Roaming Profiles in Windows Domains

Getting roaming profiles working on Windows Servers is a very simple process, and I generally include this in a script when creating users for the first time.

Here’s a quick ‘how to’ for those that are interested, based on a Windows 2000 or Server 2003 network.

Step 1 – Decide where you want the profiles to live on your file server

  • Log on to the Windows server as an administrator
  • Open the drive where you want your profiles the be stored for the user accounts. It’s worth noting that by default, Windows user profiles stores Application Data, My Documents, Cookies, a few other folders and the profile itself. Needless to say, if you are using the defaults, make sure that you have enough drive space.
  • Create a folder where you want your profiles to live. I generally store user profiles in D:\Users on a server. Make sure that the folder has user read privileges.
  • Right-click on the folder you have just created and click ‘Sharing…’. Call the share ‘Users’ and give all users full access to the share.

Step 2 – Configure a user profile to roam

  • Open ‘Active Directory Users and Computers’. You can find this in the ‘Administrative Tools’ folder on the start menu
  • Find the user that you want to set up a roaming profile for, and double-click
  • Click on the ‘Profile’ tab
  • In the ‘Profile Path’ field, enter the network path to the Users share, and then add the username to it. (eg. \\myServerName\Users\John)
  • Click ‘OK’ to apply the changes to the user account.

Step 3 – Check that the profile is saved back to the server

  • All we need to do now is check that the profile is going to be saved back to the server correctly. So log on to a client workstation with the user that we have just been tampering with. Once logged on, log off again.
  • On the server, goto the User profile folder (D:\Users\) and have a look. In our case, the user was called ‘John’, so you should see a folder called ‘John’. The profile is stored inside here. Well done!

A few pointers

  • Some of the settings in the profile tab directly conflict with the profile path and some other group-policy settings. Don’t be tempted to use the ‘Home Folder’ option if you are using profile path
  • You can replace the username with %username%. This will automatically put the username of the user in for you. This is especially handy when you want to change the path of multiple users at once.
  • If you have more than one domain controller, and the profiles and stored on there servers, you can use %logonserver% instead of \\myServerName. Just bear in mind that you should be using file replication for this to be useful.
  • You may not automatically have access the the profile folder that has been created. If you logged on for the first time in Windows XP SP2, then the default folder permissions will lock administrators out of the profile folder. You need to change a setting in the policy if you don’t want this to happen.
  • When Windows 2000/XP/Vista logs onto a network, the entire user profile is copied to the local machine. When you log out, the profile is copied back to the server. If the user has masses of data in the profile, then you should be using folder redirection to move folders