Roaming Profiles and Redirected Folders Inconsistent

Discussion in 'Microsoft Windows 2000 Active Directory' started by F3, Mar 26, 2008.

  1. F3

    F3 Guest

    I'm Running Windows 2000 Small Business Server as a PDC/DC/AD, DNS, and
    Terminal Server with a Windows 2003 Server running DHCP, DNS, and File
    Server. Clients are Windows XP Pro.

    On the W2K SBS, I set the default policy to include folder redirection
    of the users' "My Documents", etc. folders. In AD, I set the users
    profiles to be redirected (different path, same server, W2K3) as well.

    The redirection is not working consistently. I've had cases where a
    user logs in from one computer and their folders are redirected. The
    same user goes to another computer and logs in - the folders are NOT
    redirected. It is "hit and miss" as to whether the folders/profiles are
    redirected or not.

    What should I check to diagnose and fix these problems? What needs to
    be changed?
     
    F3, Mar 26, 2008
    #1
    1. Advertisements

  2. F3 <> wrote:
    > I'm Running Windows 2000 Small Business Server as a PDC/DC/AD, DNS,
    > and Terminal Server with a Windows 2003 Server running DHCP, DNS, and
    > File Server. Clients are Windows XP Pro.
    >
    > On the W2K SBS, I set the default policy to include folder redirection
    > of the users' "My Documents", etc. folders. In AD, I set the users
    > profiles to be redirected (different path, same server, W2K3) as well.
    >
    > The redirection is not working consistently. I've had cases where a
    > user logs in from one computer and their folders are redirected. The
    > same user goes to another computer and logs in - the folders are NOT
    > redirected. It is "hit and miss" as to whether the folders/profiles
    > are redirected or not.
    >
    > What should I check to diagnose and fix these problems? What needs to
    > be changed?



    When you say "default policy" what do you mean? I always suggest creating
    your own group policy objects & linking them at the appropriate OUs. Don't
    mess with the default policies.

    Here's my boilerplate on roaming profiles....review it & see if anything in
    your setup stands out, and check your event logs & rsop.msc output on the
    clients.Note that this was written with W2003/WinXP in mind, but most of it
    should be the same.

    Also note that SBS does many things its own way - in the future, you should
    always post SBS questions in the appropriate SBS group, even if you
    crosspost to the regular groups.

    ********************
    General tips:

    1. Set up a share on the server. For example - d:\profiles, shared as
    profiles$ to make it hidden from browsing. Make sure this share is *not* set
    to allow offline files/caching! (that's on by default - disable it)

    2. Make sure the share permissions on profiles$ indicate everyone=full
    control. Set the NTFS security to administrators, system, and users=full
    control.

    3. In the users' ADUC properties, specify \\server\profiles$\%username% in
    the profiles field

    4. Have each user log into the domain once - if this is an existing user
    with a profile you wish to keep, have them log in at their usual
    workstationand log out. The profile is now roaming.

    5. If you want the administrators group to automatically have permissions to
    the profiles folders, you'll need to make the appropriate change in group
    policy. Look in computer configuration/administrative templates/system/user
    profiles - there's an option to add administrators group to the roaming
    profiles permissions. Do this *before* the users' roaming profile folders
    are created - it isn't retroactive.

    ********************
    Notes:

    Make sure users understand that they should not log into multiple computers
    at the same time when they have roaming profiles (unless you make the
    profiles mandatory by renaming ntuser.dat to ntuser.man so they can't change
    them, which has major disadvantages),. Explain that the 'last one out wins'
    when it comes to uploading the final, changed copy of the profile. If you
    want to restrict multiple simultaneous network logins, look at LimitLogon
    (too much overhead for me), or this:
    http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768

    ********************
    Keep your profiles TINY. Via group policy, you should be redirecting My
    Documents (at the very least) - to a subfolder of the user's home directory
    or user folder. Also consider redirecting Desktop & Application Data
    similarly..... so the user will end up with:

    \\server\users\%username%\My Documents,
    \\server\users\%username%\Desktop,
    \\server\users\%username%\Application Data.

    [Alternatively, just manually re-target My Documents to
    \\server\users\%username% (this is not optimal, however!)]

    You should use folder redirection even without roaming profiles, but it's
    especially critical if you *are* using them.

    If you aren't going to also redirect the desktop using policies, tell users
    that they are not to store any files on the desktop or you will beat them
    with a
    stick. Big profile=slow login/logout, and possible profile corruption.

    ********************
    Note that user profiles are not compatible between different OS versions,
    even between W2k/XP. Keep all your computers. Keep your workstations as
    identical as possible - meaning, OS version is the same, SP level is the
    same, app load is (as much as possible) the same.

    *********************
    If you also have Terminal Services users, make sure you set up a different
    TS profile path for them in their ADUC properties - e.g.,
    \\server\tsprofiles$\%username%

    ********************
    Do not let people store any data locally - all data belongs on the server.

    ********************
    The User Profile Hive Cleanup Utility should be running on all your
    computers. You can download it here:
    http://www.microsoft.com/downloads/...6D-8912-4E18-B570-42470E2F3582&displaylang=en

    ********************
    Roaming profile & folder redirection article -
    http://www.windowsnetworking.com/ar...e-Folder-Redirection-Windows-Server-2003.html
     
    Lanwench [MVP - Exchange], Mar 26, 2008
    #2
    1. Advertisements

  3. F3

    F3 Guest

    What's an "OU"?

    Yes, unfortunately, I did mess with the default policies instead of
    creating my own group policy objects.

    Thanks.

    Lanwench [MVP - Exchange] wrote:
    > F3 <> wrote:
    >> I'm Running Windows 2000 Small Business Server as a PDC/DC/AD, DNS,
    >> and Terminal Server with a Windows 2003 Server running DHCP, DNS, and
    >> File Server. Clients are Windows XP Pro.
    >>
    >> On the W2K SBS, I set the default policy to include folder redirection
    >> of the users' "My Documents", etc. folders. In AD, I set the users
    >> profiles to be redirected (different path, same server, W2K3) as well.
    >>
    >> The redirection is not working consistently. I've had cases where a
    >> user logs in from one computer and their folders are redirected. The
    >> same user goes to another computer and logs in - the folders are NOT
    >> redirected. It is "hit and miss" as to whether the folders/profiles
    >> are redirected or not.
    >>
    >> What should I check to diagnose and fix these problems? What needs to
    >> be changed?

    >
    >
    > When you say "default policy" what do you mean? I always suggest creating
    > your own group policy objects & linking them at the appropriate OUs. Don't
    > mess with the default policies.
    >
    > Here's my boilerplate on roaming profiles....review it & see if anything in
    > your setup stands out, and check your event logs & rsop.msc output on the
    > clients.Note that this was written with W2003/WinXP in mind, but most of it
    > should be the same.
    >
    > Also note that SBS does many things its own way - in the future, you should
    > always post SBS questions in the appropriate SBS group, even if you
    > crosspost to the regular groups.
    >
    > ********************
    > General tips:
    >
    > 1. Set up a share on the server. For example - d:\profiles, shared as
    > profiles$ to make it hidden from browsing. Make sure this share is *not* set
    > to allow offline files/caching! (that's on by default - disable it)
    >
    > 2. Make sure the share permissions on profiles$ indicate everyone=full
    > control. Set the NTFS security to administrators, system, and users=full
    > control.
    >
    > 3. In the users' ADUC properties, specify \\server\profiles$\%username% in
    > the profiles field
    >
    > 4. Have each user log into the domain once - if this is an existing user
    > with a profile you wish to keep, have them log in at their usual
    > workstationand log out. The profile is now roaming.
    >
    > 5. If you want the administrators group to automatically have permissions to
    > the profiles folders, you'll need to make the appropriate change in group
    > policy. Look in computer configuration/administrative templates/system/user
    > profiles - there's an option to add administrators group to the roaming
    > profiles permissions. Do this *before* the users' roaming profile folders
    > are created - it isn't retroactive.
    >
    > ********************
    > Notes:
    >
    > Make sure users understand that they should not log into multiple computers
    > at the same time when they have roaming profiles (unless you make the
    > profiles mandatory by renaming ntuser.dat to ntuser.man so they can't change
    > them, which has major disadvantages),. Explain that the 'last one out wins'
    > when it comes to uploading the final, changed copy of the profile. If you
    > want to restrict multiple simultaneous network logins, look at LimitLogon
    > (too much overhead for me), or this:
    > http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768
    >
    > ********************
    > Keep your profiles TINY. Via group policy, you should be redirecting My
    > Documents (at the very least) - to a subfolder of the user's home directory
    > or user folder. Also consider redirecting Desktop & Application Data
    > similarly..... so the user will end up with:
    >
    > \\server\users\%username%\My Documents,
    > \\server\users\%username%\Desktop,
    > \\server\users\%username%\Application Data.
    >
    > [Alternatively, just manually re-target My Documents to
    > \\server\users\%username% (this is not optimal, however!)]
    >
    > You should use folder redirection even without roaming profiles, but it's
    > especially critical if you *are* using them.
    >
    > If you aren't going to also redirect the desktop using policies, tell users
    > that they are not to store any files on the desktop or you will beat them
    > with a
    > stick. Big profile=slow login/logout, and possible profile corruption.
    >
    > ********************
    > Note that user profiles are not compatible between different OS versions,
    > even between W2k/XP. Keep all your computers. Keep your workstations as
    > identical as possible - meaning, OS version is the same, SP level is the
    > same, app load is (as much as possible) the same.
    >
    > *********************
    > If you also have Terminal Services users, make sure you set up a different
    > TS profile path for them in their ADUC properties - e.g.,
    > \\server\tsprofiles$\%username%
    >
    > ********************
    > Do not let people store any data locally - all data belongs on the server.
    >
    > ********************
    > The User Profile Hive Cleanup Utility should be running on all your
    > computers. You can download it here:
    > http://www.microsoft.com/downloads/...6D-8912-4E18-B570-42470E2F3582&displaylang=en
    >
    > ********************
    > Roaming profile & folder redirection article -
    > http://www.windowsnetworking.com/ar...e-Folder-Redirection-Windows-Server-2003.html
    >
    >
    >
     
