from the server and displays them.

SHARI: So you store them on the server!

JOHN SHEESLEY: As a general rule they’re stored in the user’s home directory. This is true for both NT and NetWare. The main drawback can be the size of the profile. A profile can contain such things as background images, Start menu programs, desktop colors, and desktop icon placement. As you can imagine, the more things you put on your desktop, the larger the profile becomes. I’ve seen profiles take up to 40 or 50 MB with no problem. It can take a long time for the workstation’s desktop to appear if a user has a multiple-megabyte background that you’re pulling across the wire.

TLSNC: Sounds like poor housekeeping to me.

JOHN SHEESLEY: Can be, but you’ve seen your user’s desktops. They always clutter things up.

JECASSERLY: Or cluster it up.

JOHN SHEESLEY: That’s not hard to do. Put a 24-bit graphic as the background and then make the mistake of storing a Zip file on the desktop.

TLSNC: I don’t know how users work with all the icon clutter on their desktops, let alone when they add images.

JCARLISLE2: Anything in the desktop is on the server, is that it?

JOHN SHEESLEY: Microsoft tried to control the situation when it shipped Service Pack 4. That’s Service Pack 4 or later, which would include Service Pack 6a.

JCARLISLE2: When you mean SP4 you mean NT or 98?

JOHN SHEESLEY: For NT.

JCARLISLE2: What about for 98?

JOHN SHEESLEY: Remember, the server is controlling the size of the profile. It doesn’t matter if you’re using a Win98 or NT workstation.

JCARLISLE2: Oh, you meant SP4 & 6a for the server? I thought you meant the workstation.

JOHN SHEESLEY: Nope, SP4 or later placed on the server. Some people haven’t taken the plunge to SP6a on the server.

WELL: Is there any way to remote control the PC in the same network environment?

JOHN SHEESLEY: Well, yes, there is. Get PCAnywhere. PCA is a great way to remotely control workstations on your network. You can also use software such as Remotely Possible. Novell includes Remote Control as a part of ZENworks. If you’re using NetWare, then that will be the best way to go because you can administer it directly from NDS.

TLSNC: Yea, I just read the ZENworks article by TechRepublic about remote control.

MODERATOR: Or if you’re using Linux you can use one of many tools, such as Webmin.

Changing your profiles
JCARLISLE2: What if you want to change your profile? Do you change it on the network or on your desktop?

SHARI: Can your changes locally be linked to your network-based profile?

JOHN SHEESLEY: In the System Policy Editor (SPE), you can limit the size of the user profile.

JECASSERLY: You can also limit what he or she uses.

JOHN SHEESLEY: When you set the maximum size, the server won’t allow a profile to grow beyond that size. If users approach the limit, they’ll see a warning on their screen.

MODERATOR: Which is sort of like quotas in Linux.

JCARLISLE2: Linux has quotas?

TLSNC: Roaming profiles would be controlled by NT server so they would also be limited.

JOHN SHEESLEY: That’s correct.

JCARLISLE2: OK, so we’re talking about roaming profiles on the LAN—moving from office to office—right? This doesn’t seem like a good solution over the Internet if profiles are 50 MB!

Mandatory profiles
JOHN SHEESLEY: Now then… the last kind of profile is mandatory profiles. Mandatory profiles are, well, mandatory. Those are profiles that you create that must be placed on a machine at startup.

JECASSERLY: Are these the authorizing profiles?

JOHN SHEESLEY: Mandatory profiles replace any choices a user may have in their own user profile. For example, you can use a mandatory profile to make sure that you have the company logo as a user’s background rather than something hideous, such as a tiled background with Jack Wallen’s photo on TechRepublic.

TLSNC: I used mandatory for the screen saver setting so everyone had to use the corporate logo marquee.

DRM677: Won’t users object to all that uniformity? Who wants to look like everyone else?

JOHN SHEESLEY: When it comes down to it, the users don’t have a choice. It’s corporate equipment. If the company doesn’t want Jack Wallen wallpaper, then you’re out of luck. Of course, being a heavy-handed administrator won’t win you any friends among your users.

TLSNC: Who wants the swimsuit screen saver on a teller’s desktop for customers to see?

JOHN SHEESLEY: Don’t forget… we’re in the age of such things as sexual harassment lawsuits. Put the wrong thing up as wallpaper, and bang, someone hits the lottery.

Profile vs. policies
JECASSERLY: If I eliminate a print sharing profile, then the workstation could not use it, correct?

JOHN SHEESLEY: Jecasserly, nope. That’s something different. You’d control print sharing, the ability to run programs, and things like that with system policies. Policies and profiles are 2 different things. Don’t worry about mandatory profiles too much, especially if you’re going to migrate to Win2k. Windows 2000 doesn’t support them.

TLSNC: What happens in W2K?

JOHN SHEESLEY: Windows 2000 still supports profiles, however, the mandatory ones are out the window.

Recovering from network failure
JCARLISLE2: What happens if the network goes down? Do you lose your profile?

JOHN SHEESLEY: If the network goes down, then the workstation defaults the local profile, which is a local copy of the last profile loaded from the server.

DRM677: Can users create a separate desktop so they don’t have to use the “corporate one,” except to access the intranet?

JOHN SHEESLEY: If a user goes through a NetWare server or NT server to log on to the network, then they’ll get the profile.

JCARLISLE2: OK, what if the network goes down and you change your local profile?

JOHN SHEESLEY: The only way you can get around it is to not authenticate through your server.

