Roaming Profiles

Posted on 2009-12-30
Last Modified: 2012-05-08
Hey Guys,

Every time a user logs into a xp pro system with server 2003 profile.

The profile is copied from the server to the documents and settings folder.

Is there a way so that only the user to which that profile belongs to can access that folder when loggin into the computer locally or even on the domain, even is that user is the local administrator?

Please guide.
Question by:Shivtek
    LVL 57

    Expert Comment

    by:Mike Kline
    Not that I know of, if they are an administrator then they will be able to take ownership if they really want access to the data.  That is why you have to limit administrators.

    Expert Comment

    If they are set as a local administrator they will be able to access all local folders. You have to remove the local admin privs.
    LVL 7

    Expert Comment

    Normally you don't want to deny administrators access to profile folders. If the user gets an issue with the profile it will be a lot harder for you to troubleshoot.

    Keep it simple - set a standard and don't make any exceptions.
    Also, the administrators should be aware that peeking in other users "private" folders is a no-no. Many countries even have national laws that forbidd you from doing so.

    Trust your employees and coworkers.
    LVL 4

    Accepted Solution

    Roaming Profiles on a user account.
    Creating the default user profile prepares the environment to support Windows Vista profiles. Next, you need to configure a user account to have a roaming user profile and its roaming user profile path.
     Prepare a user account
    1.      As a domain administrator, open the Active Directory Users and Computer management console from a Windows Server 2003 or Windows XP computer.
    2.      Right-click the user account for which you want to configure a roaming user profile.
    3.      Click the Profile tab. Type the network path you created in step 2 in the profile path text box. Add the text \%username%. For example, the profile path for user1 in the domain is \\finance\RUP\%username%.
    Windows will replace the environment variable %username% with the logon name of the user. For example, if the logon name is user1 then Active Directory Users and Computers will replace %username% with the name user1. The full network path would be \\finance\RUP\user1.
    4.      Click OK, and then close the Active Directory User and Computer management console.
     Prepare the roaming user profile location
    1.      Create a new folder on a central fileserver. You will use this folder only for roaming user profiles. For example, you could use the folder name Profiles.
    2.      Share the folder using a name suitable for your organization.
    3.      Change the share permission to allow the Authenticated Users group the Full Control permission. For example, the finance department in has a dedicated server on which to store user profiles. The name of the folder is "Profiles" and the share name is RUP.
    Windows creates the roaming user profile folder for the user and makes the user the owner of the folder.
    Windows uses the ".v2" extension to distinguish between version 1 and version 2 profiles. Windows Server 2003, Windows XP, and Windows 2000 author version 1 profiles. You store these profiles in a folder with a name that matches the logon name of the user account. Windows Vista authors version 2 profiles. You store version 2 profiles in a folder with the first part of the folder name matching the logon name of the user followed by ".v2".
     Log on as the user
    1.      Log on to a Windows Vista workstation with the domain user account you configured in the Prepare a user account procedure.
    2.      Log off the computer.
    Windows populates the roaming user profile when the user logs off for the first time. It will resolve the changes in the profile with each subsequent logoff. The folder you previously created has the contents of that user's roaming user profile.
    Do not add ".v2" to the profile path of the user object in Active Directory Users and Computers. Doing so may prevent Windows Vista from locating the roaming or mandatory profile. You should only apply the ".v2" suffix to the name of the user folder on the central file server
    It is acceptable to use the existing server and file share where you store your current roaming user profiles. However, each user will have two roaming profile folders, one for Windows Vista and one for Windows XP. The added folder also means additional storage requirements for the server. Ensure the drive hosting the share has adequate free space, and adjust any disk quota policies appropriately.

    Chandar Singh

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now