    F3, Mar 26, 2008
    #3
  4. F3 <> wrote:
    > What's an "OU"?


    Organizational Unit. :)
    >
    > Yes, unfortunately, I did mess with the default policies instead of
    > creating my own group policy objects.


    Ah. You might want to back out your changes (or restore from backup) and
    start over, honestly. The SBS2k group is
    microsoft.public.backoffice.smallbiz2000. I see you also posted in the
    SBS2003 group & another server group - but SBS often does things its own
    way....post in the most relevant group for the most expert help (and
    remember to crosspost next time if you need to post to multiple groups).
    >
    > Thanks.
    >
    > Lanwench [MVP - Exchange] wrote:
    >> F3 <> wrote:
    >>> I'm Running Windows 2000 Small Business Server as a PDC/DC/AD, DNS,
    >>> and Terminal Server with a Windows 2003 Server running DHCP, DNS,
    >>> and File Server. Clients are Windows XP Pro.
    >>>
    >>> On the W2K SBS, I set the default policy to include folder
    >>> redirection of the users' "My Documents", etc. folders. In AD, I
    >>> set the users profiles to be redirected (different path, same
    >>> server, W2K3) as well. The redirection is not working consistently.
    >>> I've had cases where a
    >>> user logs in from one computer and their folders are redirected. The
    >>> same user goes to another computer and logs in - the folders
    >>> are NOT redirected. It is "hit and miss" as to whether the
    >>> folders/profiles are redirected or not.
    >>>
    >>> What should I check to diagnose and fix these problems? What needs
    >>> to be changed?

