Solved

Setting up Roaming Profiles

Posted on 2004-10-26
356 Views
Last Modified: 2012-08-13
Hello everyone,

I am having a problem with roaming profiles. This is a small business that has just purchased a new Standard Edition 2003 server. We have 15 XP Pro clients. Active directory has been set up as well as DNS and a few other server roles. I added the users and computer accounts. I want the users to have a roaming profile. For each user I have the roaming profile path set to \\severname\profile$\%username%. I have also set the home path to H: then \\servername\homedir\%username%. The profile$ share permissions have been set to give admin full control and everyone else read and write. Same for the homedir share.

First I logged into a workstation and created a test account and configured it like I wanted. Then I logged in as admin, went to control panel>system>users and found the profile that I just created. I gave Everyone full control and copied the profile to my server.

On my server, when I open the shared folders snap in the netlogon share shows a path of C:\WINDOWS\SYSVOL\sysvol\mydomain.com\SCRIPTS. So when I copied the profile I used C:\WINDOWS\SYSVOL\sysvol\mydomain.com\SCRIPTS\Default User.

If I open the netlogon share I can see my default user profile and by looking at the shortcuts in the desktop folder I know this is the folder I copied.

Now when I log a user into the domain for the first time I get an error message "Windows cannot locate the server copy of your roaming profile is attempting to locate your local profile. Of course this test user has not logged into the workstation either so no local profile is found and I get the corresponding error message "Local profile cannot be located, a temp will be created for you. All changes will be lost when you log off".

One thing to note is that I can get the profile to loggon to the domain if I set up a local account on the workstation but only if I give it admin rights. Plus that does not setup the default profile I built.

So how do I setup a roaming profile that will enable a user who has never logged into a workstation. I don't want to have to manually add each user to the workstation nor do want to give them admin rights. What have I done wrong??? I thought I did this by the book. Any help would be great.

Mike
0
Question by:mmcmillin
    9 Comments
     
    LVL 95

    Expert Comment

    by:Lee W, MVP
    The first time a user logs on, if the profile does not exist on the network, Windows creates it based on the "Default Profile" in c:\documents and settings.
    0
     
    LVL 11

    Accepted Solution

    by:
    Hello mmcmillin,

    Can you please answer/check a couple of things:

    - In active directory, on the user accounts properties, is the profile path set to correct location ? \\severname\profile$\%username% <-- From a workstation, can you resolve the name servername ? Also, can you actually map a drive as that user from any workstation to \\servername\profiles$\hisusernamehere ?
    - For the profiles share on your server, I know you have said that the share permissions are everyone = FC, however, what about NTFS permissions ? Do users have proper NTFS permissions enabled to get to their right profiles ?
    - I am not sure why are you using the Netlogon share for ? Netlogon share is just meant to keep their "logon scripts" are you keeping something related to their profile there ? Can you please elaborate ?
    - When a user logs on to a domain, and his account in DC has a romaing profile, the profile should get downloaded to his machine, irrespective of the fact what the default profile is , or if he has ever logged on to that machine.
    - On your local machines, on the C:\documents and settings folder, have you actually made changes to the defualt security permissions ?

    Please post back - Thanks
    0
     
    LVL 11

    Expert Comment

    by:KaliKoder
    Following articles also might be useful to you:

    To create the profiles:
    http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q243/4/20.asp&NoWebContent=1

    How to create profiles on W2K. VERY IMPORTANT IN HERE: When you are copying a default profile as a "base" profile, make sure you use the "permission to use" permissions correctly. Please follow and review this article:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;Q302082&sd=tech

    WIndows Cant locate a server copy of your profile error:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;873485

    Thanks and Good Luck :)

    0
     

    Author Comment

    by:mmcmillin
    Hi KaliKoder,

    Thanks for your response. I'll break down the responsed to each of your questions to make it a bit easier to follow.

    In AD is the profile path set correctly? Yep verified this.

    I can map a network drive from a workstation to the users home drive on the server.

    I can ping the server by both IP address and name and get a good response.

    I am using the netlogon share to setup a base default user profile so that everyone can start from the same uniform profile. Every book I read said this was how to do it. Create a profile just the way you like it, then copy it to the netlogon share.

    On my local machines I did change the permissions of default users folder. This improved things in that when I tried to logon, I still get the cannot locate server copy of default profile, but it did then use the correct local profile.

    I'm still playing with getting NTFS permissions on the PROFILES share on my server. Right now when I navigate to my PROFILES folder and right click it and select sharing & security this is what i have.

