mmcmillin
asked on
Setting up Roaming Profiles
Hello everyone,
I am having a problem with roaming profiles. This is a small business that has just purchased a new Standard Edition 2003 server. We have 15 XP Pro clients. Active directory has been set up as well as DNS and a few other server roles. I added the users and computer accounts. I want the users to have a roaming profile. For each user I have the roaming profile path set to \\severname\profile$\%user
First I logged into a workstation and created a test account and configured it like I wanted. Then I logged in as admin, went to control panel>system>users and found the profile that I just created. I gave Everyone full control and copied the profile to my server.
On my server, when I open the shared folders snap in the netlogon share shows a path of C:\WINDOWS\SYSVOL\sysvol\m
If I open the netlogon share I can see my default user profile and by looking at the shortcuts in the desktop folder I know this is the folder I copied.
Now when I log a user into the domain for the first time I get an error message "Windows cannot locate the server copy of your roaming profile is attempting to locate your local profile. Of course this test user has not logged into the workstation either so no local profile is found and I get the corresponding error message "Local profile cannot be located, a temp will be created for you. All changes will be lost when you log off".
One thing to note is that I can get the profile to loggon to the domain if I set up a local account on the workstation but only if I give it admin rights. Plus that does not setup the default profile I built.
So how do I setup a roaming profile that will enable a user who has never logged into a workstation. I don't want to have to manually add each user to the workstation nor do want to give them admin rights. What have I done wrong??? I thought I did this by the book. Any help would be great.
Mike
I am having a problem with roaming profiles. This is a small business that has just purchased a new Standard Edition 2003 server. We have 15 XP Pro clients. Active directory has been set up as well as DNS and a few other server roles. I added the users and computer accounts. I want the users to have a roaming profile. For each user I have the roaming profile path set to \\severname\profile$\%user
First I logged into a workstation and created a test account and configured it like I wanted. Then I logged in as admin, went to control panel>system>users and found the profile that I just created. I gave Everyone full control and copied the profile to my server.
On my server, when I open the shared folders snap in the netlogon share shows a path of C:\WINDOWS\SYSVOL\sysvol\m
If I open the netlogon share I can see my default user profile and by looking at the shortcuts in the desktop folder I know this is the folder I copied.
Now when I log a user into the domain for the first time I get an error message "Windows cannot locate the server copy of your roaming profile is attempting to locate your local profile. Of course this test user has not logged into the workstation either so no local profile is found and I get the corresponding error message "Local profile cannot be located, a temp will be created for you. All changes will be lost when you log off".
One thing to note is that I can get the profile to loggon to the domain if I set up a local account on the workstation but only if I give it admin rights. Plus that does not setup the default profile I built.
So how do I setup a roaming profile that will enable a user who has never logged into a workstation. I don't want to have to manually add each user to the workstation nor do want to give them admin rights. What have I done wrong??? I thought I did this by the book. Any help would be great.
Mike
Lee W, MVP
The first time a user logs on, if the profile does not exist on the network, Windows creates it based on the "Default Profile" in c:\documents and settings.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Following articles also might be useful to you:
To create the profiles:
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q243/4/20.asp&NoWebContent=1
How to create profiles on W2K. VERY IMPORTANT IN HERE: When you are copying a default profile as a "base" profile, make sure you use the "permission to use" permissions correctly. Please follow and review this article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q302082&sd=tech
WIndows Cant locate a server copy of your profile error:
http://support.microsoft.com/default.aspx?scid=kb;en-us;873485
Thanks and Good Luck :)
To create the profiles:
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q243/4/20.asp&NoWebContent=1
How to create profiles on W2K. VERY IMPORTANT IN HERE: When you are copying a default profile as a "base" profile, make sure you use the "permission to use" permissions correctly. Please follow and review this article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q302082&sd=tech
WIndows Cant locate a server copy of your profile error:
http://support.microsoft.com/default.aspx?scid=kb;en-us;873485
Thanks and Good Luck :)
ASKER
Hi KaliKoder,
Thanks for your response. I'll break down the responsed to each of your questions to make it a bit easier to follow.
In AD is the profile path set correctly? Yep verified this.
I can map a network drive from a workstation to the users home drive on the server.
