[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] disable roaming profiles samba/ldap



So, here's what you do.  Use DeepFreeze and freeze the windows machines. 
(This is what we do)  We use roaming profiles as we want kids and staff to
be able to roam freely.  DeepFreeze is installed on all windows machines
for obvious reasons (to keep Windows intact and to prevent viruses from
"sticking").  I have the machines set to login automatically as an admin
user (who cares if they do anything...it's frozen and thus won't
stick)....to login as themselves they simply log off and login (the
auto-login allows me to do admin tasks in bulk such as "thaw-all" and push
packages)  anyway.....the profiles get written locally as well as to the
server, but once the machine reboots all the profiles are gone from the
local machine.  No worries!  :-)   DeepFreeze is very inexpensive and
worth EVERY penny!

"Support list for opensource software in schools." <k12osn redhat com> on
Tuesday, January 03, 2006 at 10:36 AM +0000 wrote:
>Profiles have to be allowed to be written by XP or you'll get profile 
>errors everytime you login and logout, shutdown, etc.
>
>Teacher's profiles are left to work because they generally sit at the
>same 
>computers regularly, so their profile isn't that much to deal with.
>
>But with student computers, it is another story.  Every time they login, 
>they get a profile and if they haven't logged in on a computer, that 
>computer then gets a copy of their profile to waste drive space on the 
>local computer, as well as the server drive space. So you have 6 students 
>that use every computer in a classroom over the course of a day.  But the 
>students also login on other computers like library and classrooms,
>which, 
>guess what, also get copies of the wasting-space profiles.
>
>Simply turning off profiles in samba will not alleviate this problem 
>anywhere except server drivespace. Every computer that a student logs
>into 
>gets a profile from somewhere, and likely it is the default profile from 
>the computer they just logged in on, which gets written right back to the 
>same computer, under a different username so now you have two 
>space-wasters and the drudgery continues for every use that ever logs in 
>on that computer.
>
>My solution is this follow closely as it might get complicated to some. 
>Also, keep in mind that we run linux on our servers here, but not ldap
>for 
>login.  I know, I still do accounts the old-fashioned way, but you'll see 
>how it may be better this way than using ldap, unless I am just missing 
>something major.. ..
>
>First off, the samba server that has the domain that the students login
>on 
>from student-use computers has the profiles in a different location than 
>the user's home directory, which is the default location. The profiles 
>have their own share on the server.  The share is set up with root
>preexec 
>and post exec that creates the profile location on login and deletes the 
>profile location on logout for the user. Samba sets up the profile 
>location before it turns it over to Windows on login.  Windows sets up
>the 
>profile, and the user keeps it as long as they are logged in.  Once they 
>logout, and after winders has written the profile and lets go of the 
>share, the post exec deletes the profile directory.  Windows is happy 
>because it wrote the profile successfully, and then the server gets happy 
>because it cleared up the space wasted by the profiles.
>
>On the student-access computers, we run DriveShield which is similar to 
>DeepFreeze and other lockdown software. The machines are set up and a 
>default profile is created that contains everything the student's need
>for 
>that computer. Then the computer is locked down.  Unchangeable.
>
>When a student logs in on that computer, they have no profile, so winders 
>gets a copy of the default profile, which is minimal to begin with, and 
>gives it to the student.  A copy is also written to the hard drive on 
>the computer. But when the student logs off, it is deleted from the 
>server, and then next time the computer is rebooted, that profile is
>wiped 
>from the computer.
>
>So, there is no drive space wasted on either the server or the computer 
>for student access computers.
>
>The domain that teachers log into is different than the domain the 
>students login to.  Students can't use teacher's computers (security
>risk) 
>because their login will not work on them.  Teacher's logins will not
>work 
>on student computers, either, but they don't need to anyway. Teachers
>have 
>access to all student's home directories no matter what computer they are 
>using.
>
>I hate profiles!
>
>Doug Simpson
>Technology Specialist
>DeQueen Public Schools
>DeQueen, AR 71832
>simpsond leopards k12 ar us
>Tux for President!
>
>On Tue, 3 Jan 2006, Randall Swift wrote:
>
>> "Support list for opensource software in schools." <k12osn redhat com>
>on
>> Friday, December 30, 2005 at 12:42 PM -0500 wrote:
>> >cant you simply edit oout the roamaing profiles portion of smb.conf..?
>> >chuck
>> >> Randall Swift wrote:
>> >>> 	I have a samba/ldap server doing my authentication and storing home
>> >>> directories as well as roaming profiles. How do I disable roaming
>> >>> profiles
>> >>> (setup on core 3 using the smbldap-installer script)? This server
>has
>> >>> been
>> >>> running for almost a year now can I just simply disable roaming
>> >profiles
>> >>> without it affecting the server? Thanks for the help.
>> >>>
>> >>
>> >> We have roaming profiles too, and I'd love to learn how to disable
>them!
>> >>    They are kind of a "legacy" from the W2K server we had years ago.
>> >>
>> >> Rita Gibson
>> >> RMSELTech
>> >>
>> >> _______________________________________________
>> >> K12OSN mailing list
>> >> K12OSN redhat com
>> >> https://www.redhat.com/mailman/listinfo/k12osn
>> >> For more info see <http://www.k12os.org>
>> >>
>> >
>> >
>> >_______________________________________________
>> >K12OSN mailing list
>> >K12OSN redhat com
>> >https://www.redhat.com/mailman/listinfo/k12osn
>> >For more info see <http://www.k12os.org>
>> 
>> I was thinking that you could comment out the profile section in
>smb.conf.
>> I am not an expert and did not know if this would cause any problems. I
>> really need to know what to do as profiles are a problem with network
>> traffic. I was hoping there was an easy way to do this but with few
>> responses I now don't think it is. Any help is appreciated. Thanks
>> 
>> Randy Swift
>> Network Administrator
>> Leavitt Area High School
>> Turner, Maine 04282
>> (207)225-3533
>> swift msad52 k12 me us
>> 
>> _______________________________________________
>> K12OSN mailing list
>> K12OSN redhat com
>> https://www.redhat.com/mailman/listinfo/k12osn
>> For more info see <http://www.k12os.org>
>> 
>
>_______________________________________________
>K12OSN mailing list
>K12OSN redhat com
>https://www.redhat.com/mailman/listinfo/k12osn
>For more info see <http://www.k12os.org>



David N. Trask
Technology Teacher/Director
Vassalboro Community School
dtrask vcsvikings org
(207)923-3100



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]