Roaming Computing System (Windows Edition) 3.5
Create a User Account
Estimated time to complete: 30 minutes.
Contents
- Syntax
- Requirements
- Create Samba Account
- Create an Email Account
- Create Windows Profile and Configure
Syntax
Note that when a word in this guide is shown like <organisation> this means a variable, a placeholder, you're expected to enter here your particular word, not including the angle brackets.
Requirements
Twix, at least version 0.3.6, is used on the server. It should be in root's home directory. If you don't already have it then get it from thegoldenear.org/toolbox/unices/twix/ by logging into the server using PuTTY and following the instructions on the Twix web page.
Create Samba Account
Login to a workstation (as anyone) and run Start → Programs → PuTTY → PuTTY. Enter 'server' in the 'hostname' field and choose 'Connect'. If you've not run it before as this user choose 'Yes' to confirm the server is who you think it is. At the login prompt, enter 'root' and then when prompted the root Unix account password.
Run Twix: ./twix.sh → R
- M - create a new Roaming Computing System user account
- If they're to have access to shared files (S:) add them to the organisation's group <organisation>-staff (otherwise they only have H:; and they'll be prompted for a password to connect to S: every time they login, which they'll have to dispell): O
- If you want them to be a member of any sub-groups then add them to those: O
Other Optional Permissions
If you print through a print server on SERVER and want them to be a print administrator:
adduser <username> lpadmin
Create an Email Account
If they're to have a dedicated mailbox, it could be either in their own name (as per your organisation's naming convention), or the name of the role they're performing.
Go to the GRSoft Virtual Mail Manager at http://server/mailmanager/login.php (if logged in through the VPN you instead have to use http://10.0.0.10/mailmanager/login.php).
Login with your mail server administration account, either mail master account ('mailadmin@...') for the whole mail server, or individual domain account (postmaster@...) if you have one.
Manage virtual users → Select a virtual domain: → select domain → Add new virtual user to selected domain →
- Name of virtual user:
- Password (default auto): (this needs to be documented)
→ Save new virtual user
Add any forwardings if required (using Manage virtual aliases → Select a virtual domain → Select a virtual user → Add forwarding). A forwarding is a redirect, if you add one address to forward to it will redirect mail to that address. If you want mail to go to the original mailbox and also to be forwarded on to another, then add both addresses as forwardings seperately (I'm not sure if the ordering is important so add the original address first; 'To:' will be the person the original sender sent to; a forwarding and a virtual alias will be added simultaneously, each with the same id; if people ask for a forwarding for an additional mail address they instead most likely want a specific mailbox).
Add any aliases if required (using Manage virtual aliases → Select a virtual domain → Select a virtual user → Add virtual alias). Aliases are for if you want to create addresses that don't exist as a mailbox in their own right, that are only redirected to a different address. Add an alias using just the name part of the mail address, not including the domain part.
Test the mailbox and any forwardings and aliases by sending mail to them all from off-site.
Create Windows Profile and Configure
Logon to the workstation with the new account. Windows automatically creates a profile on the workstation, which it copies to the server when you logout. A lot of configuration of the new account will be automatically applied when you first login.
Manual Windows configuration:
- Turn off Windows sound scheme: Control Panel → Sounds and Audio Devices → Sounds → Sound scheme → No Sounds
- Windows Explorer's look and feel:
- View → Status Bar
- View → Details
- Tools → Folder Options → View
- Folder views → Apply to All Folders → Yes
- Advanced settings → Remember each folder's view settings → off
- Remove any unnecessary input locales (they're indicated in system tray) i.e. if you want English (United Kingdom) and no English (United States)): right-click on language shortcut → Settings → Installed services → choose locale → Remove
- If using a flat panel monitor (+ some others too), improve legibility: Appearance → Effects → [x] Use the following method to smooth edges of screen fonts → ClearType (check it though as it'll look worse on some, see http://en.wikipedia.org/wiki/ClearType#Display_requirements)
- Configure Quick Launch taskbar:
- Right-click on Windows Taskbar → Lock Taskbar → off
- Right-click on Windows Taskbar → Toolbars → Quick Launch → on
- Drag Quick Launch separator to the right so all shortcuts are visible
- Drag Quick Launch separator downwards to seperate the two toolbars
- Remove Internet Explorer shortcut
- If there's room, show large icons on Quick Launch toolbar instead of small: right-click on Quick Launch bar - View - Large
- Using the right mouse button, drag the minimise shortcut to the left hand edge and the Windows Explorer icon to the right hand edge.