I can ping the server by both IP address and name and get a good response.
I am using the netlogon share to setup a base default user profile so that everyone can start from the same uniform profile. Every book I read said this was how to do it. Create a profile just the way you like it, then copy it to the netlogon share.
On my local machines I did change the permissions of default users folder. This improved things in that when I tried to logon, I still get the cannot locate server copy of default profile, but it did then use the correct local profile.
I'm still playing with getting NTFS permissions on the PROFILES share on my server. Right now when I navigate to my PROFILES folder and right click it and select sharing & security this is what i have.
Administrators (mydomain\administrators) - full control
Creator - Owner - read & execute\list\read
System - full control
Everyone - full control
Users (mydomain\users) - full control
You stated that when a user with a roaming profile logs in to a DC the profile should get downloaded to his machine irrespective of the fact what the default profile is, or if he has ever logged into that machine before.
Can you elaborate a bit more. Where is this profile coming from? Why isn't it looking for my netologn default profile?
Thanks a lot. Look forward to your response.
Thanks for your response. I'll break down the responsed to each of your questions to make it a bit easier to follow.
In AD is the profile path set correctly? Yep verified this.
I can map a network drive from a workstation to the users home drive on the server.
I can ping the server by both IP address and name and get a good response.
I am using the netlogon share to setup a base default user profile so that everyone can start from the same uniform profile. Every book I read said this was how to do it. Create a profile just the way you like it, then copy it to the netlogon share.
On my local machines I did change the permissions of default users folder. This improved things in that when I tried to logon, I still get the cannot locate server copy of default profile, but it did then use the correct local profile.
I'm still playing with getting NTFS permissions on the PROFILES share on my server. Right now when I navigate to my PROFILES folder and right click it and select sharing & security this is what i have.
Administrators (mydomain\administrators) - full control
Creator - Owner - read & execute\list\read
System - full control
Everyone - full control
Users (mydomain\users) - full control
You stated that when a user with a roaming profile logs in to a DC the profile should get downloaded to his machine irrespective of the fact what the default profile is, or if he has ever logged into that machine before.
Can you elaborate a bit more. Where is this profile coming from? Why isn't it looking for my netologn default profile?
Thanks a lot. Look forward to your response.
ASKER
Hello Again Kalikoder,
I think I have fixed the problem. Turned out to be permissions on the profile$ share. I also uncovered another problem that I have yet to solve.
One of the problems was that my test user could not log on. I created the test account and then in the profiles tab set the path to \\server\profile$\test. However a folder for the test user is not created in the profile$ share. When I set the path to the home drive as \\server\HomeDir\Test a folder for the test user is created just fine in the HomeDir share.
I cannot figure out why the test folder is not being created in the profile$ share. When I origninally set up my users, they all automatically showed up just fine. These users can login with their roaming profile just fine. My problem now seems to be creating new users.
Mike
I think I have fixed the problem. Turned out to be permissions on the profile$ share. I also uncovered another problem that I have yet to solve.
One of the problems was that my test user could not log on. I created the test account and then in the profiles tab set the path to \\server\profile$\test. However a folder for the test user is not created in the profile$ share. When I set the path to the home drive as \\server\HomeDir\Test a folder for the test user is created just fine in the HomeDir share.
I cannot figure out why the test folder is not being created in the profile$ share. When I origninally set up my users, they all automatically showed up just fine. These users can login with their roaming profile just fine. My problem now seems to be creating new users.
Mike
Hello Mike :)
Good thing it worked out to you. I had thought it would be something related to the permissions, and thats why it was one of the first things I had asked you to check.
Now, I know you are using a Netlogon share for making a roaming profile, however, this is something I have never done, I am not even sure if this recommended practice ? I know everyone's method can be different, but here is what I have followed:
- Create a share on a network called profiles$, give this share everyone FC permission
- Create a "base" profile as indicated in the article http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q243/4/20.asp&NoWebContent=1
- In Control Panel, double-click System, and then click the User Profiles tab. Under Profiles Stored On This Computer, click the profile that you want to copy, and then click Copy To. In the Copy Profile To dialog box, type the network path to the folder. Under Permitted to Use, click Change and type the "EVERYONE" group on here!!
