• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1257
  • Last Modified:

Copy Roaming Profile to a new Server

I need to copy a users roaming profile to a new location from its current server.  We basically store the user profiles on a file server in the users main location.  I do not want the users pulling their profile across the network form their previous locartion in this case.  After the profile is moved to the new server I'll change the profile path in AD.  We're running a Windows 2000 domain on windows 2000 servers.
0
georgedschneider
Asked:
georgedschneider
  • 20
  • 13
  • 8
7 Solutions
 
Jian An LimCommented:
so, what is  your question?

are you looking for instruction how to do it ?
0
 
georgedschneiderAuthor Commented:
how can I copy the users roaming profile to a new server?
0
 
Jian An LimCommented:
METHOD 1.

in ADUC

goto the user you want to copy, right click and click properties
goto profile tab, that is the original profile located

copy everything on that place to the new location

change the profile tab to point to the new location

METHOD 2.

ask the user to login

then GOTO ADUC/<specificuser>/properties/profile tab
change to the new location you want. and hit apply

ask the user to log off

then all the profile will uploaded to the new location


0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
georgedschneiderAuthor Commented:
is there a way to copy the folder directrly from the old server to the new server since both these methods would require pulling the profile across the wire.  
0
 
Jian An LimCommented:
well, if you copy 1 file from A machine to B machine, it is going to wire..
unless, you want to copy to USB drive?

What make you prompt not to go through wire..
and when u say wire.. issit Through the Internet or LAN?

you should not worry too much if it is through the LAN.... (unless you got a massive network)

0
 
georgedschneiderAuthor Commented:
What I want to do is copy the roaming profile for a user to a new server without having to hav the user log on or off so when they get to new location their profile is on the local file server and ready to go.  I could do the copy off hours.  Last time i tried to pull a profile across the network form this one location it took about 45 minutes.  This is the reason why i want to avoid having the user log in and then change the location and having the user log off.  Eventauly i'll have multiple profiles I need to move form one file server to another.
0
 
Jian An LimCommented:
use method 1, it will not require the user to login and logout ..
and of course, everytime the user login, it will go to this location and grab a copy of that profile, and when it log off, it will update that profile as well.






METHOD 1.

in ADUC

goto the user you want to copy, right click and click properties
goto profile tab, that is the original profile located

copy everything on that place to the new location (do it off hours)

change the profile tab to point to the new location

==============

user login (will retrive from the new server)
user logout (will upload  the profile to the new server)
0
 
georgedschneiderAuthor Commented:
I can't copy the users profile from the profiles directory by either doing a copy and past or xcopy.  I get permission denied.  I wonder if it has to do with the special permissions on the user's profile directory that prevent anyone form accessing i other than the user even though I have domain admin rights.  Any thoughts on this.
0
 
Jian An LimCommented:
yup.
that is because the folder owner is only assign to the specific user and restrict administrators to look into it.

You can take over the ownership

by doign so,
right click on the specific folder, click on security tab, hit advance
then goto owner

the current owner should be something like unable to determine

you click on administrators and remember to tick the box "replace owner on subcontainers and objects"

after this, you would able to access that folder
0
 
Henrik JohanssonSystems engineerCommented:
Yes, if not enabling the following policy setting on the clients (through GPO), user will be granted exclusive rights to the profile folder
Computer Configuration\Administrative Templates\System\User Profiles\Add the Administrators security group to roaming user profiles
0
 
georgedschneiderAuthor Commented:
One thing I did notice regarding roaming profiles is that even if I create a shortcut to the Intenr explorer icon and remove the Internet Explorer icon so as not to allow users easy access to the intenret properties this icon as well as the connection wizard appear on every destop the user logs onto ven though they have a roaming profile that doesn't include this.  Is this normal behavior and is their a resolution for my enviroment.
0
 
georgedschneiderAuthor Commented:
If I take ownership and copy the roaming profiel to a new destination will it eventual inherit the permissions so only the user can access the profiel on the new location.
0
 
Jian An LimCommented:
take ownership only make you able to access to the security.
it will still listed that user have full permission to the folder.

And as you copy over, you need to make sure the user still have full permission in security.
0
 
Jian An LimCommented:


internet explorer is different thing.

in XP, goto control panel/display/desktop/customised desktop

under there is a IE ticked box. it is a system generated shortcut that cannot be backup. just like my computer and etc.


0
 
georgedschneiderAuthor Commented:
What about on Windows 2000 workstations?
0
 
Jian An LimCommented:
read http://support.microsoft.com/kb/162170

In Windows 2000
In Internet Explorer, click Internet Options on the Tools menu.
On the Advanced tab, click to clear the Show Internet Explorer on the Desktop check box under Browsing, and then click OK.


btw, technically, windows 2000 workstation is no longer supported by Microsoft .....