    >>
    >>
    >> When you say "default policy" what do you mean? I always suggest
    >> creating your own group policy objects & linking them at the
    >> appropriate OUs. Don't mess with the default policies.
    >>
    >> Here's my boilerplate on roaming profiles....review it & see if
    >> anything in your setup stands out, and check your event logs &
    >> rsop.msc output on the clients.Note that this was written with
    >> W2003/WinXP in mind, but most of it should be the same.
    >>
    >> Also note that SBS does many things its own way - in the future, you
    >> should always post SBS questions in the appropriate SBS group, even
    >> if you crosspost to the regular groups.
    >>
    >> ********************
    >> General tips:
    >>
    >> 1. Set up a share on the server. For example - d:\profiles, shared as
    >> profiles$ to make it hidden from browsing. Make sure this share is
    >> *not* set to allow offline files/caching! (that's on by default -
    >> disable it) 2. Make sure the share permissions on profiles$ indicate
    >> everyone=full control. Set the NTFS security to administrators,
    >> system, and users=full control.
    >>
    >> 3. In the users' ADUC properties, specify
    >> \\server\profiles$\%username% in the profiles field
    >>
    >> 4. Have each user log into the domain once - if this is an existing
    >> user with a profile you wish to keep, have them log in at their usual
    >> workstationand log out. The profile is now roaming.
    >>
    >> 5. If you want the administrators group to automatically have
    >> permissions to the profiles folders, you'll need to make the
    >> appropriate change in group policy. Look in computer
    >> configuration/administrative templates/system/user profiles -
    >> there's an option to add administrators group to the roaming
    >> profiles permissions. Do this *before* the users' roaming profile
    >> folders are created - it isn't retroactive. ********************
    >> Notes:
    >>
    >> Make sure users understand that they should not log into multiple
    >> computers at the same time when they have roaming profiles (unless
    >> you make the profiles mandatory by renaming ntuser.dat to ntuser.man
    >> so they can't change them, which has major disadvantages),. Explain
    >> that the 'last one out wins' when it comes to uploading the final,
    >> changed copy of the profile. If you want to restrict multiple
    >> simultaneous network logins, look at LimitLogon (too much overhead
    >> for me), or this: http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768
    >>
    >> ********************
    >> Keep your profiles TINY. Via group policy, you should be redirecting
    >> My Documents (at the very least) - to a subfolder of the user's home
    >> directory or user folder. Also consider redirecting Desktop &
    >> Application Data similarly..... so the user will end up with:
    >>
    >> \\server\users\%username%\My Documents,
    >> \\server\users\%username%\Desktop,
    >> \\server\users\%username%\Application Data.
    >>
    >> [Alternatively, just manually re-target My Documents to
    >> \\server\users\%username% (this is not optimal, however!)]
    >>
    >> You should use folder redirection even without roaming profiles, but
    >> it's especially critical if you *are* using them.
    >>
    >> If you aren't going to also redirect the desktop using policies,
    >> tell users that they are not to store any files on the desktop or
    >> you will beat them with a
    >> stick. Big profile=slow login/logout, and possible profile
    >> corruption. ********************
    >> Note that user profiles are not compatible between different OS
    >> versions, even between W2k/XP. Keep all your computers. Keep your
    >> workstations as identical as possible - meaning, OS version is the
    >> same, SP level is the same, app load is (as much as possible) the
    >> same. *********************
    >> If you also have Terminal Services users, make sure you set up a
    >> different TS profile path for them in their ADUC properties - e.g.,
    >> \\server\tsprofiles$\%username%
    >>
    >> ********************
    >> Do not let people store any data locally - all data belongs on the
    >> server. ********************
    >> The User Profile Hive Cleanup Utility should be running on all your
    >> computers. You can download it here:
    >> http://www.microsoft.com/downloads/...6D-8912-4E18-B570-42470E2F3582&displaylang=en
    >>
    >> ********************
    >> Roaming profile & folder redirection article -
    >> http://www.windowsnetworking.com/ar...e-Folder-Redirection-Windows-Server-2003.html
     
    Lanwench [MVP - Exchange], Mar 27, 2008
    #4
  5. F3

    F3 Guest

    LW,

    Thanks for the suggestions and the nod to the correct newsgroup. I'll
    be posting there primarily and possibly cross-posting here as necessary
    WRT this project.

    How do I force an immediate refresh/update system-wide of policy
    changes, etc.?

    F3

    Lanwench [MVP - Exchange] wrote:
    > F3 <> wrote:
    >> What's an "OU"?

    >
    > Organizational Unit. :)
    >> Yes, unfortunately, I did mess with the default policies instead of
    >> creating my own group policy objects.

