Guest Namaste Posted April 3, 2008 Posted April 3, 2008 I understand what needs to me done on the domain user account and the shared storage when creating roaming profiles. What I am confused about is if I have to use the Copy To in the user profile management on the local system to copyt the local profile to a roaming profile. I have seen a couple of MS and non-MS articles that say to do the copy or just logon the the system with the roaming profile you want to make roaming and then log out (understanding the first you had to change the user's AD account to use roaming profiles and setup the shared storage). So do ou use Copy To or does a simple logon and logout move the profile? Second question, we would have folder redirect configured also. Do we need to copy the folders to the new location first or will logging on and logging off move the data? Thank you
Guest Lanwench [MVP - Exchange] Posted April 3, 2008 Posted April 3, 2008 Re: Move user local profiles to roaming profiles Namaste <Namaste@discussions.microsoft.com> wrote: > I understand what needs to me done on the domain user account and the > shared storage when creating roaming profiles. What I am confused > about is if I have to use the Copy To in the user profile management > on the local system to copyt the local profile to a roaming profile. Nppe. > I have seen a couple of MS and non-MS articles that say to do the > copy Nope. > or just logon the the system with the roaming profile (with the domain user account, yes) > you want > to make roaming and then log out (understanding the first you had to > change the user's AD account to use roaming profiles and setup the > shared storage). Yep. > > So do ou use Copy To or does a simple logon and logout move the > profile? The latter....but see my boilerplate below. > > Second question, we would have folder redirect configured also. Do > we need to copy the folders to the new location first or will logging > on and logging off move the data? It should move the data. > > Thank you ******************** General tips: 1. Set up a share on the server. For example - d:\profiles, shared as profiles$ to make it hidden from browsing. Make sure this share is *not* set to allow offline files/caching! (that's on by default - disable it) 2. Make sure the share permissions on profiles$ indicate everyone=full control. Set the NTFS security to administrators, system, and users=full control. 3. In the users' ADUC properties, specify \\server\profiles$\%username% in the profiles field 4. Have each user log into the domain once - if this is an existing user with a profile you wish to keep, have them log in at their usual workstationand log out. The profile is now roaming. 5. If you want the administrators group to automatically have permissions to the profiles folders, you'll need to make the appropriate change in group policy. Look in computer configuration/administrative templates/system/user profiles - there's an option to add administrators group to the roaming profiles permissions. Do this *before* the users' roaming profile folders are created - it isn't retroactive. ******************** Notes: Make sure users understand that they should not log into multiple computers at the same time when they have roaming profiles (unless you make the profiles mandatory by renaming ntuser.dat to ntuser.man so they can't change them, which has major disadvantages),. Explain that the 'last one out wins' when it comes to uploading the final, changed copy of the profile. If you want to restrict multiple simultaneous network logins, look at LimitLogon (too much overhead for me), or this: http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768 ******************** Keep your profiles TINY. Via group policy, you should be redirecting My Documents (at the very least) - to a subfolder of the user's home directory or user folder. Also consider redirecting Desktop & Application Data similarly..... so the user will end up with: \\server\users\%username%\My Documents, \\server\users\%username%\Desktop, \\server\users\%username%\Application Data. [Alternatively, just manually re-target My Documents to \\server\users\%username% (this is not optimal, however!)] You should use folder redirection even without roaming profiles, but it's especially critical if you *are* using them. If you aren't going to also redirect the desktop using policies, tell users that they are not to store any files on the desktop or you will beat them with a stick. Big profile=slow login/logout, and possible profile corruption. ******************** Note that user profiles are not compatible between different OS versions, even between W2k/XP. Keep all your computers. Keep your workstations as identical as possible - meaning, OS version is the same, SP level is the same, app load is (as much as possible) the same. ********************* If you also have Terminal Services users, make sure you set up a different TS profile path for them in their ADUC properties - e.g., \\server\tsprofiles$\%username% ******************** Do not let people store any data locally - all data belongs on the server. ******************** The User Profile Hive Cleanup Utility should be running on all your computers. You can download it here: http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en ******************** Roaming profile & folder redirection article - http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html