Logoff now so these settings can take effect before continuing. Then logon again.
Software Configuration
Core RCS Software
(Creating Shortcuts; configuration of OpenOffice, IrfanView, Eraser, Sun Java Runtime Environment (JRE) and setting KompoZer as Default HTML Editor are made automaticaly through the logon script)
Firefox
- Start Firefox
- Choose to 'Import nothing'
- (This isn't being asked currently) At 'Welcome to Adblock Plus' choose 'EasyList + EasyElement (USA)' → Subscribe
- Close Firefox
- Go to the Firefox profile directory / folder in Windows Explorer (easiest gotten to by first right-clicking on the Start Menu and choosing Explore). It's located at %APPDATA%\Mozilla\Firefox\Profiles\<this user's profile name>.default
- Edit user.js by right-clicking on it and choosing 'Edit with Notepad++'
- Remove the comments (//;) from the two user_pref lines at the bottom
- Change the letters 'PUT_USER_TEMP_LOCATION_HERE' to 'D:\\<username>' (where you change '<username>' for the actual username of this user)
Thunderbird
If they are to have access to any mailboxes, add each of them:
- Run Thunderbird
- Choose to setup a new 'Email account'
- Whomever you want mail to appear from, i.e. '<full name>, <organisation>'
- Email Address: the full email address
- Select 'IMAP'
- Incoming Server: server
- Outgoing Server: server (you'll only be asked this for the first account you setup and it will henceforth be known by this name)
- Incoming user name: the full email address
- When you first access the mailbox you'll be asked for the password, enter it and choose to have it remembered.
- Send a test email to yourself at a different Internet address. When you first send an email you'll be asked
- if you want to setup Enigmail - say 'No'
- for the outgoing mail password - enter the mail password again and choose to have it remembered
Add any additional mailboxes you want to use in the same way.
(If you mistakenly save a wrong password in Thunderbird you can remove the saved password using Tools → Options → Privacy → Passwords → Edit Saved Passwords)
Windows Media Player
Start → Programs → Windows Media Player → Custom Settings → Next
- Enhanced Playback Experience → uncheck 'Download usage rights automatically when I play a file' → Next
- Choose 'Add a shortcut to the desktop' → Next
- Choose 'Don't set up a store now (you can set one up later in the Player)'
Picasa
- Run Picasa
- Choose to only scan My Documents
- Accept the file type associations for image files
- Turn off automatic updates: Tools → Options → General → Automatic Updates → Don't check for updates
Major Proprietary Applications (If Any)
For major proprietary applications (if any) that are likely to only be required on particular workstations see our separate guide to creating a user account (major proprietary applications).
Printing
If you print through a print server on SERVER - connect to any appropriate printers by navigating to the print server using Windows Explorer, i.e. \\server, right-click on the printer name and choose 'Connect'.
If you print direct to the printer (whether over USB, network or through hardware print server box) - the printer driver, as configured by the administrator for this workstation, will be already available and configured for this user.
If you have more than one printer configured (or pseudo printing device listed) then set whichever you want as the default printer: Start → Printers and Faxes → right-click on the specific printer → Set as default.
Do a test print.
Test that printing works.
Setting For Print Servers Outside Your Forest
If you're trying to 'Connect' to a print server not in your domain, to install the drivers to the workstation, as a Limited user, from a workstation using Windows XP SP1 or later, when you try to connect you get the message "a policy is in effect on your computer which prevents you from connecting to this print queue.". See www.pcreview.co.uk/forums/thread-554044.php and http://support.microsoft.com/kb/319939
This restriction is because "Win XP-SP1 introduced a Point and Print Restriction Policy (this restriction does not apply to "Administrator" or "Power User" groups of users). In Group Policy Object Editor, go to User Configuration → Administrative Templates → Control Panel → Printers. The policy is automatically set to Enabled and the Users can only Point and Print to machines in their Forest (en.wikipedia.org/wiki/Active_Directory#Forests.2C_trees.2C_and_domains). You probably need to change it to Disabled or Users can only Point and Print to these servers to make driver downloads from Samba possible."
Saving The Windows Profile (Optional)
Logout from the workstation. The newly configured user profile should be copied back to the server. Be careful, if the profile fails to copy to the server and you logon to a different workstation your changes will be lost. So keep a lookout for any messages such as "unable to save roaming profile", in which case you should log back in and out again.
Migration
If you're migrating from another system you may want to migrate these for the person: home directory / folder files; email; email Address books and distribution lists; browser bookmarks; browser saved passwords.