    >
    > Ah. You might want to back out your changes (or restore from backup) and
    > start over, honestly. The SBS2k group is
    > microsoft.public.backoffice.smallbiz2000. I see you also posted in the
    > SBS2003 group & another server group - but SBS often does things its own
    > way....post in the most relevant group for the most expert help (and
    > remember to crosspost next time if you need to post to multiple groups).
    >> Thanks.
    >>
    >> Lanwench [MVP - Exchange] wrote:
    >>> F3 <> wrote:
    >>>> I'm Running Windows 2000 Small Business Server as a PDC/DC/AD, DNS,
    >>>> and Terminal Server with a Windows 2003 Server running DHCP, DNS,
    >>>> and File Server. Clients are Windows XP Pro.
    >>>>
    >>>> On the W2K SBS, I set the default policy to include folder
    >>>> redirection of the users' "My Documents", etc. folders. In AD, I
    >>>> set the users profiles to be redirected (different path, same
    >>>> server, W2K3) as well. The redirection is not working consistently.
    >>>> I've had cases where a
    >>>> user logs in from one computer and their folders are redirected. The
    >>>> same user goes to another computer and logs in - the folders
    >>>> are NOT redirected. It is "hit and miss" as to whether the
    >>>> folders/profiles are redirected or not.
    >>>>
    >>>> What should I check to diagnose and fix these problems? What needs
    >>>> to be changed?
    >>>
    >>> When you say "default policy" what do you mean? I always suggest
    >>> creating your own group policy objects & linking them at the
    >>> appropriate OUs. Don't mess with the default policies.
    >>>
    >>> Here's my boilerplate on roaming profiles....review it & see if
    >>> anything in your setup stands out, and check your event logs &
    >>> rsop.msc output on the clients.Note that this was written with
    >>> W2003/WinXP in mind, but most of it should be the same.
    >>>
    >>> Also note that SBS does many things its own way - in the future, you
    >>> should always post SBS questions in the appropriate SBS group, even
    >>> if you crosspost to the regular groups.
    >>>
    >>> ********************
    >>> General tips:
    >>>
    >>> 1. Set up a share on the server. For example - d:\profiles, shared as
    >>> profiles$ to make it hidden from browsing. Make sure this share is
    >>> *not* set to allow offline files/caching! (that's on by default -
    >>> disable it) 2. Make sure the share permissions on profiles$ indicate
    >>> everyone=full control. Set the NTFS security to administrators,
    >>> system, and users=full control.
    >>>
    >>> 3. In the users' ADUC properties, specify
    >>> \\server\profiles$\%username% in the profiles field
    >>>
    >>> 4. Have each user log into the domain once - if this is an existing
    >>> user with a profile you wish to keep, have them log in at their usual
    >>> workstationand log out. The profile is now roaming.
    >>>
    >>> 5. If you want the administrators group to automatically have
    >>> permissions to the profiles folders, you'll need to make the
    >>> appropriate change in group policy. Look in computer
    >>> configuration/administrative templates/system/user profiles -
    >>> there's an option to add administrators group to the roaming
    >>> profiles permissions. Do this *before* the users' roaming profile
    >>> folders are created - it isn't retroactive. ********************
    >>> Notes:
    >>>
    >>> Make sure users understand that they should not log into multiple
    >>> computers at the same time when they have roaming profiles (unless
    >>> you make the profiles mandatory by renaming ntuser.dat to ntuser.man
    >>> so they can't change them, which has major disadvantages),. Explain
    >>> that the 'last one out wins' when it comes to uploading the final,
    >>> changed copy of the profile. If you want to restrict multiple
    >>> simultaneous network logins, look at LimitLogon (too much overhead
    >>> for me), or this: http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768
    >>>
    >>> ********************
    >>> Keep your profiles TINY. Via group policy, you should be redirecting
    >>> My Documents (at the very least) - to a subfolder of the user's home
    >>> directory or user folder. Also consider redirecting Desktop &
    >>> Application Data similarly..... so the user will end up with:
    >>>
    >>> \\server\users\%username%\My Documents,
    >>> \\server\users\%username%\Desktop,
    >>> \\server\users\%username%\Application Data.
    >>>
    >>> [Alternatively, just manually re-target My Documents to
    >>> \\server\users\%username% (this is not optimal, however!)]
    >>>
    >>> You should use folder redirection even without roaming profiles, but
    >>> it's especially critical if you *are* using them.
    >>>
    >>> If you aren't going to also redirect the desktop using policies,
    >>> tell users that they are not to store any files on the desktop or
    >>> you will beat them with a
    >>> stick. Big profile=slow login/logout, and possible profile
    >>> corruption. ********************
    >>> Note that user profiles are not compatible between different OS
    >>> versions, even between W2k/XP. Keep all your computers. Keep your
    >>> workstations as identical as possible - meaning, OS version is the
    >>> same, SP level is the same, app load is (as much as possible) the
    >>> same. *********************
    >>> If you also have Terminal Services users, make sure you set up a
    >>> different TS profile path for them in their ADUC properties - e.g.,
    >>> \\server\tsprofiles$\%username%
    >>>
    >>> ********************
    >>> Do not let people store any data locally - all data belongs on the
    >>> server. ********************
    >>> The User Profile Hive Cleanup Utility should be running on all your
    >>> computers. You can download it here:
    >>> http://www.microsoft.com/downloads/...6D-8912-4E18-B570-42470E2F3582&displaylang=en
    >>>
    >>> ********************
    >>> Roaming profile & folder redirection article -
    >>> http://www.windowsnetworking.com/ar...e-Folder-Redirection-Windows-Server-2003.html

