Best practice converting local laptop accounts to Mobile Accounts with PHD

Similar Messages

• DNS best practice in local domain network of Windows 2012?

  Hello.
  We have a small local domain network in our office. Which one is the best practice for the DNS: to setup a DNS in our network forwarding to public DNSs or directly using public DNS in all computers including
  server?
  Thanks.
  Selim

  Hi Selim,
  Definately the first option  "setup a DNS in our network forwarding to public DNSs " and all computers including server has local DNS configured
  Even better best practice would be, this local DNS points to a standalone DNS server in DMZone which queries the public DNS.
  Using a centralized DNS utilizes the DNS cache to answer similar queries, resulting in faster response time, less internet usage for repeated queries.
  Also an additional DNS layer helps protect your internal DNS data from attackers out in the internet.
  Using internal DNS on all the computer will also help you host intranet websites and accessibility to them directly. Moreover when you are on a AD domain, you need to have the computers DNS configured properly for AD authentication to happen.
  Regards,
  Satyajit
  Please “Vote As Helpful”
  if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• Best Practice(s) for Laptop in Field, Server at Home? (Lightroom 3.3)

  Hi all!
  I just downloaded the 30-day evaluation of Lightroom, now trying to get up to speed. My first task is to get a handle on where the files (photos, catalogs, etc.) should go, and how to manage archiving and backups.
  I found a three-year-old thread titled "Best Practice for Laptop in Field, Server at Home" and that describes my situation, but since that thread is three years old, I thought I should ask again for Lightroom 3.3.
  I tend to travel with my laptop, and I'd like to be able to import and adjust photos on the road. But when I get back home, I'd like to be able to move selected photos (or potentially all of them, including whatever adjustments I've made) over to the server on my home network.
  I gather I can't keep a catalog on the server, so I gather I'll need two Lightroom catalogs on the laptop: one for pictures that I import to the laptop, and another for pictures on the home server -- is that right so far?
  If so, what's the best procedure for moving some/all photos from the "on the laptop catalog" to the "on the server catalog" -- obviously, such that I maintain adjustments?
  Thanks kindly!  -Scott

  Hi TurnstyleNYC,
  Yes, I think we have the same set-up.
  I only need 1 LR-catalog, and that is on the laptop.
  It points to the images wherever they are stored: initially on the laptop, later on I move some of them (once I am am fairly done with developing) within LR per drag&drop onto the network storage. Then the catalog on the laptop always knows they are there.
  I can still continue to work on the images on the network storage (slightly slower than on laptop's hard drive) if I still wish to.
  While travelling, I can also work on metadata / keywording, although without access to my home network the images themselves are offline for develop work.
  2 separate catalogs would be very inconvenient, as I would always have to remember if I have some images already moved. No collections would be possible of images including some on the laptop, some on the network.
  Remember: a LR catalog is just a database with entries about images and the pointer to their storage location.
  You can open only 1 DB of this sort at a time.
  There is no technical reason for limiting a LR-catalog - I have read of people with several hundert thousand images within one.
  The only really ever growing part on my laptop with this setup is the previews folder "<catalog name> Previews.lrdata". I render standard previews so that I can do most of the work for offline-images while travelling.
  The catalog itsself "<catalog name>.lrcat" grows much slower. It is now 630 MB for 60'000+ images, whereas previews folder is 64 GB.
  So yes, I dedicate quite a junk of my laptop hard disk to that. I could define "standard"-previews somewhat smaller, fitting to the laptop's screen resolution, but then when working at home with a bigger external monitor LR would load all the time for the delta size, which is why I have defined standard-preview-size for my external monitor. It may turn out to be the weakness of my setup long-term.
  That is all what is needed in terms of Lightroom setup.
  What you need additionally to cover potential failure of drives is no matter of LR, but *usual common backup sense* along the question "what can be recreated after failure, if so by what effort?" Therefore I do not backup the previews, but very thoroughly the images themselves as well as the catalog/catalog backups, and for convenience my LR presets.
  Message was edited by: Cornelia-I: sorry, initially I had written "1:1-previews", but "standard previews" is correct.

• Best Practices to update Cascading Picklist mapping for Account record type

  1. Most of the existing picklist values name in parent and related picklist has been modified in external app master list, so the same needs to be updated in CRMOD.
  2. If we need to update picklist value, do we need to DISABLE the existing value and CREATE a new picklist.
  3. Is there any Best Practices to avoid doing Manual Cascading picklist mapping for Account record type? because we have around 500 picklist values to be mapped with parent and related picklist.
  Thanks!

