How To Create Roaming Pros

[Bad boy Warrior]

Ok men - whats the best guidance you guys can give me to set up roaming pros? i read some posts here by some dudes but whats the local path about? im lost i need to know - if i knew i wodlnt be asking

Thanks to all that have helped me now and in the past

thx

[valter]

On your server, create a folder called Profiles and Share it as Profiles$, set share rights as follows:

Administrators Full Control

Everyone Change

Let's say your server name is Server1. Open Active Directory Users and Computers, open your target users container, double click on the User and click tab Profile. In the field Profile Path type the following:

\\Server1\Profiles$\%username%

Next time the user logs on, his/her profile folder will be automatically created. Now, if you're using Windows Server 2003, open your Group Policy for the domain or just edit the Default Domain Policy (right click on Domain Name in Active Directory Users and Computers, click Properties, click tab Group Policy and then Default Domain Policy or just edit one of your own), navigate to Computer Configuration\Administrative Templates\System\User Profiles and locate policy called Add the Administrators security group to roaming user profiles, then set it to Enabled.

[StormRage]

I've been battling for far to long now with this same issue.

The exception being, that I am trying to deploy a default user profile to all NEW users.

For some unknown reason the central default profile simply does not get transfered to a new user upon first logon.

What have I done:

1. Create user account in AD users & computers under an OU.

2. Logged onto a terminal and adjusted this profile as required

3. Logged of the terminal and logged back on as Administrator

4. Copied the profile to \\Server\Netlogon\Default User

Upon creating a NEW user, this NEW user SHOULD obtain his/her profile from \\Server\Netlogon\Default User. THIS SIMPLY DOES NOT HAPPEN.

Here is an extract from the UserEnv.log from the terminal machine:-

Please note the lpNetPath = <NULL>

I've seen another example where it should have been lpNetPath = \\Server\Netlogon\Default User

How can I get this fixed?... It's killing me with the roll-out that I am currently behind schedule with.

Thanks in advance

USERENV(24c.250) 13:01:05:843 LoadUserProfile: Entering, hToken = <0x9d8>, lpProfileInfo = 0x6eca8

USERENV(24c.250) 13:01:05:843 LoadUserProfile: lpProfileInfo->dwFlags = <0x2>

USERENV(24c.250) 13:01:05:843 LoadUserProfile: lpProfileInfo->lpUserName = <TestPro>

USERENV(24c.250) 13:01:05:843 LoadUserProfile: lpProfileInfo->lpProfilePath = <\\SERVER\profiles$\TestPro>

USERENV(24c.250) 13:01:05:843 LoadUserProfile: NULL default profile path

USERENV(24c.250) 13:01:05:858 LoadUserProfile: NULL server name

USERENV(24c.250) 13:01:05:858 LoadUserProfile: NULL policy path

USERENV(24c.250) 13:01:05:858 LoadUserProfile: User sid: S-1-5-21-2724874549-794252346-2489469141-1237

USERENV(24c.250) 13:01:05:858 CSyncManager::EnterLock <S-1-5-21-2724874549-794252346-2489469141-1237>

USERENV(24c.250) 13:01:05:858 CSyncManager::EnterLock: No existing entry found

USERENV(24c.250) 13:01:05:874 CSyncManager::EnterLock: New entry created

USERENV(24c.250) 13:01:05:874 CHashTable::HashAdd: S-1-5-21-2724874549-794252346-2489469141-1237 added in bucket 15

USERENV(24c.250) 13:01:05:874 LoadUserProfile: Wait succeeded. In critical section.

USERENV(24c.250) 13:01:06:077 GetOldSidString: Failed to open profile profile guid key with error 2

USERENV(24c.250) 13:01:06:093 GetProfileSid: No Guid -> Sid Mapping available

USERENV(24c.250) 13:01:06:093 GetOldSidString: Failed to open profile profile guid key with error 2

USERENV(24c.250) 13:01:06:093 GetProfileSid: No Guid -> Sid Mapping available

USERENV(24c.250) 13:01:06:093 LoadUserProfile: Expanded profile path is \\SERVER\profiles$\TestPro

USERENV(24c.250) 13:01:06:108 ParseProfilePath: Entering, lpProfilePath = <\\SERVER\profiles$\TestPro>

USERENV(24c.250) 13:01:06:108 CheckXForestLogon: checking x-forest logon, user handle = 2520

USERENV(24c.250) 13:01:06:140 CheckXForestLogon: not XForest logon.

USERENV(24c.250) 13:01:06:140 AbleToBypassCSC: Try to bypass CSC

USERENV(24c.250) 13:01:06:358 AbleToBypassCSC: tried NPAddConnection3ForCSCAgent. Error 85

USERENV(24c.250) 13:01:06:374 AbleToBypassCSC: tried NPAddConnection3ForCSCAgent. Error 2109

USERENV(24c.250) 13:01:06:374 AbleToBypassCSC: Share \\SERVER\profiles$ mapped to drive F. Returned Path F:\TestPro

USERENV(24c.250) 13:01:06:374 ParseProfilePath: CSC bypassed. Profile path F:\TestPro

USERENV(24c.250) 13:01:06:390 ParseProfilePath: GetFileAttributes failed with error 2

USERENV(24c.250) 13:01:06:390 CreateSecureDirectory: Entering with <F:\TestPro>

USERENV(24c.250) 13:01:06:515 CreateSecureDirectory: Created the directory <F:\TestPro>

USERENV(24c.250) 13:01:06:515 ParseProfilePath: Succesfully created the sub-directory

USERENV(24c.250) 13:01:06:515 LoadUserProfile: ParseProfilePath returned a directory of <F:\TestPro>

USERENV(24c.250) 13:01:06:515 RestoreUserProfile: Entering

USERENV(24c.250) 13:01:06:530 IsCentralProfileReachable: Entering

USERENV(24c.250) 13:01:06:530 CheckRoamingShareOwnership: checking ownership for F:\TestPro

USERENV(24c.250) 13:01:06:530 CheckRoamingShareOwnership: policy set to disable ownership check

USERENV(24c.250) 13:01:06:530 IsCentralProfileReachable: Testing <F:\TestPro\ntuser.man>

USERENV(24c.250) 13:01:06:530 IsCentralProfileReachable: Profile is not reachable, error = 2

USERENV(24c.250) 13:01:06:546 IsCentralProfileReachable: Testing <F:\TestPro\ntuser.dat>

USERENV(24c.250) 13:01:06:546 IsCentralProfileReachable: Profile is not reachable, error = 2

USERENV(24c.250) 13:01:06:546 IsCentralProfileReachable: Ok to create a user profile.

USERENV(24c.250) 13:01:06:546 RestoreUserProfile: Central Profile is reachable

USERENV(24c.250) 13:01:06:561 RestoreUserProfile: Central Profile is roaming

USERENV(24c.250) 13:01:06:561 RestoreUserProfile: Profile path = <F:\TestPro>

USERENV(24c.250) 13:01:06:561 ExtractProfileFromBackup: Failed to open key Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2724874549-794252346-2489469141-1237 with error 2

USERENV(24c.250) 13:01:06:561 ExtractProfileFromBackup: Couldn't open backup profile key. Error = 2

USERENV(24c.250) 13:01:06:561 GetOldSidString: Failed to open profile profile guid key with error 2

USERENV(24c.250) 13:01:06:561 PatchNewProfileIfRequred: No OldSidString found

USERENV(24c.250) 13:01:06:608 CreateLocalProfileKey: Not setting additional Security

USERENV(24c.250) 13:01:06:608 CreateLocalProfileImage: One way or another we haven't got an existing local profile, try and create one

USERENV(24c.250) 13:01:06:608 CreateSecureDirectory: Entering with <C:\Documents and Settings\TestPro>

USERENV(24c.250) 13:01:06:624 CreateSecureDirectory: Created the directory <C:\Documents and Settings\TestPro>

USERENV(24c.250) 13:01:06:624 ComputeLocalProfileName: generated the profile directory <C:\Documents and Settings\TestPro>

USERENV(24c.250) 13:01:06:624 Creating Local Profile

USERENV(24c.250) 13:01:06:640 Local profile name is <C:\Documents and Settings\TestPro>

USERENV(24c.250) 13:01:06:640 RestoreUserProfile: Working with a new user. Go straight to issuing a default profile.

USERENV(24c.250) 13:01:06:640 RestoreUserProfile: Issuing default profile

USERENV(24c.250) 13:01:06:640 CheckNetDefaultProfile: Entering, lpNetPath = <NULL>

USERENV(24c.250) 13:01:06:640 IssueDefaultProfile: Entering. lpDefaultProfile = <C:\Documents and Settings\Default User> lpLocalProfile = <C:\Documents and Settings\TestPro>

USERENV(24c.250) 13:01:06:640 CopyProfileDirectoryEx: Entering, lpSourceDir = <C:\Documents and Settings\Default User>, lpDestinationDir = <C:\Documents and Settings\TestPro>, dwFlags = 0xc8103

USERENV(24c.250) 13:01:06:655 RecurseDirectory: Adding C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates\ to the list of directories

[Hamins]

Storm, have you checked whether the users have read access to \\Server\Netlogon\Default User folder ?

[Hamins]

Here's a detailed run-down on how I create roaming Profiles

(1) Create a folder by the name of Profiles$ (you could use any name). Create this preferably on a non-system

volume.

(2) Share the Profiles$ folder you just created, and set the following SHARE permissions on it :

Administrators = Full Control,

Domain Users = Change & Read

(3) Set the following NTFS Security permissions, but before setting any permissions, make sure that you click

on ADVANCE, un-check the "ALLOW INHERITABLE PERMISSIONS ......", click on REMOVE, and then click on

OK.

Administrators = Full Control (This Folder, Subfolder, and Files)

Creator Owner = Full Control (Sub Folder and Files)

Domain User = Read + Write (This folder, Subfolders, and Files)

(4) Now, to map the Profiles$ folder to the user account, open up Active Directory Users and Computers,

double-click on the user(s), select the Profiles tab, and in the PROFILE PATH field type

\\<The name of your server>\Profiles$\%username%. Make sure that the path to the profile folder is

type in UNC format like above, and not in absolute format. Once you have typed the profile path, click

OK.

That's all ... I hope this help you understand how to create a roaming profile for users on your network.

[StormRage]

Thanks for the advice, yet, unfortunately I do not have any problems with the roaming profiles of individual users.

The problem I am experiencing, is with a NEW user obtaining the "Default User" profile that was copied to the \\Server\Netlogon share, acting as a NEW USER TEMPLATE upon FIRST TIME EVER logon.

Well, the "Authenticated Users" security group has

1. Traverse Folder / Execute File

2. List Folder / Read Data

3. Read Attributes

4. Read Extended Attributes

5. Read Permissions

on the c:\winnt\SYSVOL\domain.co.za\scripts folder.

Any idees?........

Thanks

P.S. Summary of my Profiles$ share:-

SHARE permissions:

Administrators = Full Control,

Authenticated Users = Change & Read

NTFS permissions:

Administrators = Full Control (This Folder, Subfolder, and Files)

SYSTEM = Full Control (This Folder, Subfolder, and Files)

Creator Owner = Full Control (Sub Folder and Files)

Autenticated Users = List Folder / Read Data & Create Folders / Append Data (This folder Only)

Edited February 13, 2006 by StormRage

[cluberti]

I don't see any lines pertaining to "lpDefaultPath =" there - meaning it never looked for \\ntserver\netlogon\default user. You SURE the network is up _and_ the user has at least NTFS and share read access to the netlogon share? Because it's not showing up in your userenv logs...

[StormRage]

And that is exactly the problem I am experiencing....

Did notice something most interesting the past weekend though.

A brand new factory pre-loaded WinXP notebook does exactly the same. Yet, when I reloaded a dektop test machine with Windows 2000 Pro, simply outta the blue, the Desktop machine obtained the Default User from te Netlogon share.

What am I missing the last two months battling with this issue?....

[cluberti]

Is the XP firewall enabled?