Guest Namaste Posted April 3, 2008 Posted April 3, 2008 Re: Move user local profiles to roaming profiles Thank you. "Lanwench [MVP - Exchange]" wrote: > Namaste <Namaste@discussions.microsoft.com> wrote: > > I understand what needs to me done on the domain user account and the > > shared storage when creating roaming profiles. What I am confused > > about is if I have to use the Copy To in the user profile management > > on the local system to copyt the local profile to a roaming profile. > > Nppe. > > > I have seen a couple of MS and non-MS articles that say to do the > > copy > > Nope. > > > or just logon the the system with the roaming profile > > (with the domain user account, yes) > > > you want > > to make roaming and then log out (understanding the first you had to > > change the user's AD account to use roaming profiles and setup the > > shared storage). > > Yep. > > > > So do ou use Copy To or does a simple logon and logout move the > > profile? > > The latter....but see my boilerplate below. > > > > > Second question, we would have folder redirect configured also. Do > > we need to copy the folders to the new location first or will logging > > on and logging off move the data? > > It should move the data. > > > > Thank you > > ******************** > General tips: > > 1. Set up a share on the server. For example - d:\profiles, shared as > profiles$ to make it hidden from browsing. Make sure this share is *not* set > to allow offline files/caching! (that's on by default - disable it) > > 2. Make sure the share permissions on profiles$ indicate everyone=full > control. Set the NTFS security to administrators, system, and users=full > control. > > 3. In the users' ADUC properties, specify \\server\profiles$\%username% in > the profiles field > > 4. Have each user log into the domain once - if this is an existing user > with a profile you wish to keep, have them log in at their usual > workstationand log out. The profile is now roaming. > > 5. If you want the administrators group to automatically have permissions to > the profiles folders, you'll need to make the appropriate change in group > policy. Look in computer configuration/administrative templates/system/user > profiles - there's an option to add administrators group to the roaming > profiles permissions. Do this *before* the users' roaming profile folders > are created - it isn't retroactive. > > ******************** > Notes: > > Make sure users understand that they should not log into multiple computers > at the same time when they have roaming profiles (unless you make the > profiles mandatory by renaming ntuser.dat to ntuser.man so they can't change > them, which has major disadvantages),. Explain that the 'last one out wins' > when it comes to uploading the final, changed copy of the profile. If you > want to restrict multiple simultaneous network logins, look at LimitLogon > (too much overhead for me), or this: > http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768 > > ******************** > Keep your profiles TINY. Via group policy, you should be redirecting My > Documents (at the very least) - to a subfolder of the user's home directory > or user folder. Also consider redirecting Desktop & Application Data > similarly..... so the user will end up with: > > \\server\users\%username%\My Documents, > \\server\users\%username%\Desktop, > \\server\users\%username%\Application Data. > > [Alternatively, just manually re-target My Documents to > \\server\users\%username% (this is not optimal, however!)] > > You should use folder redirection even without roaming profiles, but it's > especially critical if you *are* using them. > > If you aren't going to also redirect the desktop using policies, tell users > that they are not to store any files on the desktop or you will beat them > with a > stick. Big profile=slow login/logout, and possible profile corruption. > > ******************** > Note that user profiles are not compatible between different OS versions, > even between W2k/XP. Keep all your computers. Keep your workstations as > identical as possible - meaning, OS version is the same, SP level is the > same, app load is (as much as possible) the same. > > ********************* > If you also have Terminal Services users, make sure you set up a different > TS profile path for them in their ADUC properties - e.g., > \\server\tsprofiles$\%username% > > ******************** > Do not let people store any data locally - all data belongs on the server. > > ******************** > The User Profile Hive Cleanup Utility should be running on all your > computers. You can download it here: > http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en > > ******************** > Roaming profile & folder redirection article - > http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html > > >