  Mahesh, I would recommend disabling the existing values and create new ones. This means manually remapping the cascading picklists.

• HT2534 Best practice in setting up an iTunes Connect account for my business

  I have a personal iTunes account but I want to create a separate business account so that I can sign up for iTunes Connect to create books? Any suggestions? Should I create a new iTune account or not. I would like to keep them separate but I don't need any of the other iTunes offereings such as music, etc. I just want an account so that I can open the ITunes Connect. Has anyone done that - with or without separating it from their personal. Actually, I have two businesses which deal with publishing so I would probably want Separate iTunes Connect accounts for both of them.  Help?

  Hi Andy,
  Unfortunately, your registration experience seems to be fairly common. It tooks about 8 business days for us to receive our final approval.
  One thing to confirm - about a day or two after submitting the original request, I received an email stating that I needed to review and execute the iTunes U Service agreement. Did you receive that email? It took about another 6 business days after that to complete the process.
  Another thing to check - did you designate someone else as your Site Manager? That is the person that will recieve the final approval notice and the steps to initialize the site.
  Ken

• Best practice - converting to 8 bit?

  I'm am working on a project using Corel Painter X which is limited to 24 bit (8 x 3 RGB) color. Some of my source photographs are Nikon Raw (shot with a D200) which is 12 bit. Aperture will of course export versions as 8 bit tif. My question for those with experience is whether the conversion via Aperture is good or if I can do better (but please don't suggest Photoshop, I don't own it and won't buy it because I don't agree with the licensing restrictions).
  Thank you!

  The conversion is a straightforward thing in any app. The factor that decides quality is whether you have used the tools to distribute the tones optimally before the conversion, in Aperture, Photoshop, or whatever.
  Not sure what your problem with the Photoshop licensing restrictions are. You can install it on an infinite number of machines, and legally activate it on any two of those machines at any time. Frankly, I find the hardware requirements of Aperture to be more restrictive to my workflow than the licensing requirements of Photoshop, since Photoshop will run on any Mac I own, but Aperture, being too picky about video cards, will not.

• Best practice for auditing a SP 2010 BCS scenario with a SQL Server pooled connection.

  I'm using SP 2010 BCS to connect to a SQL Server db. For this, I've used SSS and am passing SQL credentials to take advantage of pooled connections. I'd like to pass the user context (user ID/User name) to the database so that I can do auditing, such as
  created by and last modified by. What is the best approach to make this work while still using a pooled connection?
  I've thought about modifying the external list forms so that I capture and pass down user context info, however, I'd like not to rely on this in case the external content type is consumed by another consumer such as an Office product, etc.

  Hi,
  There is no good way to do it.
  You can set the created by and modified by columns as input parameters for the create and update operations and using ajax to set values for both of columns.
  http://troyscott.ca/2010/07/17/creating-an-update-operation-for-an-external-content-type/
  Regards,
  Seven

• Need best practice to deploy similar content to multiple clients with specific skins/images

  Hello, my name is Bernadette. When I was with a previous employer for several years I created WebHelp using RoboHelp 8. Then, the last two years I worked there I transitioned to MadCap Flare again creating WebHelp. I have been with a new employer two years now, using RoboHelp again. However, this company still has us creating HTML Help only. My manager has just assigned me to create and launch our first WebHelp project. Currently, we have RoboHelp 8, with a P.O. in process to purchase version 9 hopefully very soon. However, I cannot wait and have just started the project using version 8.  Since it's been a few years, I am a tad rusty in my use of RoboHelp/WebHelp. For this first project, I have been asked to customize the skin for EACH client that transitions to the new proprietary application. My question is, since it is likely that the contents of the completed WebHelp project will be identical (with the exception of the customized customer-specific skins, logos and window images) is there a creative, timesaving method for rolling out primarily the same content to each customer WITHOUT the need for me to maintain numerous, individual WebHelp projects?  I so appreciate any input or suggestions. Thank you!

  Hello Peter and Jeff, there IS the potential for eventually reaching a HUGE number of customers, but I would expect that to take at least a good number of months or beyond to get to that stage. As for Peter's question about variables, I have used conditional build tags in the past, which I know is a variable, but I am not certain what else might be included in the category.
  I was not aware that it is possible, within a single project, to create and maintain different versions of the same layout type, namely WebHelp by creating  duplicates for each customer. This could be challenging, but fun! So, as I get further into this I assume you are both "on call" for additional questions? Thank you both so much for your rapid responses.  