MODERATOR: And what if Windows crashes, thereby corrupting your profile? Does the server keep a copy?

JOHN SHEESLEY: The changes will then replicate to the server when you reconnect.

SHAZLD: Does that mean that there can be 50 MB local and 50 MB on the server for each profile because it has the last profile loaded?

JOHN SHEESLEY: There sure can be. Quite a mess, huh? That’s why you should make sure you set a limit on the profile size. Or at least make sure you educate your users about putting too much stuff on their desktops.

Switching desktops
JCARLISLE2: I don’t see how this helps traveling users.

JECASSERLY: Isn’t it because it lets users log on the server while they travel?

JOHN SHEESLEY: It helps them because as they move from computer to computer, or from site to site, their information follows them. It doesn’t matter what machine they use. Everything’s there. That said, it can be very tricky when a user switches from an NT workstation to a 9x workstation and back. They’ll quickly find themselves with different desktops. However, all the 9x ones will be identical and so will the NT ones. That’s because the 2 OSs work similarly, but store things under different filenames. If you’re in a NetWare environment, you can overcome some of the problems by using ZENworks, and just push what you want to the desktop using ZEN. Although I haven’t had a chance to play with Intellimirror much, I assume that it will do much the same thing as ZEN in that regard. When Gerald Foster spoke in a previous Guild Meeting, he discussed some of the benefits of ZEN. He’ll also be preparing a series dedicated to ZEN, which should appear sometime in September.

TLSNC: What a drag having to wait each time for ZEN the first time you log on to a new machine.

JOHN SHEESLEY: Yes, it can be slow, no doubt about that. However, all these things can be slow to use. That’s the price for central administration.

JCARLISLE2: So it doesn’t sound like a very helpful solution.

TLSNC: It really only helps in keeping the shortcuts and other networking settings the same no matter what machine the user is on.

JECASSERLY: The folders or shortcuts must be the same for that reason.

JECASSERLY: I was at a Citrix MetaFrame presentation last night and it seemed so simple.

JOHN SHEESLEY: Citrix is very cool. However, Citrix (and Terminal Server) can be quite server intensive. Not to mention you can’t really support more than 30 users per box, even in a multi-processor environment.

JECASSERLY: It sounded and looked that way. It uses many duplicate servers, as many as traffic needs.

JOHN SHEESLEY: That’s because NT is such a miserable multi-user OS.

TLSNC: Is that because it is so resource intensive?

JOHN SHEESLEY: It is resource intensive, but that’s because NT was never really designed to be multi-user. Terminal Server, WinFrame, and MetaFrame really just bolt that capability onto NT. If you don’t mind the old 3.x interface, WinFrame is usually a better performer than TS or MetaFrame.

TLSNC: I don’t understand that. I thought it was always to be a server product.

Multiple access vs. multi-user
JOHN SHEESLEY: There’s a difference between allowing multiple access and being multi-user.

JCARLISLE2: I still don’t understand how this helps telecommuting? Can you enlighten me on multiple profiles?

JOHN SHEESLEY: In a multi-user environment, users are all sharing the CPU on the server. Just displaying stuff on the workstation.

TLSNC: Ah, true. I missed the distinction.

JOHN SHEESLEY: NT was designed to share files, but not share its own CPU. Actually, NT was really never designed to share files, but I digress on that.

CARLISLETWINS: Does that mean that more than one person can use the same laptop, such as a sales team trading off taking it on the road?

JCARLISLE2: Carlisletwins, I think it means that more than one person can use more than one laptop?

JOHN SHEESLEY: Profiles can be a pain in an environment where you have remote sites connected back to your main LAN via a WAN. The last thing you want is to have your users pull multi-megabyte profiles across a 256k WAN link.

TLSNC: Sure, profiles on the network would not care what laptop you use or how many different people use one laptop.

JOHN SHEESLEY: In that case, what you need to do is make sure you locate copies of the profiles at servers at the remote sites. This may mean duplicating home directories on servers placed locally.

JCARLISLE2: Wait, so does that mean that the profile at one server at one location has to be sent to the profile on another location on another server? Ouch! What’s the benefit?

JOHN SHEESLEY: The benefit would be that you can do that at off-peak hours, and it would be available to the users when they need it, rather than pulling it in real time.

JCARLISLE2: OK, seriously, how often do they communicate between servers? That sounds almost like a router.

JOHN SHEESLEY: An alternative can be to have them log in to a separate domain with no roaming profiles stored on it. The laptop would then revert to its local profile. Of course, then you have the problems of trusts, but that doesn’t have to be that much of a headache if you plan things properly. Personally I think the easiest thing to do is just put everyone back on DOS and give your traveling users old Tandy 100s.

That’s a wrap
JOHN SHEESLEY: Thanks to everyone for your participation!

MODERATOR: I hope everyone had a good time tonight and learned something in the process!

JCARLISLE2: I learned I don’t like roaming profiles! They can bring down the network.

CARLISLETWINS: I think tonight’s speaker would disagree.

JCARLISLE2: Thank you Mr. Speaker for an enlightening discussion.

MODERATOR: Take care everyone and thank you for stopping by!

JECASSERLY: Linux is cool.

MODERATOR: Linux is indeed. If you have any Linux questions, send them to jwallen@techrepublic.com.
Our Guild Meetings feature top-flight professionals leading discussions on interesting and valuable IT issues. You can find a schedule of Guild Meetings in your weekly TechProGuild Notes TechMail, or on the Guild Meeting calendar.