    Administrators (mydomain\administrators) - full control
    Creator - Owner - read & execute\list\read
    System - full control
    Everyone - full control
    Users (mydomain\users) - full control

    You stated that when a user with a roaming profile logs in to a DC the profile should get downloaded to his machine irrespective of the fact what the default profile is, or if he has ever logged into that machine before.

    Can you elaborate a bit more. Where is this profile coming from? Why isn't it looking for my netologn default profile?

    Thanks a lot. Look forward to your response.
    0
     

    Author Comment

    by:mmcmillin
    Hello Again Kalikoder,

    I think I have fixed the problem. Turned out to be permissions on the profile$ share. I also uncovered another problem that I have yet to solve.

    One of the problems was that my test user could not log on. I created the test account and then in the profiles tab set the path to \\server\profile$\test. However a folder for the test user is not created in the profile$ share. When I set the path to the home drive as \\server\HomeDir\Test a folder for the test user is created just fine in the HomeDir share.

    I cannot figure out why the test folder is not being created in the profile$ share. When I origninally set up my users, they all automatically showed up just fine. These users can login with their roaming profile just fine. My problem now seems to be creating new users.

    Mike
    0
     
    LVL 11

    Expert Comment

    by:KaliKoder
    Hello Mike :)

    Good thing it worked out to you. I had thought it would be something related to the permissions, and thats why it was one of the first things I had asked you to check.

    Now, I know you are using a Netlogon share for making a roaming profile, however, this is something I have never done, I am not even sure if this recommended practice ? I know everyone's method can be different, but here is what I have followed:

    - Create a share on a network called profiles$, give this share everyone FC permission
    - Create a "base" profile as indicated in the article http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q243/4/20.asp&NoWebContent=1
    - In Control Panel, double-click System, and then click the User Profiles tab. Under Profiles Stored On This Computer, click the profile that you want to copy, and then click Copy To.  In the Copy Profile To dialog box, type the network path to the folder. Under Permitted to Use, click Change and type the "EVERYONE" group on here!!
    - Now on a network somewhere, you would have a "base roaming profile" . Save this copy in some place safe.
    - When you setup a new user, copy this base profile folder to the \\server\profiles$\ folder and call that the newusername. \\server\profiles$\newusername
    - Make sure that path is reflected in users Active Directory properties
    - Make sure that the \\server\profiles$\newusername have the desired permissions for the new user

    Thats all you need. I know what I explained above seems a lot of work, however it may not be. We have the same exact procedure, and we run a single batch file that runs and does all the above. There is no room for error, and its time tested. All we have to enter is a username at the batchfile prompt, it uses the CACLs command, the Net Groups command, Mkdir, SCOPY command etc to do all the work. If you are looking to have romaing profiles work good, and have a lot of users come and go, or support a lot many machines, it might be worthwhile to spend all this time once, get the process perfect :-) trust me! it would save you hours later!!

    Thanks :)
    0
     

    Author Comment

    by:mmcmillin
    Hello KaliKoder,

    Thanks again for getting back to me. I appreciate the information.

    It sounds like we are doing the same thing, except I am coping the default user to the netlogon share and you are directing to put it in the profile$ share. As far as what is the recommned practice I cannot say. Only that putting it in the logon share is described in several books such as MS Press - Managing & Maintaining a MS WIndows 2003 Server, Mark Minasi - Mastering Server 2003 and several web references on Microsofts website.

    The second thing I would like to add is that I am very new to this. This is the first server I have ever set up. My skills using batch files are zero. Perhaps how to write batch files or something like it will be the next book i pick up. If you have any good references I'de be happy to here them.

    Thanks for your help.

    Mike
    0
     
    LVL 11

    Expert Comment

    by:KaliKoder
    Sure Mike! I am not at my office right now, once I am there, I would post you a copy perhaps. Its a very long and cumbersome file, but its "hard work done once, that works everytime" :) In the meanwhile, if you have some questions as to how to do certain things using batch files, please dont hessitate to ask.

    Thanks :)
    0
     

    Author Comment

    by:mmcmillin
    Hey that would be great! If you want we can exchange personal email addresses too. Thanks again for all of your help!

    Mike
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone. Privacy Policy Terms of Use

    Featured Post

    Course: From Zero to Hero with Nodejs & MongoDB

    Interested in Node.js, but don't know where to start or how to learn it properly? Confused about how the MEAN stack pieces of MongoDB, Expressjs, Angularjs, and Nodejs fit together? Or how it's even possible to run JavaScript outside of the browser?

    This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
    Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
    This video Micro Tutorial is the first in a two-part series that shows how to create and use custom scanning profiles in Nuance's PaperPort 14.5 (http://www.experts-exchange.com/articles/17490/). But the ability to create custom scanning profiles al…
    Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    875 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now