• Need Best Practice for creating BE in ZFS boot environment with zones

  Good Afternoon -
  I have a Sparc system with ZFS Root File System and Zones. I need to create a BE for whenever we do patching or upgrades to the O/S. I have run into issues when testing booting off of the newBE where the zones did not show up. I tried to go back to the original BE by running the luactivate on it and received errors. I did a fresh install of the O/S from cdrom on a ZFS filesystem. Next ran the following commands to create the zones, and then create the BE, then activate it and boot off of it. Please tell me if there are any steps left out or if the sequence was incorrect.
  # zfs create –o canmount=noauto rpool/ROOT/S10be/zones
  # zfs mount rpool/ROOT/S10be/zones
  # zfs create –o canmount=noauto rpool/ROOT/s10be/zones/z1
  # zfs create –o canmount=noauto rpool/ROOT/s10be/zones/z2
  # zfs mount rpool/ROOT/s10be/zones/z1
  # zfs mount rpool/ROOT/s10be/zones/z2
  # chmod 700 /zones/z1
  # chmod 700 /zones/z2
  # zonecfg –z z1
  Myzone: No such zone configured
  Use ‘create’ to begin configuring a new zone
  Zonecfg:myzone> create
  Zonecfg:myzone> set zonepath=/zones/z1
  Zonecfg:myzone> verify
  Zonecfg:myzone> commit
  Zonecfg:myzone>exit
  # zonecfg –z z2
  Myzone: No such zone configured
  Use ‘create’ to begin configuring a new zone
  Zonecfg:myzone> create
  Zonecfg:myzone> set zonepath=/zones/z2
  Zonecfg:myzone> verify
  Zonecfg:myzone> commit
  Zonecfg:myzone>exit
  # zoneadm –z z1 install
  # zoneadm –z z2 install
  # zlogin –C –e 9. z1
  # zlogin –C –e 9. z2
  Output from zoneadm list -v:
  # zoneadm list -v
  ID NAME STATUS PATH BRAND IP
  0 global running / native shared
  2 z1 running /zones/z1 native shared
  4 z2 running /zones/z2 native shared
  Now for the BE create:
  # lucreate –n newBE
  # zfs list
  rpool/ROOT/newBE 349K 56.7G 5.48G /.alt.tmp.b-vEe.mnt <--showed this same type mount for all f/s
  # zfs inherit -r mountpoint rpool/ROOT/newBE
  # zfs set mountpoint=/ rpool/ROOT/newBE
  # zfs inherit -r mountpoint rpool/ROOT/newBE/var
  # zfs set mountpoint=/var rpool/ROOT/newBE/var
  # zfs inherit -r mountpoint rpool/ROOT/newBE/zones
  # zfs set mountpoint=/zones rpool/ROOT/newBE/zones
  and did it for the zones too.
  When ran the luactivate newBE - it came up with errors, so again changed the mountpoints. Then rebooted.
  Once it came up ran the luactivate newBE again and it completed successfully. Ran the lustatus and got:
  # lustatus
  Boot Environment Is Active Active Can Copy
  Name Complete Now On Reboot Delete Status
  s10s_u8wos_08a yes yes no no -
  newBE yes no yes no -
  Ran init 0
  ok boot -L
  picked item two which was newBE
  then boot.
  Came up - but df showed no zones, zfs list showed no zones and when cd into /zones nothing there.
  Please help!
  thanks julie

  The issue here is that lucreate add's an entry to the vfstab in newBE for the zfs filesystems of the zones. You need to lumount newBE /mnt then edit /mnt/etc/vfstab and remove the entries for any zfs filesystems. Then if you luumount it you can continue. It's my understanding that this has been reported to Sun, and, the fix is in the next release of Solaris.

• Convert a mobile account into a local account

  Hello everyone!
  I originally had to convert local accounts to mobile accounts, but the mobile accounts are not working for us. Seems to be unstable at times and just not what we're looking for. Now I want to change these mobile accounts back to local accounts. Oooor if there is a way to disable sync services, that would be fine.
  I took the user out of the group that had our mobile account preferences, but the user is still backing up to the server.
  Thanks

  The way we do it is basically the same in either direction with the basic goal of retaining the user's data and settings:
  1) delete the user from the local machine, but leaving the home folder as is (the home folder will be changed to +user (deleted)+ )
  2) recreate the user account either as a new local account (from system prefs), or a new mobile account (by logging in and creating the account, then logout) as required.
  3) as an admin, delete the default home folder that was created when the account was created. I usually do this from the command line : sudo rm -rf /Users/user
  4) again from the command line, change the name of the home folder : sudo mv /Users/+user (deleted)+ /Users/user
  5) finally change the permissions on the home folder: sudo chown -R /Users/+user user+
  Test, it should be good from there.
  Miles

• Best practice for service account?

