Solved

moving win2k3 Terminal Server Profiles

Posted on 2004-09-15
7
265 Views
Last Modified: 2010-04-19
Gentlemen, and Ladies,

I have read about moving profiles on the TS into different directories on NT, but I have yet to read anything about how to do this one win2k3.  Anyone out there have to move local profiles to another directory because someone had the great idea of making the c drive WAY TO SMALL, and placing all applications, databases and user profiles on it??

Thanks anything would be greatly appreciated

Have a great day!!!!

CVvood
0
Comment
Question by:cvvood
  • 3
  • 3
7 Comments
 
LVL 23

Expert Comment

by:rhandels
Comment Utility
Hi,

Roaming profiles (or any profile anyhowes) within 2003 are a bit strange. As an admin, you cannot have any permissions on the profile of a user. If you do have rights on the profile folder, the profile cannot be changed anymore. So if these users need to change their profiles, only way is to recreate them (because you would need permissions to change them). So that's why i think it won't be possible to move them....
0
 
LVL 18

Expert Comment

by:exx1976
Comment Utility
Not true.  In order for profiles to work correctly, you need the following:

The user must have at a bare minimum "change" access

The OWNER of the directory must be either the local admin of the box on which the profile resides (or the domain admin account if they reside on a DC), OR the owner must be the user themself.


In order to accomplish these things, simply move the profiles where you want them, make the appropriate changes in AD to point them to the new location, and then use XCACLS and SUBINACL to set the permissions and the ownership, respectively.


HTH,
exx
0
 
LVL 23

Expert Comment

by:rhandels
Comment Utility
>>The user must have at a bare minimum "change" access

The OWNER of the directory must be either the local admin of the box on which the profile resides (or the domain admin account if they reside on a DC), OR the owner must be the user themself.<<

believe me, it is true. You cannot have access to profiles as an admin when you are on 2003... Believe me, i've witnessed it by myself. That's why Microsoft says not to create profile folders but let them be created automatically...
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 18

Expert Comment

by:exx1976
Comment Utility
handels - I'm not going to argue with you about it.  Microsoft says LOTS of things that aren't necessarily the way to do things.  They are the EASY way to do things for lazy administrators.  Trust me.  I've got 1700 users spread over 3 locations with 1300 of them on a Terminal Services farm with roaming profiles.  I have access to ALL of them.  The specifics I listed above are the only things REQUIRED for a roaming profile to function.  According to Microsoft, my Exchange configuration shouldn't be working.  But it does.  I should be able to host 1300 Terminal Services users on 12 servers with only 10/100 NICs in them.  But I do, and it works GREAT.

There are better ways to do everything.  The only reason to even bother to learn the Microsoft Way is to pass the exams, which, coincidentally, I have done, for MCSEs on NT4, 2000, 2003, as well as Exchange 5.5 and Exchange 2000 certifications.


:-P
0
 
LVL 23

Assisted Solution

by:rhandels
rhandels earned 125 total points
Comment Utility
And if you ever run into a problem, Microsoft is just going to say "you should have done it our way". I agree with you that there are better ways of doing stuff and maybe it works for you (the profiles), it didn't work for us. I also normally tend to keep my solutions with the Microsoft way, you never know if something backfires at ya and you need them guys..
0
 
LVL 18

Accepted Solution

by:
exx1976 earned 125 total points
Comment Utility
No, if I run into a problem, Microsoft is going to fix it.  As long as it's not my config, then there's no reason for them to balk at it or try to have me change it.  Trust me, in the 7 years I've been doing this professionally, I haven't had a single problem with getting PSS to give me a hand when necessary.  I've even used them to help design non-standard solutions on occassion.

Either way, what I listed above are the minimum requirements are for roaming profiles to work.  Believe me.

As for the Microsoft way...  Well, only when you begin to think outside the box will you start to develop creative, innovative, useful, money-saving solutions.  If you just "do everything the Microsoft way" you're nothing more than a robot for Redmond, helping them perpetuate their horrible upgrade patterns.
0
 
LVL 5

Author Comment

by:cvvood
Comment Utility
For the correct, and mostly everything that was said above:

get some down time with the TS:
make sure no one is logged on but the admin:
Use Xcopy with /K for all the local profiles (except the user logged into the console, This can be tricky, remember to use short file names ) and copy them to the newly created profile drive or other location *****NETWORK ACCESSABILITY IS KEY HERE****  make sure they are either on the same machine or a network share accessible to the TS.
HARD PART(well, cumbersome,..)
Goto Users and computers on the AD box, and for each copied profile enter the location to the newly created profile in the profile location field under the Terminal services box.

To test, Rename a user's local copy of the profile, this is the folder you copied to the new location:  Just rename it Old so you can be sure that it is not in use.

If all goes well you need now do delete the users copies into the new location from the old directory to re-gain your HD Space


Thanks all!!

CW
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now