Re: Can't get roaming profiles to work on 1 PC

---

• From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Thu, 11 Dec 2008 09:47:13 -0500

---

Daniel Mazur <newsgroups@xxxxxxxxxxx> wrote:

I have recently setup roaming profiles for several users and it's
working great. However, not so for 1 user. The failure is that on
the workstation shutdown the changes made by the user are not
uploaded to the server where the "Profile Path" is directed. It does
download data from profile path during the bootup process, but that
is only half the job. I need changes made on the workstation to
propogate to the server so that backups can be made of recent
changes, and so the data is accessed from the profile during terminal
sessions or logon from other workstations as is a benifit of roaming
profiles.
I don't believe there are any setting errors on the Small Business
Server. I have logged into the profile from other workstations,
created test files on the local desktop, restarted the workstation
and verified the test files were propogated to the server profile
location. What have I missed? Again, one workstation does not
upload changes to the server location where the roaming profile is
stored, but does download them from this location at startup. The
service works properly with this same profile from other
workstations, but not from one specific computer.
The problematic workstation is a laptop with a wired network
connection. The service works properly, uploading and downloading in
the profile path on the server from other laptop and desktop
locations.
The Server is Windows SBS 2003. Profile path is entered in the ADUC,
and was tested from the failing workstation to have read and write
access. There is no script, no folder redirect for mydoc's or
anything else. Cache was taken off the share, and like I said it is
working perfectly from all other computers. All service packs are
installed on server and workstations, and I get the same results
regardless of any profile I log onto from the failing workstation. I
have even disabled windows firewall, and removed anti virus programs.
I'm lost, any ideas?
Thanks,

Dan

First, look at the event logs on the workstation. Second, never use roaming
profiles unless you're also using folder redirection, or you should expect
problems galore. Here's my boilerplate on roaming profiles. Review it &
compare it to your setup - something may jump out.

********************
General tips:

1. Set up a share on the server. For example - d:\profiles, shared as
profiles$ to make it hidden from browsing. Make sure this share is *not* set
to allow offline files/caching! (that's on by default - disable it)

2. Make sure the share permissions on profiles$ indicate everyone=full
control. Set the NTFS security to administrators, system, and users=full
control.

3. In the users' ADUC properties, specify \\server\profiles$\%username% in
the profiles field

4. Have each user log into the domain once - if this is an existing user
with a profile you wish to keep, have them log in at their usual
workstationand log out. The profile is now roaming.

5. If you want the administrators group to automatically have permissions to
the profiles folders, you'll need to make the appropriate change in group
policy. Look in computer configuration/administrative templates/system/user
profiles - there's an option to add administrators group to the roaming
profiles permissions. Do this *before* the users' roaming profile folders
are created - it isn't retroactive.

********************
Notes:

Make sure users understand that they should not log into multiple computers
at the same time when they have roaming profiles (unless you make the
profiles mandatory by renaming ntuser.dat to ntuser.man so they can't change
them, which has major disadvantages),. Explain that the 'last one out wins'
when it comes to uploading the final, changed copy of the profile. If you
want to restrict multiple simultaneous network logins, look at LimitLogon
(too much overhead for me), or this:
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768

********************
Keep your profiles TINY. Via group policy, you should be redirecting My
Documents (at the very least) - to a subfolder of the user's home directory
or user folder. Also consider redirecting Desktop & Application Data
similarly..... so the user will end up with:

\\server\users\%username%\My Documents,
\\server\users\%username%\Desktop,
\\server\users\%username%\Application Data.

[Alternatively, just manually re-target My Documents to
\\server\users\%username% (this is not optimal, however!)]

You should use folder redirection even without roaming profiles, but it's
especially critical if you *are* using them.

If you aren't going to also redirect the desktop using policies, tell users
that they are not to store any files on the desktop or you will beat them
with a
stick. Big profile=slow login/logout, and possible profile corruption.

********************
Note that user profiles are not compatible between different OS versions,
even between W2k/XP. Keep all your computers. Keep your workstations as
identical as possible - meaning, OS version is the same, SP level is the
same, app load is (as much as possible) the same.

*********************
If you also have Terminal Services users, make sure you set up a different
TS profile path for them in their ADUC properties - e.g.,
\\server\tsprofiles$\%username%

********************
Do not let people store any data locally - all data belongs on the server.

********************
The User Profile Hive Cleanup Utility should be running on all your
computers. You can download it here:
http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

********************
Roaming profile & folder redirection article -
http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html


.

---

• References:
  • Can't get roaming profiles to work on 1 PC
    • From: Daniel Mazur

• Prev by Date: Re: mixed lokal and roaming profiles on a terminalserver
• Next by Date: Re: Air force one shoes (paypal payment)(www.king-trade.cn )
• Previous by thread: Can't get roaming profiles to work on 1 PC
• Next by thread: mixed lokal and roaming profiles on a terminalserver
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: redirected-redirected folders ... The SBS server denies access to these files so his logout sycronization ... local workstation and checked the files and folders the syncronization ... is having this problem is also set up with a roaming profile. ... (microsoft.public.windows.server.sbs) Re: AD Newbie Questions ... Remember that though DNS and AD are ... You can copy the profile over, either doing a straight copy (get the ... > I've reviewed a few books on Server2K3, but before I> promote my server to a Domain Controller, there are still a few specifics> where I'd appreciate some guidance. ... I would install Studio.NET on the XP Pro workstation. ... (microsoft.public.windows.server.active_directory) Re: Roaming Profiles ... I need user accounts for my workstation peoples. ... workstation user I need an account for "Bob" on the server. ... but Bob never logs into the server itself. ... that the profile on the XP box is copied to the server and this lets ... (microsoft.public.windows.server.setup) Re: Server Logon ... The user doesn't use the server as a workstation, I needed the user to log on ... permissions to get into the profile. ... NO 'user' should be able to logon to your server. ... SBS remote support services. ... (microsoft.public.windows.server.sbs) Re: Exchange 2 Domains ... server in the child domain, if thats ok?, ... don't have Exchange in the picture yet. ... Yes....but you don't want a user in one location dragging a roaming profile ... (microsoft.public.exchange.setup)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)