Solved

Creating roaming profiles

Posted on 2004-10-27
739 Views
Last Modified: 2008-02-01
I'm trying to get roaming profiles set up on our new SBS2003 server. Since we weren't using roaming profiles on our old NT server, I'd like to copy the profiles currently being used on each of the Windows XP Pro workstations to SBS2003. I've read through and tried applying the steps in Microsoft's Knowledge Base article 324749 (http://support.microsoft.com/default.aspx?scid=kb;en-us;q324749), but continue to get the following error messages when I try copying the profile using the 'Copy to' button:

When not logged on to server
Profile Error
Failed to set Security on the Destination Profile. Error - Logon failure: unknown user name or bad password

When logged on to server
Profile Error
Failed to set Security on the Destination Profile. Error - The network path was not found

I have created all the necessary users and folders on the server, so I'm puzzled by the errors. I'm able to put the path to the server in the 'Copy profile to' section and change the 'Permitted to Use' section to the profile's user name, but get the error after choosing 'OK'. One thing this article neglects to tell is what computer you should be doing all of the steps from. I assumed and have been doing it from the workstation, but maybe this is not correct. I have tried creating the roaming profile while being logged in to the server and being logged off. The error persists regardless of logon status. I'm sure I'm just missing something easy, but any help would be appreciated. Thanks.
0
Question by:middleburyman
    12 Comments
     
    LVL 5

    Expert Comment

    by:map000
    check share permission on the profile folder
    also the ntfs permissions
    the permissions should give every user full access to his profile folder
    0
     
    LVL 18

    Expert Comment

    by:luv2smile
    From the workstation, you should be logged into the domain and as an administrator on the workstation.
    0
     

    Author Comment

    by:middleburyman
    map000, I assume the permissions and profile folder you are talking about are on the server, not the workstation. Please confirm.

    On the 'Share Permissions' tab of the profile folder's properties on the server, the group 'Everyone' has 'Allow' boxes checked for 'Full control', 'Change' and 'Read'. Not sure what the NTFS permissions are. Are these the ones shown on the 'Security' tab of the profile folder's properties on the server? If so, there are 4 groups listed in there: Administrators ([DOMAIN]\Administrators), CREATOR OWNER, SYSTEM and Users ([DOMAIN]\Users). All except the CREATOR OWNER group have all 'Allow' checkboxes checked, including 'Full Control'. The CREATOR OWNER group will not allow me to check 'Full Control'. When I do and click 'Apply', the checkboxes revert back to being unchecked. Let me know if I'm missing something.
    0
     
    LVL 5

    Expert Comment

    by:map000
    yes, it's about the permission on the server
    you should disable the "replace permission ...." an the acl of the profiles folder - not sure if this is your situation
    but anyway, check the advanced tab from security
    0
     

    Author Comment

    by:middleburyman
    The 'Replace permission entries . . .' box is not checked in the Advanced Security Settings. However, the 'Allow inheritable permissions . . .' box is checked, if that matters. The only groups that doesn't say 'Full Control' in the Advanced Security Settings are the two at the bottom, Users [DOMAIN}\Users. One says 'Read & Execute', the other says 'Special'. When I try checking the 'Full Control' box for either of these groups, it reverts back to 'Read & Execute' or 'Special'.
    0
     
    LVL 18

    Assisted Solution

    by:luv2smile
    "The only groups that doesn't say 'Full Control' in the Advanced Security Settings are the two at the bottom, Users [DOMAIN}\Users."

    The domain users group needs to have full control. The reason you can't change this is it is inheriting the settings from a higher up folder.

    Uncheck inheritable permissions and choose to copy the current permissions. Then you should be able to grant domain users full control.
    0
     

    Author Comment

    by:middleburyman
    I unchecked 'Allow inheritable permissions . . .' and all the groups have 'Full Control' shown for the profiles folder.

    The Domain Users group was initially not part of these groups. So I added it, since you mentioned it above, and made sure it had 'Full Control'. I'm still getting the same messages when I try to copy the profile. I'm logged in to the workstation as [DOMAIN]\Administrator and trying to copy [DOMAIN]\username. I have '\\[server_name]\Users Profiles\[username] for the 'Copy to profile' path and [DOMAIN]\[username] as the 'Permitted to use' user. Am I doing something wrong? It isn't more complicated than this, is it?
    0
     
    LVL 5

    Accepted Solution

    by:
    why don't you simply copy the local user profile to the server and set the correct permissions?
    and also change the path (if you did not) in the users settings (user properties,account, profile)?

    #I have created all the necessary users and folders on the server, so I'm puzzled by the errors. I'm able to put the path to the server in the 'Copy profile to' section
    #and change the 'Permitted to Use' section to the profile's user name, but get the error after choosing 'OK'. One thing this article neglects to tell is what computer #you should be doing all of the steps from. I assumed and have been doing it from the workstation, but maybe this is not correct. I have tried creating the roaming #profile while being logged in to the server and being logged off. The error persists regardless of logon status. I'm sure I'm just missing something easy, but any #help would be appreciated. Thanks.

    Does it means that you already have created the users folders in the profile folder?
    0
     

    Author Comment

    by:middleburyman
    After messing with this for what seems like an eternity, I finally found out what the problem was. When I created the shared folder on the server to store all the roaming profiles in, I shared it as a hidden folder (Users Profiles$). Apparently you cannot make the shared folder hidden when using it as the roaming profiles folder. This is what caused the errors to occur. As soon as I changed the folder to a non-hidden share (Users Profiles without the '$'), I was able to copy the profile from my workstation to the server without incident. Hopefully this will help someone else out that may run into the same issue.
    0
     
    LVL 5

    Expert Comment

    by:map000
    yes, you can
    I'm using profiles folders shared as \\server\profiles$\%username% (on win 2000 - actually I didn't tested on win 2003)
    0
     

    Author Comment

    by:middleburyman
    map000,
    Really? I'm using Windows Small Business Server 2003 and didn't have any luck. Maybe I'll try changing the share name back to being hidden after I add all the users profiles to see if that works. Thanks for your help.

    I have one question that's somewhat related to this: in your Windows Server 2000 setup, do you redirect your users' My Documents folders to a different shared folder in addition to having roaming profiles? In the testing I've done, I've found that if I only have roaming profiles setup and a user creates and saves a document from their workstation, it doesn't appear in the My Documents folder of their roaming profile until after they log off the workstation. However, if I have both roaming profiles and redirection setup, the file appears on the server in the user's shared My Document folder immediately (but, again, not in their roaming profiles My Documents folder until they log off). I'm worried that if the users don't log off of their computers before they leave each night, some of their recently created documents won't get backed up. Is there a way to make newly created documents appear in the roaming profiles My Documents folder without the user having to log off? Let me know. Thanks.
    0
     
    LVL 5

    Expert Comment

    by:map000
    I had big problems with folder redirection and I'm not using any more; I used it in the past, but when I replaced a server, I coundn't succed to move the redirection to the new server (I can't remember very well what I've done because it was 2 years ago as I remember)
    About what you said, that's it, it works like that (when using roaming profiles, the updates are copied on the server when the user logg off).
    I'm using home directory for users work (\\server\users\%username%); so all the updates are done on the server.
    When using folder redirection the files are modified directly on the server.
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    When bringing a new server on line, you may see an error that says: The Security System detected an authenticaton error for the server ldap/xxxxxxxt. The failure code from the authentication protocal Kerberos was "There are currently no logon se…
    This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
    Want to pick and choose which updates you receive? Feel free to check out this quick video on how to manage your email notifications.
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    884 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now