  Hello guys,
  May I ask what's the best practice to have and maintain a service account?
  For ConfigMgr, you may need to have a service account for e.g client install.
  An employee who run this service just depart, and we realize we don't have service account credential left to our knowlege.
  So let say we have to reset it, and reconfigure back the service account with new credential, what's the best practice to have this credential kept in safe and can be retrieved back for future use?
  Do you keep it in a secured email? Secured envelope? How you maintain it in a big organization.
  Please throw me some ideas. Thank you very much :)
  p/s: this issue may not restrict to ConfigMgr only, you may need service account for SQL, IIS and etc.
  ---Pat

  Hi,
  Dfferent customers use different solution, some use applications like this for instance,
  http://keepass.info/
  and save the database of password on a network share.
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• Changing a local account to a mobile account

  Hello everyone.
  I have a local account on this computer and I want to test some sync settings. How can I make this local account a mobile account? I already have a mobile account that will create a new local account on new computers, but I want the local account on the computer I normally use to become my mobile account.
  Thanks

  I too was wondering how to do this...
  According to the Client Management white paper, (top of p68), "at first login the entire contents of the user's network home directory plus the contents of any local home directory with that user's name are merged"....
  the document lives here
  http://images.apple.com/education/docs/it/Apple-ClientManagementWhitePaper.pdf
  It doesn't go into any more detail....
  Can you try a fake account with some random data to see it it works (i.e. you don't want to nuke your local account if it doesn't work as described in this white paper)
  there are some more pdfs from apple here:
  http://www.apple.com/education/it-professionals/resources/
  hopefully this points you in the right direction....

• Issue with Applications, file paths, mobile accounts in snow Leopard OD

  Hello Everyone,
  The Facts:
  2 x Xserves running Snow Leopard 10.6.2 Server
  (1 is a Open Directory Master, the other a backup/slave)
  About 20 end-users running 10.5.8 Leopard and 10 end-users running 10.6.2 Snow Leopard on MacBook Pro laptops.
  All laptops are Managed Mobile clients with full administrative privileges/rights for the local drive.
  The Issue(s):
  Having an odd issue with many applications like Microsoft Word, Adobe Photoshop etc. not remembering the last used file path and the default network home path showing up instead of the local one.
  This issue ONLY appears with the Snow Leopard clients and the Snow Leopard Server. No matter what, the default path will be the enduser's network home path. This leads to endusers constantly having to sync their home folders to get the copy or losing files altogether.
  The Leopard clients are unaffected, can save to the local hard drive by default and have no issue "remembering" the last accessed file's path (whether local or on the network).
  What gives? What changed? Any thoughts, workarounds, fixes most appreciated.

  Okay, I'll rephrase the issue
  When the Snow Leopard clients are connected to the network and can connect to the OD Master etc, the default path for saving files to the desktop changes to their network accounts e.g. afp://Server/Users/Enduser/Desktop. If they save a file, it will copy here and then the enduser has to synch to get a copy of the file on their local desktop.
  If the client is not connected to the network, no issue. Enduser can save files to the local desktop like normal.
  How do we change this such that the enduser can save to the local harddrive first regardless of being connected?
  All Snow Leopard Clients are mobile accounts which synch hourly the full profile.
  Any further thoughts or similar experiences gang?
  Something we could possibly change in the mcx settings perhaps or am a I missing the point?

• 10.4.11 - Can't create mobile account

  I reimaged one of our powerbook G4 laptops and ran S/W update getting it to version 10.4.11. After rebooting I could not create an Active Directory mobile user account. Tried all the normal things - repair permissions, rebind to AD and reboot, even trashed the edu.mit.kerberos file and all plists in /Library/Preferences/DirectoryService and rebind from scratch. I probably trashed the mcx settings in NetInfo Mgr, but I don't recall for sure. Also the 'ol reset-nvram and reset-all in OpenFirmware. Nothing helped - kept getting the "can't login, users home folder is on an AFP or SMB share". When I logged in as my local admin user, I could connect to the homefolder path using the mobile-user's credentials (with Kerberos).
  My solution was to reimage the laptop again (ver 10.4.10), bind to AD & reboot, create the mobile account and then run S/W update to 10.4.11.
  I'm not really looking for a solution here, just a warning to people that you may not want to create images at 10.4.11 if you use mobile accounts. I plan on using my 10.4.10 images for the time being.
  Ta ta,
  JHL
  P.S. I haven't tried this yet on our iBooks, eMacs or iMacs.

