Information technology tools and resources at the UW
NETID User Workarounds
Much of the functionality provided by certain common NETID user attributes can be attained without actually leveraging those user attributes.
This document explains some alternatives to setting user attribute values for home directory, logon script and profile path while still getting the functionality provided by setting those user attributes. Most of the content of this document was developed by IT administrators in the ISchool and School of Nursing.
A workable configuration for user based home directory (and specifically My Documents), profile path, and login script relies on group policy. In concept, you leverage group policy loopback functionality to set user group policy settings on GPOs linked to the computer the user is logging into. The following steps describe the required group policy settings to enable loopback:
- Create a GPO targeting the computers your roaming users will use.
- Edit the GPO to enable Group Policy Loopback with a value of “Merge”.
Computer Configuration\Policies\Administrative Templates\System\Group Policy\User Group Policy processing mode=Merge
This will force all user configuration settings defined in the GPO (or any GPO processed after that GPO) to be applied to any user who logs into the computers this GPO is linked to.
This step is required to setup group policy based folder redirection, login scripts, or the profile solution noted below. The group policy parts of each of those solutions can be added to the GPO here, or be in separate GPOs as long as the separate GPOs are processed after this GPO.
You can set a logon/logoff script for a set of users using group policy. This approach is as good as setting a user account based logon/logoff script. Assuming you’ve set loopback (as described above), you can leverage the following group policy settings for logon or logoff.
User Configuration\Policies\Windows Settings\Scripts\Logon
User Configuration\Policies\Windows Settings\Scripts\Logoff
With these GPO settings reference a file that is a script that all your computers can run. VBScript and batch scripts are supported across all Windows platforms, and many Windows platforms natively support PowerShell.
A workable solution which meets most requirements exists. This solution involves mapping a drive at logon and using group policy based folder redirection on My Documents. This solution does not address the %homedrive% and %homeshare% environment variables which are typically also set by the user account based home directory attribute, but very few things actually rely on those values, so this solution is generally as good as setting the home directory value.
To map a drive at logon there are two solutions, both group policy based, both assume you’ve set loopback (as described above).
- Leverage the logon script solution described above.
- In the logon script, include a statement like the following:
net use h: \\yourfileserver.washington.edu\homes\%username%
- Leverage the group policy preference setting:
User Configuration\Preferences\Windows Settings\Drive Maps
- Specify the desired drive letter, UNC path, and other settings.
To redirect My Documents to the drive you’ve mapped above, you need to set loopback (as described above), and then:
- Leverage the group policy setting:
User Configuration\Policies\Windows Settings\Folder Redirection\Documents
- Right click, choose properties.
- On the Target tab,
Setting should be set to “Basic – Redirect everyone’s folder to the same location”.
Target folder location should be set to “Redirect to the following location”.
Root path should be set to “H:\”. Click OK.
On the Settings tab,
Choose the settings which are appropriate for your environment.
You may want to choose to redirect additional folders like Pictures, Music, Videos, Favorites and others. For Pictures, Music, and Videos, you can choose to “Follow the Documents folder” and skip the rest of the configuration since these folders are typically represented as subfolders of “My Documents”.
NOTE: There are a number of problems with folder redirection, so we generally advise against using it.
A workable configuration relies on group policy loopback, folder redirection, and a 3rd party tool called Flex Profiles. The combined solution duplicates most (in some areas more) of the functionality provided by the profile user based attribute profile path.
Flex Profiles currently is commercial software provided by Immodio, however, a prior (free!) open-source version was originally developed by Login Consultants (a now defunct company). The open-source version is what is discussed here, but you may be able to use the newer commercial version too.
Because the original authors of the open-source version aren’t around anymore this solution will depend on your ability to find the software.
- Install the FlexFramework 2.1 msi on your client computers. You can leverage group policy based software installation, your build process, or other software distribution tools to automate installation of this software.
- Copy the “Sample UW Config” folder to a network location that all your relevant computers can access.
- Edit the Framework.ini file as needed for your environment. Changes might include:
- STOREROOT=to be some network location, e.g. the user’s home folder (e.g. H:\).
- Include all registry areas, files and folders where there was a need/desire to have those roam. One way to make sure you’ve caught everything relevant is to monitor software during installation and basic operation to determine the locations where configuration details are installed.
Note: The FPKv4 Admin Guide.pdf included in the URL above has additional guidance on step #3. See sections 5.3 and 7.3 of that document.
- Add the logon.bat and logoff.bat scripts you’ll find in the “Sample UW Config” folder to the logon/logoff script solutions described above. Note that you can have more than one logon/logoff script. This will copy all the locations specified via settings in the uw.ini file to a uw.7z file on the path you put above in the STOREROOT variable.
NOTE: Both the ISchool and School of Nursing have previously used version 5 of the Flex Profiles Framework. Newer versions have removed some functionality (including the ability to compress settings during export). These features are now only available in the commercial version.