Logging users in... non-standard options?

G

Gambit

Gawd
Joined
Aug 26, 2002
Messages
764
I'm hoping there's a good solution to this, but I have a feeling there isn't. We have a 2k3 domain here at work and recently got new laptops in for the start of the school year to hand out to staff. The issue we're having is that we have to log these users in to create their profile and set things up on their new laptop... which of course we can't do without knowing their password. We could reset their password for the domain easily... but having Exchange on the domain means that we'll also lock them out of their account by changing their password.

So far, our only option is to wait for the staff to come in, have them log in personally, and wait while we configure things. Any other options than this?
 
If their computer is staying inside the network, you can set up their account using Active Directory (which also prepares an Exchange account if you let it) and make sure you check the option 'user must change password on next log-in' when typing in their temporary password of your chosing.

As long as they stay inside the domain network, they will be able to assign themselves passwords which applies to Exchange as well.
 
Let me clarify, these users are getting new laptops to replace their old laptops. Since we do not use roaming profiles, we need to manually transfer the stuff on their desktop, my documents, bookmarks, etc. to their new computer.
 
I see what you mean now, but I haven't the slightest idea how to go about this. I assign the passwords to employees in this company which means I will always know what it is, so I've never ran into your situation before.

I'm thinking maybe set up the computer as Administrator, and once that's done (make sure everything is installed for all users on the computer), use domain group policy editor to customize user profiles so when they log in, everything is preset.

Of course that won't help with setting up things that needs configuring like Outlook.

I'll let other people ponder this and keep an eye on this as well. This might be useful to me someday too.
 
Gambit said:
Let me clarify, these users are getting new laptops to replace their old laptops. Since we do not use roaming profiles, we need to manually transfer the stuff on their desktop, my documents, bookmarks, etc. to their new computer.
Click to expand...
If you login to their machine as Admin, you should be able to save stuff from their profile (C:\Documents and Settings\<user>) to a local machine. I once helped co-ordinate an effort to replace machines in the office, and we just used the tech support server to store profile data (basically anything in My Documents, bookmarks/favourites, application settings, etc etc)
 
This is what we do:

1. Create a shared folder on a server.
2. In Active Directory, under Profile > Home folder select Connect
3. Pick a drive letter. It will be a virtual drive. Type the path to the shared folder on the server followed by their username (i.e. \\fileserver\jsmith) This will automatically create the folder and the appropriate permissions so only jsmith and domain admins can access the folder.
4. When the user logs into their old computer, they will now connect to the new virtual drive. It will appear under My Computer.
5. Have the user copy and paste all their files to the shared folder.
6. When they get their new computer and they login, all their files will be there. They can then copy them from the shared drive back to their appropriate places.

We do this at my work and all employees work off of their shared folder. They do not save anything to the hard drive. We then backup the shared folder each night.
 
Azhar said:
I see what you mean now, but I haven't the slightest idea how to go about this. I assign the passwords to employees in this company which means I will always know what it is, so I've never ran into your situation before.
Click to expand...

I can assign them, but we allow them to change their password to more or less whatever they want... which was something I was pushing for. I really just don't like the idea of having a "list" of 500 employees with their username and passwords. Of course, that's the kind of thing that creates this issue.

noobman said:
If you login to their machine as Admin, you should be able to save stuff from their profile (C:\Documents and Settings\<user>) to a local machine. I once helped co-ordinate an effort to replace machines in the office, and we just used the tech support server to store profile data (basically anything in My Documents, bookmarks/favourites, application settings, etc etc)
Click to expand...

Yes, that will work *if* the user has already logged in. If you manually create a folder under Documents and Settings, *then* log in a user for the first time, it'll create a new directory for that profile (and not use the one you set up).


See, things get really complicated and I'm trying to not put too much down, because it doesn't all pertain to this. In the interest of getting the full story out:

Some of these new computers are going to new employees (no problem, since we have to set their password up anyway and there's nothing to transfer anyway). Others are getting new laptops to replace their older laptops; some of the older laptops we held onto over the Summer, some we let them take home with them. The issue here is even though we have some of their laptops and can access the files, we can't transfer them without changing their password... which will disrupt their e-mail. If we wait to start transfering (next week), all of these employees will want their data transfered ASAHFP... and rightfully so... since some of the old laptops are being passed on to other employees that don't have a laptop at all. So the longer we wait, the more it holds *everyone* up. Although users have a personal drive on the server, it is not required that they use it, as they often leave the building, so they won't always have access to it.


So far, I think the solution here is to copy the data from their old laptop to their new laptop on the admin profile. Hopefully once they log in to create their profile, we can log back in to the admin profile and just move the files... which will *hopefully* save some time as opposed to copying from one machine to another.

I *really* wish there was a way to force a login with the admin account. ie. Provide a username (eg. jdoe@somedomain), then also provide a properly privileged account (such as a domain admin) and allow it to log you in *as* jdoe.
 
The only real way to do this is to get someone to do it for you/the employees. Hire an intern for 2 weeks, just so they can manually transfer all the files from one computer to another. Have them set up the computer using the admin account, create a local jsmith account (so they can temporarily save their files in each sessions) and have them log into your domain everytime they use the computer. jsmith@companydomain. Then have a shared network folder mounted at startup, so from then on forward, all the files will be saved to \\companyserver\jsmith-data-files.

After 2 weeks, fire the intern, and get on with your company.

I was hired this summer as an intern to do this kind of grunt work. Trust me, it's a lot more work than it sounds. Because you can *only* do so much on the administrator back-end. For me, we got 25 dell machines, and I configured one and cloned that onto 24 other ones. Then I get one of the employees to take a 30 minute break, and sit next to me while I set up how they like their icons to be placed, etc....
 
Actually, transfering the files isn't all that much work, just a lot of wait time while the files transfer over. The problem here is that we can't log in the users without the user themself logging in. Without that, there's very little we can do.
 
In my current company, I maintain a password protected spreadsheet with users account info, kept in a share only I can get to. So, I can set up their systems and hand them over. We also use home directories, so everything is transferred over right away.

In a former job, whenever we had do to migrations like this, we set up a conference room with several switches and power strips. We'd work out a schedule with the employees to drop off their systems, and then come back for their new systems. For some users who were technically proficient, we'd let them come in and migrate there data themselves...but only a few were capable of this. It would take less than an hour for each person, and we could do several at a time, for each IT staffer. Any employee who bitched about being without a computer for an hour, were basically just complaining for no reason. We were giving them new, faster systems, so that hour could easily be made up with a better computer. It also helped to have the CEO's blessing on the project as well.
 
I understand the problem, as I've been in your shoes many times over the years. No matter WHAT you do, you will have to log the user in before you setup the profile. Otherwise the profile directory will exist and Windows will create a new one for you.

With that said, you can make things easier. I'd recommend logging the user in, then out. Then renaming/deleting the new profile and putting their old one in it's place.

You should also take a peek at the User State Migration Tool. It can "pre-build" the profile for you. The problem is going to be that no matter what path you choose, you're going to have to run something on their old computer to get the data off before you can do anything on the new computer.

And I'm just going to through this out there -- be careful assuming all of their data is in their profile.
 
You must log in or register to reply here.
Back
Top