0
 
georgedschneiderAuthor Commented:
Is there a way to do this through group policy perhaps.
0
 
Henrik JohanssonSystems engineerCommented:
This isn't part of the original question, but to answer followup question about removing IE-icon from desktop by using GPO:
User Configuration\Administrative Templates\Desktop\Hide Internet Explorer icon on desktop

Not sure what you want to prevent under IE-settings, but alot of settings can be modified under
User Configuration\Administrative Templates\Windows Components\Internet Explorer
0
 
georgedschneiderAuthor Commented:
Back to the copy profile issue.  I've taken ownership of a the users romaing profuile directory and renamed it to _username.  The user logged on angain and created  anew profile which was what I wanted on the new server.  The problem is th eold profile _username I get an access deneied error when I try to delte it.  I tired to change the name to old and it changed the name.  Still can't delete the directory.  WHy is this?
0
 
Henrik JohanssonSystems engineerCommented:
You nead to propagate necessary NTFS-permissions in the directory structure.
Give yourself full control and tick the "Replace permission entries on all child objects..." by using the advanced security dialog for the folder.
When taking ownership of the folder for the user profile, you also have a checkbox on Owner-tab to propagate ownership to subfolders.
0
 
georgedschneiderAuthor Commented:
I've done thta.  IT appears I'm getting a permission denied on select subfolders.  I tried deleting each sub folder indivdualy but get an access denied on certin file sor folder.
0
 
georgedschneiderAuthor Commented:
it appears I had to reset the secuirty permission on all child objectas of the folder through the advanced tab on the security tab and I was able to delete the folder.
0
 
georgedschneiderAuthor Commented:
a followup question to henjoh09 comment on adding the group policy settign to allow the administor group to the roaming profile.  This is a machine based policy which I assume I need to apply to the machine hosting the profiels.  Am I correct in my assumption?
0
 
Jian An LimCommented:
your assumption is correct (partially) ...
As you can also apply to user as well instead of machine ... if you have loopback policy setup properly...
0
 
georgedschneiderAuthor Commented:
Can you clarify this?
0
 
Jian An LimCommented:
read this url

http://support.microsoft.com/kb/231287

if you got more question about some thing else, we are happy to answer if you start another question :)
0
 
Henrik JohanssonSystems engineerCommented:
The setting for adding administrators to profile permissions is a computer policy and nead to be applied in GPO linked to OU-structure with computer objects.

Loopback processing is used to apply user policies to OU-structure with computer objects to have users get specific policy settings when they logon to a given subset of computers (terminal servers etc).
0
 
georgedschneiderAuthor Commented:
So the GPO that this setting is in need to be applied to the OU that holds the computer accounter of where the profiles are located then?
0
 
Jian An LimCommented:
as i said, it depends on your business requirement ...

but in general, yes. you will put in under where your computer accounts are.
0
 
georgedschneiderAuthor Commented:
I think the question I'm trying to get is I need to apply the GPO that has this setting to grant the admin. group to the users profile to the OU that contains the server that houses the profiles then?
0
 
Jian An LimCommented:
to all client PC OU

do some testing, it should reveal the answer :)

0
 
georgedschneiderAuthor Commented:
If that's the case this policy wouldn't allow access to the users profile direcotry on the share then if its appled to cleint PC's
0
 
Jian An LimCommented:
i might be wrong but hm... why not just put on the root of the domain ... i suppose you want all your user profile directory to be accessed by your administrators?
0
 
georgedschneiderAuthor Commented:
Correct.  I'll try again and see if it works.  The last time i apled it the GPO at the root I was still unable to access the profiels.
0
 
Henrik JohanssonSystems engineerCommented:
The policy for granting administrator access to the profile folders will only affect new roaming profiles.

Copied from explain section of the policy:
"Note: If the setting is enabled after the profile is created, the setting has no effect.

Note: The setting must be configured on the client computer, not the server, for it to have any effect, because the client computer sets the file share permissions for the roaming profile at creation time.
"
0
 
georgedschneiderAuthor Commented:
That worked.  Is it possible ot copy a user's roaming priofile at the server level.  Foe example I have user A and I want User B to have an identical profile?  Would the best thing be to just rename the user profile to user B's naem?
0
 
Henrik JohanssonSystems engineerCommented:
It's worth a try, but you nead to ensure that permissions are set correctly for userB's folder.

See technet-article about necessary permissions for the profile folder.
http://technet.microsoft.com/en-us/library/cc737633.aspx
0
 
georgedschneiderAuthor Commented:
I think the easiest thing to do is create a basic user with the general desktop setting and copy this profile to the netlogon\default user on the DC and this would be used as the deafult user when a new user logs on.

The question I have is since this GPO to give the admistrators only has an impact on new profiles created I was thinking of deleting of the romaing profiles that have already been created.  If I understand roaming profiels correctly the romaing profile settigns are copied down to their local profile and the merged file is copied back up to the roaming profile directory (changes only).  If I'm correct I could delete the roaming profile off the server and when the user logs off the roaming profiel would be created with the local profile as its base correct?
0
 
Henrik JohanssonSystems engineerCommented:
Yes, that's correct.
If creating a centralized 'default user' in %logonserver%\netlogon, that will override the local 'default user' existing on each computer. Keep in mind that 'default user' will only be loaded if the roaming profile doesn't exist on the server and can't be found in the local cached profiles (c:\documents and settings).
0
 
georgedschneiderAuthor Commented:
What I want to do is delete the roaming profiles on the server for the few user I've already created profiles for and recreate them so the administrators group will be granted access via the gpo.  AM I correct in understanding that the raoming profile is copied down to the local machine upon logon?  If this is the case deleteing the roaming profile should cause an issue.  After deleting the romaing profile and the user logs back on and off the local will be copied to the newly created roaming profile directory which will have administrative group access to it?
0
 
Henrik JohanssonSystems engineerCommented:
If having local cached copy of the roaming profile on the client computer, it will be loaded and merged with the server copy of the profile during logon. If the server copy doesn't exist or can't be loaded, only the local cached version will be loaded.
Deleting the server copy of the roaming profile will cause the folder structure to be re-created during logoff and the policy for granting administrators access shall be applied to solve your problem.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 20
  • 13
  • 8
Tackle projects and never again get stuck behind a technical roadblock.
Join Now