Hi Sebastian, Am Donnerstag, 19. April 2012, 19:15:18 schrieb Sebastian Elsner: > Hello, > > we are using a samba domain with roaming profiles (limited users). I > want to have packages that execute for each user (for example copying > files to %APPDATA%) as well as packages installing stuff to > %ProgramFiles%. What is the best practice doing this? Our setup is a little different, bus as I don't know of any published best practices about this, maybe you can still use some input - and I'm also very much interested in your results :) > I was thinking something like this: > > + a separate wpkg.xml for each user in this own roaming profile, only > user packages are executed > cscript wpkg.js /quiet /nonotify /synchronize > /settings:'%USERPROFILE%\wpkg.xml' /profile:'user_packages_only_profile' This is very much what I was thinking of before resorting to the quick and not-too-dirty way of using Active Setup instead. > + a wpkg client which runs as System or Admin (whats the real difference > in this case anyway?) with standard usage of settings, profiles, hosts > and packages.xml This - let's call it global - WPKG setup installs the registry keys needed to run a per user Active Setup stub at the next logon. Plus it copies any necessary files, e.g. the stub (script/reg file) itself, anything to be copied to the user's profile. Thus it will work even when there is no network connectivity when the users log in. It has worked for us very well - BUT we only have a very limited number (~10) of packages that actually need it. I don't think this approach scales too well. I still decided to go this way for now, because: - a separate per-user instance of WPKG seemed a little overkill for so few packages - Active Setup causes a well-known - or infamous? ;) - UI to show that shows what's going on The approach you outlined above in fact seems a lot more flexible, scalable, and integrated with the global WPKG instance to me. So if you get to implement it, please lemme know about any gotchas you encounter :) With roaming profiles you might as well get away with injecting stuff into the profile copy on the server as long as $user is not logged in, but maybe that's a little fragile ;) Kind regards, Malte |