Roaming Profiles on Windows XP what to do?
December 14, 2006 2:00 PM Subscribe
Looking for a secure Windows XP Roaming Profile alternative. What do you suggest?
Need to stop using roaming profiles in my agency. Data is getting spread about and there is a high chance of laptops and public machines (due to change in physical security) getting stolen. I don't want a workstation getting stolen that has the VP and HR director's documents on it.
There is a lot to the story, but rather keep it short. Please don't tell me that I should change physical security or anything of that sort. There's a lot that *should* be done, but fighting the power is for another day.
Thanks!
Need to stop using roaming profiles in my agency. Data is getting spread about and there is a high chance of laptops and public machines (due to change in physical security) getting stolen. I don't want a workstation getting stolen that has the VP and HR director's documents on it.
There is a lot to the story, but rather keep it short. Please don't tell me that I should change physical security or anything of that sort. There's a lot that *should* be done, but fighting the power is for another day.
Thanks!
What Loto said will work. To make things easier I would redirect My Documents to the network drive for them. I love when the PHB's start making decisions that effect security.
posted by saraswati at 6:00 PM on December 14, 2006
posted by saraswati at 6:00 PM on December 14, 2006
Have you thought about using some sort of managed disk encryption like EFS for user profiles?
posted by AaronRaphael at 6:27 PM on December 14, 2006
posted by AaronRaphael at 6:27 PM on December 14, 2006
Response by poster: Looking into encryption, but thought it might be easier to auto delete profiles or something like that. Good suggestions so far!
We are a weird half Novell (file and print services) and half MS shop. Profiles are stored on NetWare and we push the GPO through Zenworks.
posted by bleucube at 6:43 PM on December 14, 2006
We are a weird half Novell (file and print services) and half MS shop. Profiles are stored on NetWare and we push the GPO through Zenworks.
posted by bleucube at 6:43 PM on December 14, 2006
If you create network home folders for your users, then make My Documents a subfolder of the user's network home folder, then set up a logoff script that moves everything except shortcuts from the desktop to My Documents\Left Lying About, you shouldn't even need to turn off roaming profiles.
posted by flabdablet at 7:25 PM on December 14, 2006
posted by flabdablet at 7:25 PM on December 14, 2006
In fact, your logoff script could even be more polite than that; it could move any non-shortcut from the desktop into My Documents\Unfiled, and then put a shortcut on the desktop pointing to the document or folder's new location. Users who are pointy-haired enough to leave sensitive stuff lying about on the desktop probably won't even notice the difference.
posted by flabdablet at 7:38 PM on December 14, 2006
posted by flabdablet at 7:38 PM on December 14, 2006
Response by poster: Thanks again. Good point about not just moving mydocuments but also the desktop folder. Lots of people use the desktop as a storage bin.
Will let you know shortly what we do.
posted by bleucube at 5:25 AM on December 15, 2006
Will let you know shortly what we do.
posted by bleucube at 5:25 AM on December 15, 2006
This thread is closed to new comments.
posted by Loto at 5:34 PM on December 14, 2006