Move user local profiles to roaming profiles

Discussion in 'Windows Server' started by Namaste, Apr 3, 2008.

  1. Namaste

    Namaste Guest

    I understand what needs to me done on the domain user account and the shared
    storage when creating roaming profiles. What I am confused about is if I
    have to use the Copy To in the user profile management on the local system to
    copyt the local profile to a roaming profile. I have seen a couple of MS and
    non-MS articles that say to do the copy or just logon the the system with the
    roaming profile you want to make roaming and then log out (understanding the
    first you had to change the user's AD account to use roaming profiles and
    setup the shared storage).

    So do ou use Copy To or does a simple logon and logout move the profile?

    Second question, we would have folder redirect configured also. Do we need
    to copy the folders to the new location first or will logging on and logging
    off move the data?

    Thank you
     
    Namaste, Apr 3, 2008
    #1
    1. Advertisements

  2. (with the domain user account, yes)
    The latter....but see my boilerplate below.
    It should move the data.
    ********************
    General tips:

    1. Set up a share on the server. For example - d:\profiles, shared as
    profiles$ to make it hidden from browsing. Make sure this share is *not* set
    to allow offline files/caching! (that's on by default - disable it)

    2. Make sure the share permissions on profiles$ indicate everyone=full
    control. Set the NTFS security to administrators, system, and users=full
    control.

    3. In the users' ADUC properties, specify \\server\profiles$\%username% in
    the profiles field

    4. Have each user log into the domain once - if this is an existing user
    with a profile you wish to keep, have them log in at their usual
    workstationand log out. The profile is now roaming.

    5. If you want the administrators group to automatically have permissions to
    the profiles folders, you'll need to make the appropriate change in group
    policy. Look in computer configuration/administrative templates/system/user
    profiles - there's an option to add administrators group to the roaming
    profiles permissions. Do this *before* the users' roaming profile folders
    are created - it isn't retroactive.

    ********************
    Notes:

    Make sure users understand that they should not log into multiple computers
    at the same time when they have roaming profiles (unless you make the
    profiles mandatory by renaming ntuser.dat to ntuser.man so they can't change
    them, which has major disadvantages),. Explain that the 'last one out wins'
    when it comes to uploading the final, changed copy of the profile. If you
    want to restrict multiple simultaneous network logins, look at LimitLogon
    (too much overhead for me), or this:
    http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768

    ********************
    Keep your profiles TINY. Via group policy, you should be redirecting My
    Documents (at the very least) - to a subfolder of the user's home directory
    or user folder. Also consider redirecting Desktop & Application Data
    similarly..... so the user will end up with:

    \\server\users\%username%\My Documents,
    \\server\users\%username%\Desktop,
    \\server\users\%username%\Application Data.

    [Alternatively, just manually re-target My Documents to
    \\server\users\%username% (this is not optimal, however!)]

    You should use folder redirection even without roaming profiles, but it's
    especially critical if you *are* using them.

    If you aren't going to also redirect the desktop using policies, tell users
    that they are not to store any files on the desktop or you will beat them
    with a
    stick. Big profile=slow login/logout, and possible profile corruption.

    ********************
    Note that user profiles are not compatible between different OS versions,
    even between W2k/XP. Keep all your computers. Keep your workstations as
    identical as possible - meaning, OS version is the same, SP level is the
    same, app load is (as much as possible) the same.

    *********************
    If you also have Terminal Services users, make sure you set up a different
    TS profile path for them in their ADUC properties - e.g.,
    \\server\tsprofiles$\%username%

    ********************
    Do not let people store any data locally - all data belongs on the server.

    ********************
    The User Profile Hive Cleanup Utility should be running on all your
    computers. You can download it here:
    http://www.microsoft.com/downloads/...6D-8912-4E18-B570-42470E2F3582&displaylang=en

    ********************
    Roaming profile & folder redirection article -
    http://www.windowsnetworking.com/ar...e-Folder-Redirection-Windows-Server-2003.html
     
    Lanwench [MVP - Exchange], Apr 3, 2008
    #2
    1. Advertisements

  3. Namaste

    Namaste Guest

    Thank you.



     
    Namaste, Apr 3, 2008
    #3
  4. I have roaming profiles and use Citrix in W2K environment. My question is I
    have a 3rd party application that uses queries that users set up. These
    queries are saved per user and they default to the LocalDrive\Documents &
    Settings\"%username%. Therefore these queries are not saved when the user
    logs off and they have to set them up again next time. If the folder that
    these queries are saved in was included in the roaming profile this would
    solve the issue I am hoping. Do you know how I could get these queries to be
    saved in the roaming profile instead on the local machine. The vendor says
    it is not something they can do.

     
    NetAdminIllinois, Apr 4, 2008
    #4
  5. Then you need to specify different TerminalServices profile paths.... you
    can assign this via group policy.
    In what subfolder in the profile is it actually set? And do you have your
    server configured to delete cached profiles at logout?

     
    Lanwench [MVP - Exchange], Apr 5, 2008
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.