====== Windows Home Directories ======
See also **[[networking:windows:active_directory:roaming_profiles|Windows Roaming Profiles]]**
See also **[[networking:windows:active_directory:folder_redirection|Folder Redirection]]**
http://support.microsoft.com/kb/555046
===== Windows 2008 R2 =====
===== The Plan =====
- Create a top-level share to hold all user home directories
- Home directories are created automatically
===== Top Level Homes Folder =====
==== Folder Structure ====
This folder structure supports implementation of these four functions and permits the functions to be implemented separately at different times or together at once.
* Shares
* Home Directories
* Roaming Profiles
* Folder Redirection
E:\Shares
\Share1
\Share2
E:\Homes
\User1
\User2
E:\Profiles
\User1
\User2
E:\Redirected
\User1
\User2
\My Documents
\Application Data
==== Top-Level 'Homes' Folder Configuration ====
^User or Group ^File/Folder Permissions (Security Tab) ^Comment ^
|Administrators |Full Control |This Folder, Subfolders and Files |
|SYSTEM |Full Control |This Folder, Subfolders and Files |
|CREATOR OWNER |Full Control |Subfolders and Files Only |
|Authenticated Users |Read & Execute, List Folder Contents, Read Perms |This Folder Only |
^User or Group ^Share Permissions (Sharing Tab) ^
|Administrators |Full Control |
|SYSTEM |Full Control |
|Authenticated Users |Full Control |
These settings allow for the automatic creation of per-user home directories as sub-folders of the top-level 'Homes' folder and forbid users from accessing other users' data.
Use a VSS-aware backup tool to make backups.
==== Top-Level 'Homes' Folder Creation ====
- Create a folder 'Homes'
- Disable permissions inheritance
- Set folder permissions per the table above
- Use the Advanced option to edit permissions
- Share the folder 'Homes'
- Set the share name as 'Homes$'
- The dollar symbol hides the share for better security
- Leave off the $ if you prefer
- Use **Properties -> Sharing -> Advanced** to create hidden shares
- Set the share permissions per the table
===== Enable Home Directories for Users =====
Modify each user with the **Active Directory Users and Computers** (ADUC) tool.{{ :networking:windows:active_directory:roaming_profile_path.png?direct&300|}}
- Browse to the container holding user objects
- Hold the control key down and select all users you want to modify
- Right-click one of the selected accounts -> Properties
- Select the Profile tab
- Select the button next to ''Connect''
- Choose a drive letter (same for all users)
- ''\\DC1\Homes$\%username%''
- Click OK to save
- Verify the user's home directory was created and that the user has write access to his/her mapped drive
===== Troubleshooting =====
==== Check Workstation Event Log ====
The first troubleshooting step should be to examine the Application event log on the client computer, and determine the error.
If this is a roaming profile, be sure to check for the correct permissions on the 'Profiles' folder. Check share permissions as well as NTFS permissions.
==== Enable Advanced Logging ====
In addition to logging events in the Application Event log, User Profiles can provide a detailed log to aid troubleshooting. To create a detailed log file for user profiles, use regedit and locate the following path:
''HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon''
Create a new value called **UserEnvDebugLevel** as a **REG_DWORD** and set the value to **30002** in hexadecimal format.
The log file can be found at: ''%windir%\debug\usermode\userenv.log''.
==== View All Shares ====
View all shares including hidden shares (share name ending with $ symbol):
net share