Guest NetAdminIllinois Posted April 4, 2008 Posted April 4, 2008 Re: Move user local profiles to roaming profiles I have roaming profiles and use Citrix in W2K environment. My question is I have a 3rd party application that uses queries that users set up. These queries are saved per user and they default to the LocalDrive\Documents & Settings\"%username%. Therefore these queries are not saved when the user logs off and they have to set them up again next time. If the folder that these queries are saved in was included in the roaming profile this would solve the issue I am hoping. Do you know how I could get these queries to be saved in the roaming profile instead on the local machine. The vendor says it is not something they can do. "Lanwench [MVP - Exchange]" wrote: > Namaste <Namaste@discussions.microsoft.com> wrote: > > I understand what needs to me done on the domain user account and the > > shared storage when creating roaming profiles. What I am confused > > about is if I have to use the Copy To in the user profile management > > on the local system to copyt the local profile to a roaming profile. > > Nppe. > > > I have seen a couple of MS and non-MS articles that say to do the > > copy > > Nope. > > > or just logon the the system with the roaming profile > > (with the domain user account, yes) > > > you want > > to make roaming and then log out (understanding the first you had to > > change the user's AD account to use roaming profiles and setup the > > shared storage). > > Yep. > > > > So do ou use Copy To or does a simple logon and logout move the > > profile? > > The latter....but see my boilerplate below. > > > > > Second question, we would have folder redirect configured also. Do > > we need to copy the folders to the new location first or will logging > > on and logging off move the data? > > It should move the data. > > > > Thank you > > ******************** > General tips: > > 1. Set up a share on the server. For example - d:\profiles, shared as > profiles$ to make it hidden from browsing. Make sure this share is *not* set > to allow offline files/caching! (that's on by default - disable it) > > 2. Make sure the share permissions on profiles$ indicate everyone=full > control. Set the NTFS security to administrators, system, and users=full > control. > > 3. In the users' ADUC properties, specify \\server\profiles$\%username% in > the profiles field > > 4. Have each user log into the domain once - if this is an existing user > with a profile you wish to keep, have them log in at their usual > workstationand log out. The profile is now roaming. > > 5. If you want the administrators group to automatically have permissions to > the profiles folders, you'll need to make the appropriate change in group > policy. Look in computer configuration/administrative templates/system/user > profiles - there's an option to add administrators group to the roaming > profiles permissions. Do this *before* the users' roaming profile folders > are created - it isn't retroactive. > > ******************** > Notes: > > Make sure users understand that they should not log into multiple computers > at the same time when they have roaming profiles (unless you make the > profiles mandatory by renaming ntuser.dat to ntuser.man so they can't change > them, which has major disadvantages),. Explain that the 'last one out wins' > when it comes to uploading the final, changed copy of the profile. If you > want to restrict multiple simultaneous network logins, look at LimitLogon > (too much overhead for me), or this: > http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768 > > ******************** > Keep your profiles TINY. Via group policy, you should be redirecting My > Documents (at the very least) - to a subfolder of the user's home directory > or user folder. Also consider redirecting Desktop & Application Data > similarly..... so the user will end up with: > > \\server\users\%username%\My Documents, > \\server\users\%username%\Desktop, > \\server\users\%username%\Application Data. > > [Alternatively, just manually re-target My Documents to > \\server\users\%username% (this is not optimal, however!)] > > You should use folder redirection even without roaming profiles, but it's > especially critical if you *are* using them. > > If you aren't going to also redirect the desktop using policies, tell users > that they are not to store any files on the desktop or you will beat them > with a > stick. Big profile=slow login/logout, and possible profile corruption. > > ******************** > Note that user profiles are not compatible between different OS versions, > even between W2k/XP. Keep all your computers. Keep your workstations as > identical as possible - meaning, OS version is the same, SP level is the > same, app load is (as much as possible) the same. > > ********************* > If you also have Terminal Services users, make sure you set up a different > TS profile path for them in their ADUC properties - e.g., > \\server\tsprofiles$\%username% > > ******************** > Do not let people store any data locally - all data belongs on the server. > > ******************** > The User Profile Hive Cleanup Utility should be running on all your > computers. You can download it here: > http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en > > ******************** > Roaming profile & folder redirection article - > http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html > > >