  Similar issue...
  Updated an iBook G4 today to 10.4.11. After reboot it logged in with a Network Account (not mobile account this time - AD set to not create mobile account and to not create local home). I unbound from AD, rebooted and created a NetRestore image. Rebound to AD, set the Authentication order and rebooted. Now the network account wouldn't login - gives the Can't login now, homefolder on an AFP or SMB server error. (homefolders, sharepoints and permissions just fine.)
  Now for the strange part... I got sidetracked for about a half hour, then I went back to the iBook and the Network account was able to login again. After several unbinding/reboot/rebinding/reboot processes, I narrowed it down to it takes about 11 or 12 minutes after binding to AD for the network account to login properly.
  I had another tech install the 10.4.11 update on an eMac and the logins worked ok. But when I had him unbind/reboot/rebind/reboot, he had the same 11 to 12 minutes before a network account can login (same error.)
  Now for another strange part... he tried unbind/rebind again, but left AD 3rd in the Authentication order (after NetInfo and LDAP for OpenDir). The network account could login right away - these are AD useraccts.
  In my experience since 10.3, I've always had to put AD before LDAP/OD in the authentication order for the user-acct to authenticate name/password to Active Directory properly. I plan on trying this with the iBook tomorrow.
  My homefolders for these accounts are on x-server running 10.4.10 (haven't been brave enough to update the servers yet.)
  Has anyone else experienced these 10.4.11 anomolies with network or moble accounts? Either with 10.4.10 or 10.4.11 servers?

• Mobile account working but home folder is named incorrectly ('99')?

  Hi,
  Both server and clients running 10.4.5 with a mixture of local and network accounts. All works fine. Wanting to migrate all users to mobile accounts (which we have achieved successfully in many other places). It works (i.e. log in first time, say 'yes' to creating the account, syncing options are set as in WGM) but the home dir that is created is called '99' (which isn't the user name!) Does anyone know why this is?
  Thanks very much..
  Rob

  I believe that the 99 refers to a network login where
  the network user has no network home folder on the
  network (or server). The 99 is a generic username
  for this situation on the machine that is being
  logged into, but each account needs a home somewhere.
  That sounds strange, but I have it deliberately on
  some lab machines. Let me explain. I have users
  with Mobile Accounts on laptops. To prevent them
  from logging in to a lab machine, I have set up
  Workgroup Manager to not give the lab account user a
  network home (I don't need Gigs worth of video on my
  server). Therefore, when a lab account logs in, it
  has no network home and is forced to create a local
  home on the lab machine. That works great-I don't
  fill my server with unedited video. Workgroup
  Manager covers the apps and privileges on the lab
  machine. To prevent a Mobile Account user from
  logging in to the lab machine and filling that up
  with their home directory, I have a workgroup that
  the lab account belongs to, but not the Mobile
  Account user. In that workgroup, I have limited who
  can login (only lab accounts). And finally, I have
  limited the access to the lab machines by entering
  in the lab machine's ethernet address in the
  computer (don't remember its name right this
  second-it is the 2 squares to the right of the
  workgroups in WGM) list so that a lab account can't
  log in to a laptop and a Mobile Account can't log
  into the lab machine.
  After all of that explanation of what I have done,
  you probably have some part of that set on your
  Workgroup Manager like mine. I would think most
  likely the no home directory setting in the user's
  account.
  Hope that sheds some light for you.
  Wayne
  Wayne, with your lab accounts - do they auto-create with '99' or their proper short name? Additionally, does another folder '99' get created at the root level of the hard drive as mine still do?
  I have tried everything that I can think of but regardless, mobile account creation does not want to work as seamlessly and effortlessly as it does with 10.3.9. All I want is to continue to have managed user accounts on my (10.4.x) server, no network home, mobile accounts created on each (10.4.x) Mac in the lab. That isn't happening. I'm at the point of giving up and fogetting about an OS upgrade for 2 labs.