    >
    >
    >
     
    F3, Mar 27, 2008
    #5
  6. F3 <> wrote:
    > LW,
    >
    > Thanks for the suggestions and the nod to the correct newsgroup. I'll
    > be posting there primarily and possibly cross-posting here as
    > necessary WRT this project.
    >
    > How do I force an immediate refresh/update system-wide of policy
    > changes, etc.?
    >
    > F3


    gpupdate /force


    >
    > Lanwench [MVP - Exchange] wrote:
    >> F3 <> wrote:
    >>> What's an "OU"?

    >>
    >> Organizational Unit. :)
    >>> Yes, unfortunately, I did mess with the default policies instead of
    >>> creating my own group policy objects.

    >>
    >> Ah. You might want to back out your changes (or restore from backup)
    >> and start over, honestly. The SBS2k group is
    >> microsoft.public.backoffice.smallbiz2000. I see you also posted in
    >> the SBS2003 group & another server group - but SBS often does things
    >> its own way....post in the most relevant group for the most expert
    >> help (and remember to crosspost next time if you need to post to
    >> multiple groups).
    >>> Thanks.
    >>>
    >>> Lanwench [MVP - Exchange] wrote:
    >>>> F3 <> wrote:
    >>>>> I'm Running Windows 2000 Small Business Server as a PDC/DC/AD,
    >>>>> DNS, and Terminal Server with a Windows 2003 Server running DHCP,
    >>>>> DNS, and File Server. Clients are Windows XP Pro.
    >>>>>
    >>>>> On the W2K SBS, I set the default policy to include folder
    >>>>> redirection of the users' "My Documents", etc. folders. In AD, I
    >>>>> set the users profiles to be redirected (different path, same
    >>>>> server, W2K3) as well. The redirection is not working
    >>>>> consistently. I've had cases where a
    >>>>> user logs in from one computer and their folders are redirected.
    >>>>> The same user goes to another computer and logs in - the folders
    >>>>> are NOT redirected. It is "hit and miss" as to whether the
    >>>>> folders/profiles are redirected or not.
    >>>>>
    >>>>> What should I check to diagnose and fix these problems? What
    >>>>> needs to be changed?
    >>>>
    >>>> When you say "default policy" what do you mean? I always suggest
    >>>> creating your own group policy objects & linking them at the
    >>>> appropriate OUs. Don't mess with the default policies.
    >>>>
    >>>> Here's my boilerplate on roaming profiles....review it & see if
    >>>> anything in your setup stands out, and check your event logs &
    >>>> rsop.msc output on the clients.Note that this was written with
    >>>> W2003/WinXP in mind, but most of it should be the same.
    >>>>
    >>>> Also note that SBS does many things its own way - in the future,
    >>>> you should always post SBS questions in the appropriate SBS group,
    >>>> even if you crosspost to the regular groups.
    >>>>
    >>>> ********************
    >>>> General tips:
    >>>>
    >>>> 1. Set up a share on the server. For example - d:\profiles, shared
    >>>> as profiles$ to make it hidden from browsing. Make sure this share
    >>>> is *not* set to allow offline files/caching! (that's on by default
    >>>> - disable it) 2. Make sure the share permissions on profiles$
    >>>> indicate everyone=full control. Set the NTFS security to
    >>>> administrators, system, and users=full control.
    >>>>
    >>>> 3. In the users' ADUC properties, specify
    >>>> \\server\profiles$\%username% in the profiles field
    >>>>
    >>>> 4. Have each user log into the domain once - if this is an existing
    >>>> user with a profile you wish to keep, have them log in at their
    >>>> usual workstationand log out. The profile is now roaming.
    >>>>
    >>>> 5. If you want the administrators group to automatically have
    >>>> permissions to the profiles folders, you'll need to make the
    >>>> appropriate change in group policy. Look in computer
    >>>> configuration/administrative templates/system/user profiles -
    >>>> there's an option to add administrators group to the roaming
    >>>> profiles permissions. Do this *before* the users' roaming profile
    >>>> folders are created - it isn't retroactive. ********************
    >>>> Notes:
    >>>>
    >>>> Make sure users understand that they should not log into multiple
    >>>> computers at the same time when they have roaming profiles (unless
    >>>> you make the profiles mandatory by renaming ntuser.dat to
    >>>> ntuser.man so they can't change them, which has major
    >>>> disadvantages),. Explain that the 'last one out wins' when it
    >>>> comes to uploading the final, changed copy of the profile. If you
    >>>> want to restrict multiple simultaneous network logins, look at
    >>>> LimitLogon (too much overhead for me), or this:
    >>>> http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768 ********************
    >>>> Keep your profiles TINY. Via group policy, you should be
    >>>> redirecting My Documents (at the very least) - to a subfolder of
    >>>> the user's home directory or user folder. Also consider
    >>>> redirecting Desktop & Application Data similarly..... so the user
    >>>> will end up with: \\server\users\%username%\My Documents,
    >>>> \\server\users\%username%\Desktop,
    >>>> \\server\users\%username%\Application Data.
    >>>>
    >>>> [Alternatively, just manually re-target My Documents to
    >>>> \\server\users\%username% (this is not optimal, however!)]
    >>>>
    >>>> You should use folder redirection even without roaming profiles,
    >>>> but it's especially critical if you *are* using them.
    >>>>
    >>>> If you aren't going to also redirect the desktop using policies,
    >>>> tell users that they are not to store any files on the desktop or
    >>>> you will beat them with a
    >>>> stick. Big profile=slow login/logout, and possible profile
    >>>> corruption. ********************
    >>>> Note that user profiles are not compatible between different OS
    >>>> versions, even between W2k/XP. Keep all your computers. Keep your
    >>>> workstations as identical as possible - meaning, OS version is the
    >>>> same, SP level is the same, app load is (as much as possible) the
    >>>> same. *********************
    >>>> If you also have Terminal Services users, make sure you set up a
    >>>> different TS profile path for them in their ADUC properties - e.g.,
    >>>> \\server\tsprofiles$\%username%
    >>>>
    >>>> ********************
    >>>> Do not let people store any data locally - all data belongs on the
    >>>> server. ********************
    >>>> The User Profile Hive Cleanup Utility should be running on all
    >>>> your computers. You can download it here:
    >>>> http://www.microsoft.com/downloads/...6D-8912-4E18-B570-42470E2F3582&displaylang=en
    >>>>
    >>>> ********************
    >>>> Roaming profile & folder redirection article -
    >>>> http://www.windowsnetworking.com/ar...e-Folder-Redirection-Windows-Server-2003.html
     