Guest Lanwench [MVP - Exchange] Posted April 5, 2008 Posted April 5, 2008 Re: Move user local profiles to roaming profiles NetAdminIllinois <NetAdminIllinois@discussions.microsoft.com> wrote: > I have roaming profiles and use Citrix in W2K environment. Then you need to specify different TerminalServices profile paths.... you can assign this via group policy. > My > question is I have a 3rd party application that uses queries that > users set up. These queries are saved per user and they default to > the LocalDrive\Documents & Settings\"%username%. Therefore these > queries are not saved when the user logs off and they have to set > them up again next time. If the folder that these queries are saved > in was included in the roaming profile this would solve the issue I > am hoping. Do you know how I could get these queries to be saved in > the roaming profile instead on the local machine. The vendor says it > is not something they can do. In what subfolder in the profile is it actually set? And do you have your server configured to delete cached profiles at logout? > "Lanwench [MVP - Exchange]" wrote: > >> Namaste <Namaste@discussions.microsoft.com> wrote: >>> I understand what needs to me done on the domain user account and >>> the shared storage when creating roaming profiles. What I am >>> confused about is if I have to use the Copy To in the user profile >>> management on the local system to copyt the local profile to a >>> roaming profile. >> >> Nppe. >> >>> I have seen a couple of MS and non-MS articles that say to do the >>> copy >> >> Nope. >> >>> or just logon the the system with the roaming profile >> >> (with the domain user account, yes) >> >>> you want >>> to make roaming and then log out (understanding the first you had to >>> change the user's AD account to use roaming profiles and setup the >>> shared storage). >> >> Yep. >>> >>> So do ou use Copy To or does a simple logon and logout move the >>> profile? >> >> The latter....but see my boilerplate below. >> >>> >>> Second question, we would have folder redirect configured also. Do >>> we need to copy the folders to the new location first or will >>> logging on and logging off move the data? >> >> It should move the data. >>> >>> Thank you >> >> ******************** >> General tips: >> >> 1. Set up a share on the server. For example - d:\profiles, shared as >> profiles$ to make it hidden from browsing. Make sure this share is >> *not* set to allow offline files/caching! (that's on by default - >> disable it) >> >> 2. Make sure the share permissions on profiles$ indicate >> everyone=full control. Set the NTFS security to administrators, >> system, and users=full control. >> >> 3. In the users' ADUC properties, specify >> \\server\profiles$\%username% in the profiles field >> >> 4. Have each user log into the domain once - if this is an existing >> user with a profile you wish to keep, have them log in at their usual >> workstationand log out. The profile is now roaming. >> >> 5. If you want the administrators group to automatically have >> permissions to the profiles folders, you'll need to make the >> appropriate change in group policy. Look in computer >> configuration/administrative templates/system/user profiles - >> there's an option to add administrators group to the roaming >> profiles permissions. Do this *before* the users' roaming profile >> folders are created - it isn't retroactive. >> >> ******************** >> Notes: >> >> Make sure users understand that they should not log into multiple >> computers at the same time when they have roaming profiles (unless >> you make the profiles mandatory by renaming ntuser.dat to ntuser.man >> so they can't change them, which has major disadvantages),. Explain >> that the 'last one out wins' when it comes to uploading the final, >> changed copy of the profile. If you want to restrict multiple >> simultaneous network logins, look at LimitLogon (too much overhead >> for me), or this: http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768 >> >> ******************** >> Keep your profiles TINY. Via group policy, you should be redirecting >> My Documents (at the very least) - to a subfolder of the user's home >> directory or user folder. Also consider redirecting Desktop & >> Application Data similarly..... so the user will end up with: >> >> \\server\users\%username%\My Documents, >> \\server\users\%username%\Desktop, >> \\server\users\%username%\Application Data. >> >> [Alternatively, just manually re-target My Documents to >> \\server\users\%username% (this is not optimal, however!)] >> >> You should use folder redirection even without roaming profiles, but >> it's especially critical if you *are* using them. >> >> If you aren't going to also redirect the desktop using policies, >> tell users that they are not to store any files on the desktop or >> you will beat them with a >> stick. Big profile=slow login/logout, and possible profile >> corruption. >> >> ******************** >> Note that user profiles are not compatible between different OS >> versions, even between W2k/XP. Keep all your computers. Keep your >> workstations as identical as possible - meaning, OS version is the >> same, SP level is the same, app load is (as much as possible) the >> same. >> >> ********************* >> If you also have Terminal Services users, make sure you set up a >> different TS profile path for them in their ADUC properties - e.g., >> \\server\tsprofiles$\%username% >> >> ******************** >> Do not let people store any data locally - all data belongs on the >> server. >> >> ******************** >> The User Profile Hive Cleanup Utility should be running on all your >> computers. You can download it here: >> http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en >> >> ******************** >> Roaming profile & folder redirection article - >> http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html
Recommended Posts