Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Creating roaming profiles

Posted on 2004-10-27
12
Medium Priority
?
753 Views
Last Modified: 2008-02-01
I'm trying to get roaming profiles set up on our new SBS2003 server. Since we weren't using roaming profiles on our old NT server, I'd like to copy the profiles currently being used on each of the Windows XP Pro workstations to SBS2003. I've read through and tried applying the steps in Microsoft's Knowledge Base article 324749 (http://support.microsoft.com/default.aspx?scid=kb;en-us;q324749), but continue to get the following error messages when I try copying the profile using the 'Copy to' button:

When not logged on to server
Profile Error
Failed to set Security on the Destination Profile. Error - Logon failure: unknown user name or bad password

When logged on to server
Profile Error
Failed to set Security on the Destination Profile. Error - The network path was not found

I have created all the necessary users and folders on the server, so I'm puzzled by the errors. I'm able to put the path to the server in the 'Copy profile to' section and change the 'Permitted to Use' section to the profile's user name, but get the error after choosing 'OK'. One thing this article neglects to tell is what computer you should be doing all of the steps from. I assumed and have been doing it from the workstation, but maybe this is not correct. I have tried creating the roaming profile while being logged in to the server and being logged off. The error persists regardless of logon status. I'm sure I'm just missing something easy, but any help would be appreciated. Thanks.
0
Comment
Question by:middleburyman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 2
12 Comments
 
LVL 5

Expert Comment

by:map000
ID: 12423718
check share permission on the profile folder
also the ntfs permissions
the permissions should give every user full access to his profile folder
0
 
LVL 18

Expert Comment

by:luv2smile
ID: 12423762
From the workstation, you should be logged into the domain and as an administrator on the workstation.
0
 

Author Comment

by:middleburyman
ID: 12424058
map000, I assume the permissions and profile folder you are talking about are on the server, not the workstation. Please confirm.

On the 'Share Permissions' tab of the profile folder's properties on the server, the group 'Everyone' has 'Allow' boxes checked for 'Full control', 'Change' and 'Read'. Not sure what the NTFS permissions are. Are these the ones shown on the 'Security' tab of the profile folder's properties on the server? If so, there are 4 groups listed in there: Administrators ([DOMAIN]\Administrators), CREATOR OWNER, SYSTEM and Users ([DOMAIN]\Users). All except the CREATOR OWNER group have all 'Allow' checkboxes checked, including 'Full Control'. The CREATOR OWNER group will not allow me to check 'Full Control'. When I do and click 'Apply', the checkboxes revert back to being unchecked. Let me know if I'm missing something.
0
Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

 
LVL 5

Expert Comment

by:map000
ID: 12424154
yes, it's about the permission on the server
you should disable the "replace permission ...." an the acl of the profiles folder - not sure if this is your situation
but anyway, check the advanced tab from security
0
 

Author Comment

by:middleburyman
ID: 12424299
The 'Replace permission entries . . .' box is not checked in the Advanced Security Settings. However, the 'Allow inheritable permissions . . .' box is checked, if that matters. The only groups that doesn't say 'Full Control' in the Advanced Security Settings are the two at the bottom, Users [DOMAIN}\Users. One says 'Read & Execute', the other says 'Special'. When I try checking the 'Full Control' box for either of these groups, it reverts back to 'Read & Execute' or 'Special'.
0
 
LVL 18

Assisted Solution

by:luv2smile
luv2smile earned 600 total points
ID: 12424536
"The only groups that doesn't say 'Full Control' in the Advanced Security Settings are the two at the bottom, Users [DOMAIN}\Users."

The domain users group needs to have full control. The reason you can't change this is it is inheriting the settings from a higher up folder.

Uncheck inheritable permissions and choose to copy the current permissions. Then you should be able to grant domain users full control.
0
 

Author Comment

by:middleburyman
ID: 12424865
I unchecked 'Allow inheritable permissions . . .' and all the groups have 'Full Control' shown for the profiles folder.

The Domain Users group was initially not part of these groups. So I added it, since you mentioned it above, and made sure it had 'Full Control'. I'm still getting the same messages when I try to copy the profile. I'm logged in to the workstation as [DOMAIN]\Administrator and trying to copy [DOMAIN]\username. I have '\\[server_name]\Users Profiles\[username] for the 'Copy to profile' path and [DOMAIN]\[username] as the 'Permitted to use' user. Am I doing something wrong? It isn't more complicated than this, is it?
0
 
LVL 5

Accepted Solution

by:
map000 earned 1400 total points
ID: 12430880
why don't you simply copy the local user profile to the server and set the correct permissions?
and also change the path (if you did not) in the users settings (user properties,account, profile)?

#I have created all the necessary users and folders on the server, so I'm puzzled by the errors. I'm able to put the path to the server in the 'Copy profile to' section
#and change the 'Permitted to Use' section to the profile's user name, but get the error after choosing 'OK'. One thing this article neglects to tell is what computer #you should be doing all of the steps from. I assumed and have been doing it from the workstation, but maybe this is not correct. I have tried creating the roaming #profile while being logged in to the server and being logged off. The error persists regardless of logon status. I'm sure I'm just missing something easy, but any #help would be appreciated. Thanks.

Does it means that you already have created the users folders in the profile folder?
0
 

Author Comment

by:middleburyman
ID: 12444988
After messing with this for what seems like an eternity, I finally found out what the problem was. When I created the shared folder on the server to store all the roaming profiles in, I shared it as a hidden folder (Users Profiles$). Apparently you cannot make the shared folder hidden when using it as the roaming profiles folder. This is what caused the errors to occur. As soon as I changed the folder to a non-hidden share (Users Profiles without the '$'), I was able to copy the profile from my workstation to the server without incident. Hopefully this will help someone else out that may run into the same issue.
0
 
LVL 5

Expert Comment

by:map000
ID: 12445302
yes, you can
I'm using profiles folders shared as \\server\profiles$\%username% (on win 2000 - actually I didn't tested on win 2003)
0
 

Author Comment

by:middleburyman
ID: 12446450
map000,
Really? I'm using Windows Small Business Server 2003 and didn't have any luck. Maybe I'll try changing the share name back to being hidden after I add all the users profiles to see if that works. Thanks for your help.

I have one question that's somewhat related to this: in your Windows Server 2000 setup, do you redirect your users' My Documents folders to a different shared folder in addition to having roaming profiles? In the testing I've done, I've found that if I only have roaming profiles setup and a user creates and saves a document from their workstation, it doesn't appear in the My Documents folder of their roaming profile until after they log off the workstation. However, if I have both roaming profiles and redirection setup, the file appears on the server in the user's shared My Document folder immediately (but, again, not in their roaming profiles My Documents folder until they log off). I'm worried that if the users don't log off of their computers before they leave each night, some of their recently created documents won't get backed up. Is there a way to make newly created documents appear in the roaming profiles My Documents folder without the user having to log off? Let me know. Thanks.
0
 
LVL 5

Expert Comment

by:map000
ID: 12461332
I had big problems with folder redirection and I'm not using any more; I used it in the past, but when I replaced a server, I coundn't succed to move the redirection to the new server (I can't remember very well what I've done because it was 2 years ago as I remember)
About what you said, that's it, it works like that (when using roaming profiles, the updates are copied on the server when the user logg off).
I'm using home directory for users work (\\server\users\%username%); so all the updates are done on the server.
When using folder redirection the files are modified directly on the server.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question