Configuring Roaming User Profiles: Group Policy about:reader?url=https://msdn.microsoft.com/en-us/library/cc738596...

msdn.microsoft.com

Configuring Roaming User Profiles:

Group Policy
Before you create a roaming user profile, you need to create each
user account. Then, log on to a server as an administrator to create
a network share to store the roaming user profiles, designate the
groups of users to receive the roaming user profiles, and grant all
users Full Control permissions.

Use the following procedures when you create and manage

roaming user profiles.

For information about deploying Roaming User Profiles on newer

versions of Windows, see Deploy Folder Redirection, Offline Files,
and Roaming User Profiles.

Creating Roaming User Profiles

To perform the following procedure, you must be a member of the

Account Operators group, Domain Admins group, or the Enterprise
Admins group in Active Directory, or you must have been delegated
the appropriate authority. For enhanced security, consider using the
Runas command to perform this procedure.

To create a roaming user profile

1. Open Active Directory Users and Computers.

1 de 7 08/04/2016 2:19
Configuring Roaming User Profiles: Group Policy about:reader?url=https://msdn.microsoft.com/en-us/library/cc738596...

2. Click the domain and the OU where the user account resides.

3. Right-click the user account for which to set a roaming profile,

and then click Properties.

4. Click the Profile tab, and then type the profile path information
in Profile path. (Use the full path in each user account. For
example, type \\Server\ShareName\UserName.)

Another way to populate the profile path is to use an Active

Directory® Service Interfaces (ADSI) script. ADSI provides a single
set of interfaces for managing resources on the network. You can
use ADSI in combination with Microsoft® Visual Basic® Scripting
Edition (VBScript) or JScript scripts to manage Active Directory
resources such as users and services.

For information about ADSI and ADSI scripts, see the Microsoft
Platform SDK link on the Web Resources page at
http://www.microsoft.com/windows/reskits/webresources.

Changing User Profile Type from Local to Roaming

Typically, a large organization has many users with local profiles.

For ease of management, you might want to change many of the
local profiles to roaming profiles. Moving user’s data and settings
from the workstation to a server reduces the user’s dependence on
the workstation’s availability, simplifies user data management, and
allows centralized account management.

To create a roaming user profile for a user that has a

local profile

2 de 7 08/04/2016 2:19
Configuring Roaming User Profiles: Group Policy about:reader?url=https://msdn.microsoft.com/en-us/library/cc738596...

1. Open Active Directory Users and Computers.

2. Click the domain and the OU where the user account resides.

3. Right-click the appropriate user account for which to set a

roaming profile, and then click Properties.

4. Click the Profile tab, and type the profile path information in
Profile path (for example, type \\Server\ShareName
\UserName).

Note

To change a user’s local profile to a roaming profile for a user

who uses multiple computers simultaneously, the user must log
off last from the computer that has the profile that the user
wants to use.

Disabling Roaming User Profiles on Certain Computers

You can prevent computers from receiving roaming profiles by

enabling the Only allow local user profiles policy setting, which
blocks roaming profiles from being used on a computer. By default,
when roaming profile users log on to a computer, the user’s
roaming profile is copied to the local computer. If the user has
previously logged on to this computer, the roaming profile is
merged with the local profile. Similarly, when the user logs off from
this computer, the local copy of the profile, including any changes
the user made, is merged with the server copy of the profile.

If you enable the Only allow local user profiles policy setting, the
following occurs on the affected computer: When the user first logs

3 de 7 08/04/2016 2:19
Configuring Roaming User Profiles: Group Policy about:reader?url=https://msdn.microsoft.com/en-us/library/cc738596...

on, the user receives a new local profile instead of the roaming
profile. At logoff, changes are saved to the local profile. All
subsequent logons use the local profile.

If you enable both the Prevent Roaming Profile changes from

propagating to the server setting and the Only allow local user
profiles setting, roaming profiles are disabled for that computer.
These policy settings are in the Computer
Configuration\Administrative Templates\System\User Profiles
node.

Creating Accounts That Possess roaming user profiles

You can save time and reduce the chances for error by scripting
many repetitive tasks, such as creating user accounts. A script to
automate the creation of user profiles for roaming user might look
something like the sample script Listing 7.1, which shows a script
for creating user accounts that have roaming profiles.

