Re: How do I get roaming profiles to work??

Rene Brehmer <rene@xxxxxxxxxxxxxx> wrote:
On Tue, 26 Feb 2008 17:40:32 -0500, Lanwench [MVP - Exchange] wrote:

Rene Brehmer <rene@xxxxxxxxxxxxxx> wrote:
{snip}
I edited the user templates to link drive U: to
\\server1\userdata\%username%\, but this is not applied to new
users. I've had to manually edit every single user to make this
work. On a couple new users I've been experimenting getting the
roaming profile to work, but still have some ways to go. I set the
profile path to \profiles\%username%,

No - don't use a path like that (the share doesn't exist, won't, and
doesn't need to). Read below....

but when user switches computer, on login
windows complains that "Roaming profile cannot be found on the
server", and this message repeats twice. After login, U-drive is
present as it should be, and contains roaming links to My Documents
with sub-folders, as well as all network drives set up for that
user. Also available for these users are all the network printers,
and the default printer for that user is remembered as well.

I checked the \profiles folder, and there isn't actually a folder
for these users, so I added that for each of them. Probably
should've done that first, but oh well.

What else do I need to do to get the roaming profiles to work? I
want it to save desktop settings, star menu settings, and whatever
else preferences these users change on their user.

Also if possible, if there's any way to make it possible for these
users to login, and use Outlook, without having to create them as a
user on the domain on every single computer first. Right now, the
only way to get Outlook to work for them, is to set them up as
administrator on every machine. I have not yet figured out how to
get around that, but would really like to be able to just set them
up on the computer, and then let them use whatever computer they
want. We do have a license issue that means not all programs are on
all computers, but we're hoping to get that rectified.

Here's my boilerplate on roaming profiles. Can't help you now with
the user template, but you do not need to map a drive for My
Documents or for profiles to work. You should not mix up your user
data & your profile paths, and you should not map a drive to the
profile share/folder.

General tips:

1. Set up a share on the server. For example - d:\profiles, shared as
profiles$ to make it hidden from browsing. Make sure this share is
*not* set to allow offline files/caching! (that's on by default -
disable it)

2. Make sure the share permissions on profiles$ indicate
everyone=full control. Set the NTFS security to administrators,
system, and users=full control.

3. In the users' ADUC properties, specify
\\server\profiles$\%username% in the profiles field

4. Have each user log into the domain once from their usual
workstation (where their existing profile lives) and log out. The
profile is now roaming.

5. If you want the administrators group to automatically have
permissions to the profiles folders, you'll need to make the
appropriate change in group policy. Look in computer
configuration/administrative templates/system/user profiles -
there's an option to add administrators group to the roaming
profiles permissions.

Notes:

* Make sure users understand that they should not log into multiple
computers at the same time when they have roaming profiles (unless
you make the profiles mandatory by renaming ntuser.dat to ntuser.man
so they can't change them). Explain that the
last one out wins,

when it comes to uploading the final, changed copy of the profile.

* Keep your profiles TINY. Via group policy, redirect My Documents
at the very least - to a subfolder of the user's home directory or
user folder. Also consider redirecting Desktop & Application Data
similarly..... so the user will have:

\\server\home$\%username%\My Documents,
\\server\home$\%username%\Desktop,
\\server\home$\%username%\Application Data.

Alternatively, just manually re-target My Documents to
\\server\home$\%username% (this is not optimal, however!)

If you aren't going to also redirect the desktop using policies,
tell users that
they are not to store any files on the desktop or you will beat them
with a stick. Big profile=slow login/logout, and possible profile
corruption.

* Note that user profiles are not compatible between different OS
versions, even between W2k/XP. Keep all your computers. Keep your
workstations as identical as possible - meaning, OS version is the
same, SP level is the same, app load is (as much as possible) the
same.

* Do not let people store any data locally - all data belongs on the
server.

* The User Profile Hive Cleanup Utility should be running on all your
computers. You can download it here:
http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en


Roaming profile & folder redirection article -
http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html

Ok ... I did all of this... now I only have 1 question left: I had to
create a new GPO (called Roaming Users) to create the roaming
profiles, because the current GPO set is a bit of a mess.

Wise decision - I always recommend setting up your own custom ones anyway.

But how do
I apply the GPO to the appropriate Security Group? I created a new
security group (also named Roaming Users) as well, to avoid all users
becoming roaming, when only some of them need to be. But I can't
figure out how you apply the GPO to the SG.

Ah. Link the GPO to the MyBusiness OU in the GPMC. Don't muck around with
security groups for this.


.

Relevant Pages

  • Re: User V Computers
    ... You ROAM profiles, and REDIRECT doc's, start menu, app ... The redirection is only bad the first time, ... What does roaming DO that redirection doesnt?? ... Redirect the Location of the My Documents Folder Outside of the Users ...
    (microsoft.public.windows.server.sbs)
  • Re: DNS configuration
    ... That's a good reason to use folder redirection. ... Application Data, and Desktop, in a custom GPO, linked at the MyBusiness ... Keep your profiles tinytinytiny! ... Profiles\single domain user folders: the same as yours: ...
    (microsoft.public.windows.server.sbs)
  • Re: Computer Upgrade
    ... Am I able to just set up a roaming profile for myself and when I have sorted ... My documents folder is already redirected to the server - how do I set up ... redirection for other folders, Desktop for example. ... I use roaming profiles all the time and don't have ...
    (microsoft.public.windows.server.sbs)
  • Re: Delete roaming profile on TS server.
    ... The folder that is giving me the most trouble is Local Settings ... User profiles ... "Delete cached copies of roaming profiles" ... Noest MCSE, CCEA, Microsoft MVP - Terminal Server ...
    (microsoft.public.windows.terminal_services)
  • Re: Roaming profiles vs OffLine File Sync
    ... I would like more info on roaming users in SBS2003 can you help? ... Of course, I found if the server was not available, no body could log ... I love roaming profiles, and I love folder redirection. ...
    (microsoft.public.windows.server.sbs)