dwoodfie74 used Ask the Experts™
Hi I would like to set a group policy which would block users from saving documents to their local hd (need to save everything to a server to get a backup). Is it possible to do this and if so how? Many of the users are admins on their local machine.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
You need to set the roaming profile to the user profile and point the user to the server.
How to create a roaming user profile in Windows 2000

How to configure a user account to use a roaming user profile in Windows Server 2003, Windows 2000 Server, or Windows NT 4.0

Please follow the document and get back to us if any issues.

Gopal Krishna K
roaming profiles have NOTHING to do with where users save their documents. Roaming profiles are for user settings (favorites, desktop settings etc), NOT for saving documents.

you need to look into folder redirection which will redirect the local 'my documents' to a network file server/share.  Do you have home directories setup?

one of the biggest reasons why roaming profiles are a horrible idea for mydocuments is simply loginin time.  Say a user has 4 GB of documents and you put this in the PROFILE, then at user login time 4 GB must be copied over the network.  Just imagine this going on at 9 am when everyone is trying to log in at once.

Agree 100% with mike!

You should enable folder redirection on the my documents and application data if you are going to use roaming profiles.  Even if they are members of the local admins what is to keep them from saving to their computers?


I have a share setup to a public folder.  From the diversity of the anwsers what is the best way to go. Do I need to setup roaming and then folder redirect? Can I set this up for the whole domain or do I need to do it for each ou. If i set it up for the whole domain can I exclude some users? Point me in the right direction.
thanks for your help.
The best way is to create a roaming profile and set the storage space in the server based on the number of users. Once this exceeds the max level then the user can always transfer some of the important files in the Resource server or as you said to the public folder with there user profile in it.

Note: make sure that even the public folder server is also backed up and also the Romaing profile server too.

let me know if this is good suggestion

Gopal krishna K
well as i mentioned and as kshays agreed, you REALLY need NOT to mix roaming profiles and user folders.  It would be best if you created two shares as below:

1.  \\server\profiles_share\username\
2.  \\server\user_files\username\

now you have two seperate places for roaming profiles and user files....

yes you can setup folder redirection for the whole domain and yes you can exlude some users.

are you SURE you want to enable roaming profiles? some people love it but others hate it.  i personally don't like it.  It seems to work well in theory but not in practice.  Unless you have users using multiple PCs, i wouldn't do it.

>>The best way is to create a roaming profile and set the storage space in the server based on the number of users.
i totally disagree,,,,, all this will do will cause WAY too much network traffic at login time since the users ENTIRE home folder will be copied at EVERY login.  Again, roaming profiles are for user settings, NOT user files.

>>Once this exceeds the max level then the user can always transfer some of the important files in the Resource server or as you said to the public folder with there user profile in it.
why not just put it on the file server in a home directory share (where it belongs) in the first place?  why have USERS manage where their data is?  That is just a nightmare waiting to happen.
Cannot agree more here.  

I currently have all of my users as (roaming), but in my situation I need to though.  

I still think if you are going to go (roaming) then you MUST redirect the (my documents and application data) to a network share.  Heck, the users probably won't even know it's being redirected.  If you want, you can set quotas on the volume where the my documents are stored to manage the space, but wer'e talking about the "profile" folder instead here though.  Of course the desktop is included in the "profile" so if they slap a couple of hundred megs on their desktop then it might be slow logging in as well.

Public folder?  If this is just a public folder then it needs to be on a network drive anyway.  You can map the drive via login scripts, set quotas for the users on the volume also.

Let's take it one step at a time.  

1.  Do you want to setup roaming profiles?
yes- \\servername\profiles\%username%

2.  Need a public folder?
yes - map it via login for them.  Set quotas if needed.

My 2Cents

Either of the suggestions will work, roaming profiles and/or folder redirection, using both would be my preferred method, however what if the user saves to C:\ or All Users\My Documents ??  dwoodfie74 I believe your biggest problem is that your users are Admins on their computers, you could setup Group Policies to Hide Drives or "LockDown" the system to some extent etc.. but a local admin could circumvent this, if they know how.


All of my users are just domain users and that's it.  :)  Well I take that back, there is 1 group that has access to TS, but that's all.




HKCU,Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders,Personal,0x20000,"%PERSONAL%"
HKCU,Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders,Favorites,0x20000,"%FAVORITES%"

PERSONAL = "\\(server or dfs location)\files\Individual shares\%USERNAME% - %COMPUTERNAME%\My Documents"
FAVORITES = "\\(server or dfs location)\files\Individual shares\%USERNAME% - %COMPUTERNAME%\Favorites"

Make a new file such as documents.inf and past the above in.  then right click on the file and select install logoff and log back on then move the documents over.  I also have this script set to copy internet explorer favroties.  I have the permission in this folder set so that domian users can create folders and then only domain admins and current owner have inherted rights to these folders.   This is an automated way of keeping other users out of documents with out manually settings permissions for each new folder.  Some times if the user doesn't have admin rights to their machine i get an error but it still works.  (i have never figured that one out).
i should specify that this changes the location of the users mydocuments in case someone isn't familuar with registry settings. ALso i use username - computer name for the folders because we have some shared user names in our organization yet.  I even do this with our roaming profiles since loading the users documents over a remote connection can take for ever at times.
Top Expert 2006

Just thought I would open my trap and voice agreement with Mike and Kev.....

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial