See also: Folder Redirection

See also Windows Home Directories

See also: Windows Group Policy

http://technet.microsoft.com/en-us/library/bb490855.aspx#EKAA

http://www.computer-howto.com/2011/09/moving-user-profiles-new-server

http://richardkok.wordpress.com/2011/04/14/configuring-windows-7-roaming-profiles-on-a-windows-2008-r2-server/

Roaming profiles provide valuable functionality:

• Windows profiles are synchronized with a server
  • At logon, profiles are read from the server
  • At logoff, they are synchronized back to the server
• Users can move to another workstation and see their personalized profile when they log in
• Failure of a workstation is less of a disaster

There are down sides too:

• Windows profiles tend to grow over time
  • Logon and logoff times grow longer and longer
• Roaming profiles are a pain to set up
• Profiles may be more susceptible to corruption
  • Particularly when they get very large

1. Create a top-level share to hold roaming profiles
2. Roaming profiles are created automatically when the user logs in and logs out
3. Folder redirection minimizes the downside of roaming profiles

This folder structure supports implementation of these four functions and permits the functions to be implemented separately at different times or together at once.

• Shares
• Home Directories
• Roaming Profiles
• Folder Redirection

E:\Shares
         \Share1
         \Share2
          
E:\Homes
        \User1
        \User2

E:\Profiles
                      
E:\Redirected
        \User1
        \User2
             \AppData
             \Documents

1. Create a folder 'Profiles'
   1. Disable permissions inheritance
   2. Set folder permissions per the table above
      1. Use the Advanced option to edit permissions
2. Share the folder 'Profiles'
   1. Set the share name as 'Profiles$'
      1. The dollar symbol hides the share for better security
      2. Leave off the $ if you prefer
      3. Use Properties → Sharing → Advanced to create hidden shares
   2. Set the share permissions per the table

See also Group Policy

1. Modify Group Policy
   1. Start → Run → gpmc.msc
   2. Right-click the container holding your computer and server objects and select Create a GPO in this domain and link it here
      1. Name it something useful like TucsonUserPolicy
   3. Computer Configuration → Policy → Administrative Templates → System → User Profiles
      1. Do not check for user ownership of Roaming Profile Folders → Enable
      2. Add the Administrators security group to roaming user profiles → Enable

Modify each user with the Active Directory Users and Computers (ADUC) tool.

1. Browse to the container holding user objects
2. Hold the control key down and select all users you want to modify
3. Right-click one of the selected accounts → Properties
4. Select the Profile tab
5. Enable the roaming profile feature and fill in the Profile Path
   1. \\<profile server name>\Profiles$\%username%
   2. Click OK to save
6. Test by logging in at a workstation as one of the selected users
   1. Log off, then look in the Profiles folder
   2. If the roaming profile was not created, wait a few minutes and test again

The first troubleshooting step should be to examine the Application event log on the client computer, and determine the error.

If this is a roaming profile, be sure to check for the correct permissions on the 'Profiles' folder. Check share permissions as well as NTFS permissions.

In addition to logging events in the Application Event log, User Profiles can provide a detailed log to aid troubleshooting. To create a detailed log file for user profiles, use regedit and locate the following path:

HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon

Create a new value called UserEnvDebugLevel as a REG_DWORD and set the value to 30002 in hexadecimal format.

The log file can be found at: %windir%\debug\usermode\userenv.log.

You might try deleting a problem user's profile and redirected folders from the server so that they will be recreated cleanly according to your Group Policies and ADUC settings at the next user login.

Right-click My Computer → Properties → Advanced → User Profiles

View all shares including hidden shares (share name ending with $ symbol):

net share