- Now on a network somewhere, you would have a "base roaming profile" . Save this copy in some place safe.
- When you setup a new user, copy this base profile folder to the \\server\profiles$\ folder and call that the newusername. \\server\profiles$\newuser
- Make sure that path is reflected in users Active Directory properties
- Make sure that the \\server\profiles$\newuser
Thats all you need. I know what I explained above seems a lot of work, however it may not be. We have the same exact procedure, and we run a single batch file that runs and does all the above. There is no room for error, and its time tested. All we have to enter is a username at the batchfile prompt, it uses the CACLs command, the Net Groups command, Mkdir, SCOPY command etc to do all the work. If you are looking to have romaing profiles work good, and have a lot of users come and go, or support a lot many machines, it might be worthwhile to spend all this time once, get the process perfect :-) trust me! it would save you hours later!!
Thanks :)
Good thing it worked out to you. I had thought it would be something related to the permissions, and thats why it was one of the first things I had asked you to check.
Now, I know you are using a Netlogon share for making a roaming profile, however, this is something I have never done, I am not even sure if this recommended practice ? I know everyone's method can be different, but here is what I have followed:
- Create a share on a network called profiles$, give this share everyone FC permission
- Create a "base" profile as indicated in the article http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q243/4/20.asp&NoWebContent=1
- In Control Panel, double-click System, and then click the User Profiles tab. Under Profiles Stored On This Computer, click the profile that you want to copy, and then click Copy To. In the Copy Profile To dialog box, type the network path to the folder. Under Permitted to Use, click Change and type the "EVERYONE" group on here!!
- Now on a network somewhere, you would have a "base roaming profile" . Save this copy in some place safe.
- When you setup a new user, copy this base profile folder to the \\server\profiles$\ folder and call that the newusername. \\server\profiles$\newuser
- Make sure that path is reflected in users Active Directory properties
- Make sure that the \\server\profiles$\newuser
Thats all you need. I know what I explained above seems a lot of work, however it may not be. We have the same exact procedure, and we run a single batch file that runs and does all the above. There is no room for error, and its time tested. All we have to enter is a username at the batchfile prompt, it uses the CACLs command, the Net Groups command, Mkdir, SCOPY command etc to do all the work. If you are looking to have romaing profiles work good, and have a lot of users come and go, or support a lot many machines, it might be worthwhile to spend all this time once, get the process perfect :-) trust me! it would save you hours later!!
Thanks :)
ASKER
Hello KaliKoder,
Thanks again for getting back to me. I appreciate the information.
It sounds like we are doing the same thing, except I am coping the default user to the netlogon share and you are directing to put it in the profile$ share. As far as what is the recommned practice I cannot say. Only that putting it in the logon share is described in several books such as MS Press - Managing & Maintaining a MS WIndows 2003 Server, Mark Minasi - Mastering Server 2003 and several web references on Microsofts website.
The second thing I would like to add is that I am very new to this. This is the first server I have ever set up. My skills using batch files are zero. Perhaps how to write batch files or something like it will be the next book i pick up. If you have any good references I'de be happy to here them.
Thanks for your help.
Mike
Thanks again for getting back to me. I appreciate the information.
It sounds like we are doing the same thing, except I am coping the default user to the netlogon share and you are directing to put it in the profile$ share. As far as what is the recommned practice I cannot say. Only that putting it in the logon share is described in several books such as MS Press - Managing & Maintaining a MS WIndows 2003 Server, Mark Minasi - Mastering Server 2003 and several web references on Microsofts website.
The second thing I would like to add is that I am very new to this. This is the first server I have ever set up. My skills using batch files are zero. Perhaps how to write batch files or something like it will be the next book i pick up. If you have any good references I'de be happy to here them.
Thanks for your help.
Mike
Sure Mike! I am not at my office right now, once I am there, I would post you a copy perhaps. Its a very long and cumbersome file, but its "hard work done once, that works everytime" :) In the meanwhile, if you have some questions as to how to do certain things using batch files, please dont hessitate to ask.
Thanks :)
Thanks :)
ASKER
Hey that would be great! If you want we can exchange personal email addresses too. Thanks again for all of your help!
Mike
Mike