Contents: 

Part A: Creating the Default Roaming Profile – Windows XP Professional
Part B: Copying the created Default Roaming Profile for MysaNiTy user accounts.
Part C: Important: NTUSER.DAT file permissions and Windows XP Pro.

Part A: Creating the Default Roaming Profile – Windows XP Pro

 1.         Logon using the domain administrator account. (This account does not have a roaming profile which will not be deleted during logout. If you have already run the MysaNiTy configuration workstation regular mysaNiTy accounts profiles will be deleted during logout since it sets the registry to delete cached copies of roaming profiles.)

 2.         Run Regedt32,  Start->Run->Regedt32, click OK.

 3.         Highlight the Current User Key

4.         Click Edit from the menu bar and select permissions.

5. Click ADD

6. Type  Domain Users  in the “Enter the objects names to select (examples):” box, Click OK  (If Select this Object type: does NOT show User, groups, or Built-in security principals, click Object Types button, check the Groups box, and Click OK.  If the “From Location: does NOT show the Domain, Click Locations and Select the Domain , domain is HR in the below example. See steps 7-12 under Copying the created Default Roaming Profile later in this help file for screen shots.)

7.         Select the Domain Users group check the Full Control in the Permissions for Domain Users box .  Click the Advanced Button “For Special Permissions or for advanced settings..”

 8.         Check the Box “ Replace permission entries on all child objects with entries shown here that apply to all child objects “, and Click OK.

9.         Click Yes to the Security Message.

7. Click OK to Close the Permissions Windows for the registry editor and close the registry editor.

Part B: Copying the created Default Roaming Profile to the server for MysaNiTy user accounts.

1. Using MysaNiTy create an account using the Add User button and check the box “Add to the  administrators group “ before adding the user on the add user window. This user account MUST also be added to the Domain Admins group using Active Directory for Users and Computers on 2000 server or User Manager for Domains on NT 4 Server (Fixed in Version 2.11 - automatically added if  "add to administrators Box" is checked)

2. Logon to the Windows XP Pro workstation where previous administrator profile was edited using the registry editor using the new MysaNiTy administrator account.

3. Select Start->Right Click My Computer -> Properties -> Advanced TAB -> Click Settings in the User Profiles Section

4. Select the Domain Administrator Profile previously created using the domain administrator account. (The below example shows HR/administrator where HR is the domain)
5. Note: If Copy to not Available, this computer MUST be removed from the Domain by changing it to be a member of a workgroup and then Add it back to the domain.
6. Rejoining the Domain : Start - >My Computer (right click)->Properties->Computer Name->Change (Note: Do not use the Network ID Button to join the domain for this machine. This will make the copy to unavailable for administrator type account profiles. Follow the steps given by the Wizard. You will need the domain administrator user name and password to complete the wizards steps. Restart and repeat the above steps for copying the profile.

8.         The copy profile to should now show the network unc path to the profile.man folder located on the server. (example shows server name redeemer)

9.    In the Permitted to use section , click Change, and Click Object Types to change the “Select this object type: “

 10.      Check the Groups check Box. Click OK

11.      The “Select this object type: “ should now read User, Group, or Built-in security principal.

12.       Click the Locations Button shown to change the “From this location:” to the domain name of the domain. (Domain name in this example is HR)

13.       Select the domain controller(server) where MySanity is Located and Click OK. (In the below example the domain HR is selected.) Note: If the Domain is not available, select the local computer.

 14.       In the Enter the object name to select.. type  “Domain Users”, Click OK
             (If the Domain was not available, type in the group     everyone.

(Note: the From this location now reads the domain  HR, you can also clcik Check Names and Select the Domain Users group which all MysaNiTy are members of.)

 15.       The “Copy to” window should appear like the below example for the domain HR where the server name is redeemer. Click OK. A file called ntuser.dat will be automatically copied back to the profile.man folder on the server where MysaNiTy is located.

Part C:  Important:  NTUSER.DAT file permissions and Windows XP Pro.

The Roaming profile (ntuser.dat) copied from an XP Pro client has a hidden attribute on the profile file  ntuser.dat which must be removed for Version 2.10 of MysaNiTY. Fixed in Version 2.11 of MysaNiTy.

Goto the Server: Start->Run-> Explorer  goto drive:\mysanity\aeprofile\profile.man folder.

NOTE: The ntuser.dat file  from an XP Pro client normally hidden attribute on the file, to view this file in Explorer…

MysaNiTy will now be able to find this file in this folder and copy it to new accounts and the Update Profiles Button under MysaNiTY account management will be able to copy this file to all current users home folders.

This MUST be repeated each time a new profile is copied back from an XP Pro client to the profile.man folder.