    Lanwench [MVP - Exchange], Mar 27, 2008
    #6
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bob Williamson

    Roaming profiles and local profiles etc

    Bob Williamson, Jul 2, 2003, in forum: Microsoft Windows 2000 Active Directory
    Replies:
    1
    Views:
    885
    Herb Martin
    Jul 2, 2003
  2. manrubble

    Newbie Questions about AD Group Policy's and Roaming profiles

    manrubble, Jul 21, 2003, in forum: Microsoft Windows 2000 Active Directory
    Replies:
    1
    Views:
    182
    John M
    Jul 21, 2003
  3. Joe Cotter

    ADMT2 and roaming profiles...

    Joe Cotter, Sep 30, 2003, in forum: Microsoft Windows 2000 Active Directory
    Replies:
    4
    Views:
    231
    Tim Springston \(MSFT\)
    Oct 2, 2003
  4. Adrian Moore

    User rights with active directory and roaming profiles

    Adrian Moore, Nov 21, 2003, in forum: Microsoft Windows 2000 Active Directory
    Replies:
    1
    Views:
    370
    Lanwench [MVP - Exchange]
    Nov 23, 2003
  5. luna

    new domain and roaming profiles

    luna, Dec 29, 2003, in forum: Microsoft Windows 2000 Active Directory
    Replies:
    2
    Views:
    806
    Jimmy Harper [MSFT]
    Dec 31, 2003
Loading...

Share This Page