WinXP Pro + Domain + local user account

[Sarlok]

Hello folks. I hope I post this in the right forum...

I have been wrestling with a problem for the last day and a bit, in trying to get a single user account to logon to a buisness Domain, and a local user account under the same name (located on the pc from which access to the domain will be available - a laptop).
All the while using the same files and settings / favorites / cookies etc.

In all respects I want a Roaming account, but without the offline file synching and such. All I need access to the domain for in the first place really, is a logon script which mounts several servers as fixed drives (A completely screwed up setup, but that's neither here nor there, it's the way it is).

So, I'm at a complete loss. I'm usually failry good at hacking my way through new and exciting (and the occasional stupid) problems, but this one has me stumped.


Is what I want to do possible?

For the record, I have come so far as getting the domain account and the local user account to use the same folder under documents and settings, but one of the two desktops (depending on which order I create and modify the accounts) always has no write permission (with the exception of the desktop) and fails to have anything in the start menu aside from the usual control panel and such. I'm assuming this to be an ownership conflict which I've been unable to trace.

Any feedback would be greatly appreciated.


Thanks!

- Sarlok

[rraehal]

If this was my system, I would set up the laptop with a regular profile and set it up the way i want.

My question is why use the local account? We have 40+ laptop users who use their domain account on and off the network. The access our system using VPN and our VPN dialer runs the login script on connection. The setting are always the same for the single laptop sign on.

2000 and XP pro cache the domain credentials for use of mobile systems off the network. No need for local accounts.

[Sarlok]

Originally posted by rraehal
If this was my system, I would set up the laptop with a regular profile and set it up the way i want.

My question is why use the local account? We have 40+ laptop users who use their domain account on and off the network. The access our system using VPN and our VPN dialer runs the login script on connection. The setting are always the same for the single laptop sign on.

2000 and XP pro cache the domain credentials for use of mobile systems off the network. No need for local accounts.

Yeah, I had no problem with that, but what would happen if the user tried logging onto a different domain (not just different domain under the same name, a 'different' domain)? would it not bork their settings and files?
Or have I been grossly mis-informed?

The idea was to try and get whatever domain they loginto to use their local account for information, and just run the login script from the domain.
As I said before, all the domain is there for essentially is to run 1 login script. That's it.

Personally I hate all this messing around.
It's a work network though, so my chances of changing it to something more sensible are slim (We don't have time for rational solutions ).

For the sake of arguing, some clarification would be good too.
It would be a safe assumption to say that I am a wee bit confused as to what's what wot.

/me prefers Linux anyway.

[crusious31]

Local user accounts allow the user to log on only to the computer which the account is created and access resources on only that computer. You have to add a domain user account for her if you want her to be able to access resources on the network (unless you have a workgroup of course).

[kwebb]

(not just different domain under the same name, a 'different' domain)? would it not bork their settings and files?

A profile will be created for any unique logon, including different domains. For instance the local account johndoe would be johndoe.work if he logged into the work domain. If he logged into another available domain called production then profile would be something like johndoe.production. Each unique with their own settings, folders, etc....

With 98 and NT you could do local folder re-direction. With 2K and beyond it is now in a group policy, not supported by local security policy. At least I believe that is true. Too lazy to go look.

GPO's affect this HKey "'HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur rentVersion\Explorer\User Shell Folders'"

SO you could mess around with that and login scripts if your not running AD. I'd suggest just having the user use domain accounts and only use one login. I can't really see a reason you'd have users logon to more than one domain. Even if your dealing with NT4 domains you can setup trusts. With 2k it's easier and 2K3 easier still for users to jump around domain resources.

[Sarlok]

The reason for the different domains is the lack of any standard or forethought put into our office network design. We have other offices in other towns (some with no domain, some with differently named domains, etc).

Thus my reasons for hoping to use a Local account to keep things organized rather than multiple user accounts for each domain and location.

I could just set up each domain account, and possibly remap every program to store thier data in a common location on the laptop outside of the user accounts. But we (the techs) only have access to one of the domains.

I suppose there is the workaround of mapping the domain servers as shares, and logging into them using your domain username and password... but it's going to be a hastle to get the laptop's illiterate soon-to-be owners to map each computer they wish to access.

Things are looking bleak.