Listing 7.1 Creating User Accounts That Have Roaming User

Profiles

Copy 1 Copy set Args = Wscript.ArgumentsouName = Args(0)

2 3 4 5 usrName = Args(1) RUProot = Args(2) RUPpath =
6 7 8 9 RUProot & " \" & usrName 'Get the domain Set dse =
10 11 GetObject(" LDAP://RootDSE" ) Set domain = GetObject(
12 13 " LDAP://" & dse.Get(" defaultNamingContext" )) set ou =
14 15 domain.GetObject(" organizationalUnit" , " OU=" &
16 17 ouName ) wscript.echo " Creating user in " & ou.Name set
18 19 usr = ou.Create(" user" , " cn=" & usrName ) usr.Put "

4 de 7 08/04/2016 2:19
Configuring Roaming User Profiles: Group Policy about:reader?url=https://msdn.microsoft.com/en-us/library/cc738596...

samAccountName" , usrName usr.Put "

20 21 userPrincipalName" , usrName usr.Put " Profilepath" ,
22 23 RUPpath usr.SetInfo wscript.echo " User " & usrName & "
24 was created successfully in " & ou.Name & " with a RUP
Path of: " & RUPpath
Every Windows Server 2003 user has a profile. If the operating
system does not have a profile to apply to the user when the user
logs on, a new local profile is created for the user, based on the
defaults in place. Windows Server 2003 applies a generic user
profile format by default.

Configuring a Default Profile

You can create a default profile to ensure that all users within a
domain receive an identical profile the first time they log on. This
option simplifies administrative control over the users’ desktops and
settings.

To create a default user profile, you must be logged on as

Administrator or a member of the Administrators group. Create a
default profile for all new user accounts in a domain. Include any
domain-specific customizations that you want in the profile. To
create subsequent profiles, you can create a new user account as a
template.

Before creating a new user account to use as a new user’s profile

template, perform the following tasks:

1. Log on to the domain as the new user, and then customize the
desktop if appropriate.

2. Optionally, install and configure any applications to be shared by

5 de 7 08/04/2016 2:19
Configuring Roaming User Profiles: Group Policy about:reader?url=https://msdn.microsoft.com/en-us/library/cc738596...

user accounts made from this template.

3. Log off, and then log on as the administrator.

For more information about creating a new user account, see

"Create a new user account" in Help and Support Center for
Windows Server 2003.

To configure a new user account to use as a new

user’s profile template

1. After you create a new user account template, in Control

Panel, click System.

2. On the Advanced tab, under User Profiles, click Settings.

3. Under Profiles stored on this computer, select the user that

you created in step 1, and then click Copy To.

4. To create the default user profile for the domain, type the path to
NETLOGON\Default User on the domain controller.

5. In the Copy To dialog box, under Permitted to use, click

Change.

6. In the Select User or Group dialog box, enter the object name
to select, and then type: Everyone.

Troubleshooting: Creating a Log File for User Profiles

User profiles log events in the Application event log. To aid in

troubleshooting, administrators can also create detailed log files by
using the following procedure.

6 de 7 08/04/2016 2:19
Configuring Roaming User Profiles: Group Policy about:reader?url=https://msdn.microsoft.com/en-us/library/cc738596...

Caution

Do not edit the registry unless you have no alternative. The

registry editor, regedit.exe, bypasses standard safeguards,
allowing settings that can damage your system, or even require
you to reinstall Windows. If you edit the registry, make sure to
back it up first and see the Windows Server 2003 Resource Kit
Registry Reference on the Windows Server 2003 Deployment
Kit companion CD or at http://www.microsoft.com/reskit.

To create a detailed log file for user profiles

1. In the Run dialog box, type regedit, and then click OK.

2. Locate the following subkey:

HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT
\CurrentVersion\Winlogon.

3. Create a new entry named UserEnvDebugLevel of data type

REG_DWORD, and set its value to 0x30002.

The log file is stored in this location: %windir%\Debug\Usermode

\Userenv.log.

7 de 7 08/04/2016 2:19