Efficiently creating a Roaming Profile

Posted on 2012-08-17
Last Modified: 2012-08-22
I'm joining one computer at a time (both Windows XP and Windows 7 computers) to a Server 2008 Active Directory Domain.  GPO is set for roaming profiles and redirection of My Documents.  My current procedure is ...
1.) Create a user account in the Domain
2.) Join the client computer to the domain
3.) Log in as the user on the client computer and let the domain create a profile folder and documents folder for the user.  The folders are created on the server.
4.) Log off the user
5.) On the server and logged in as the administrator, take ownership of the two new folders, give Domain Admins full permissions to the new folders, then re-assign ownership back to the user.
6.) Copy the contents of Desktop and Favorites from the old profile (on the client computer) to the new profile (on the server).  Copy the contents of My Documents from the old profile on the client to the new Documents folder on the server.
7.) Copy miscellenous appdata files from the old profile to the new profile, re-select the user's wallpaper, re-setup the user's outlook account, email signature, email preferences.  Copy outlook.pst to the new profile and setup outlook to use it as the default .pst file.

How can I set up GP to automatically give both the user and Domain Admins (and whoever else I specify) full permissions to the profile and the documents folders that get created when the user logs in for the first time?

How can I setup GP to automatically copy the entire user's profile (complete with wallpaper, outlook settings, etc) from the old local account to the new domain account so I don't have to do it manually?  Can I set it up so that the pointer to the outlook.pst file is relative to the new profile and doesn't point to the outlook.pst file in the old profile?  Are there registry settings that need to be copied for the new user to have all the same settings/configuration as the old user?
Question by:Declan_Basile
    LVL 11

    Accepted Solution

    Try using the USMT tool provided by microsoft for copying the user's profile  from one machine to another.

    as for the permission user should  automatically have access rights once their profile folder are created.

    as for the domain admin you  can set the domain admin on root path of the profile folder and grans him full accress then just make sure the permission is inherited on the sub-folders .
    LVL 1

    Author Comment

    Thanks for the comment netballi.  I downloaded a 297 page document on how to use USMT and can see that it's capable of much more than I what I need to use it for.  It's more complicated than the solution I was hoping for.  Unless I could get help with using it, I think it would be faster for me to manually create the new profiles on each client computer that I join to the domain.  How would I use USMT to copy a profile?  Is there a simplier program?
       Also, is there something I can set in GP so that when it creates a "profile" and "documents" folder for a user the folders are added with permissions inherited from the parent folder?  I still have to take ownership, set inherit permissions, then re-assign ownership to the user.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
    Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now