Bad boy Warrior Posted March 8, 2005 Share Posted March 8, 2005 Ok men - whats the best guidance you guys can give me to set up roaming pros? i read some posts here by some dudes but whats the local path about? im lost i need to know - if i knew i wodlnt be askingThanks to all that have helped me now and in the pastthx Link to comment Share on other sites More sharing options...
valter Posted March 9, 2005 Share Posted March 9, 2005 On your server, create a folder called Profiles and Share it as Profiles$, set share rights as follows:Administrators Full ControlEveryone ChangeLet's say your server name is Server1. Open Active Directory Users and Computers, open your target users container, double click on the User and click tab Profile. In the field Profile Path type the following:\\Server1\Profiles$\%username%Next time the user logs on, his/her profile folder will be automatically created. Now, if you're using Windows Server 2003, open your Group Policy for the domain or just edit the Default Domain Policy (right click on Domain Name in Active Directory Users and Computers, click Properties, click tab Group Policy and then Default Domain Policy or just edit one of your own), navigate to Computer Configuration\Administrative Templates\System\User Profiles and locate policy called Add the Administrators security group to roaming user profiles, then set it to Enabled. Link to comment Share on other sites More sharing options...
StormRage Posted February 12, 2006 Share Posted February 12, 2006 I've been battling for far to long now with this same issue.The exception being, that I am trying to deploy a default user profile to all NEW users.For some unknown reason the central default profile simply does not get transfered to a new user upon first logon.What have I done:1. Create user account in AD users & computers under an OU.2. Logged onto a terminal and adjusted this profile as required3. Logged of the terminal and logged back on as Administrator4. Copied the profile to \\Server\Netlogon\Default UserUpon creating a NEW user, this NEW user SHOULD obtain his/her profile from \\Server\Netlogon\Default User. THIS SIMPLY DOES NOT HAPPEN.Here is an extract from the UserEnv.log from the terminal machine:-Please note the lpNetPath = <NULL> I've seen another example where it should have been lpNetPath = \\Server\Netlogon\Default UserHow can I get this fixed?... It's killing me with the roll-out that I am currently behind schedule with.Thanks in advanceUSERENV(24c.250) 13:01:05:843 LoadUserProfile: Entering, hToken = <0x9d8>, lpProfileInfo = 0x6eca8USERENV(24c.250) 13:01:05:843 LoadUserProfile: lpProfileInfo->dwFlags = <0x2>USERENV(24c.250) 13:01:05:843 LoadUserProfile: lpProfileInfo->lpUserName = <TestPro>USERENV(24c.250) 13:01:05:843 LoadUserProfile: lpProfileInfo->lpProfilePath = <\\SERVER\profiles$\TestPro>USERENV(24c.250) 13:01:05:843 LoadUserProfile: NULL default profile pathUSERENV(24c.250) 13:01:05:858 LoadUserProfile: NULL server nameUSERENV(24c.250) 13:01:05:858 LoadUserProfile: NULL policy pathUSERENV(24c.250) 13:01:05:858 LoadUserProfile: User sid: S-1-5-21-2724874549-794252346-2489469141-1237USERENV(24c.250) 13:01:05:858 CSyncManager::EnterLock <S-1-5-21-2724874549-794252346-2489469141-1237>USERENV(24c.250) 13:01:05:858 CSyncManager::EnterLock: No existing entry foundUSERENV(24c.250) 13:01:05:874 CSyncManager::EnterLock: New entry createdUSERENV(24c.250) 13:01:05:874 CHashTable::HashAdd: S-1-5-21-2724874549-794252346-2489469141-1237 added in bucket 15USERENV(24c.250) 13:01:05:874 LoadUserProfile: Wait succeeded. In critical section.USERENV(24c.250) 13:01:06:077 GetOldSidString: Failed to open profile profile guid key with error 2USERENV(24c.250) 13:01:06:093 GetProfileSid: No Guid -> Sid Mapping availableUSERENV(24c.250) 13:01:06:093 GetOldSidString: Failed to open profile profile guid key with error 2USERENV(24c.250) 13:01:06:093 GetProfileSid: No Guid -> Sid Mapping availableUSERENV(24c.250) 13:01:06:093 LoadUserProfile: Expanded profile path is \\SERVER\profiles$\TestProUSERENV(24c.250) 13:01:06:108 ParseProfilePath: Entering, lpProfilePath = <\\SERVER\profiles$\TestPro>USERENV(24c.250) 13:01:06:108 CheckXForestLogon: checking x-forest logon, user handle = 2520USERENV(24c.250) 13:01:06:140 CheckXForestLogon: not XForest logon.USERENV(24c.250) 13:01:06:140 AbleToBypassCSC: Try to bypass CSCUSERENV(24c.250) 13:01:06:358 AbleToBypassCSC: tried NPAddConnection3ForCSCAgent. Error 85USERENV(24c.250) 13:01:06:374 AbleToBypassCSC: tried NPAddConnection3ForCSCAgent. Error 2109USERENV(24c.250) 13:01:06:374 AbleToBypassCSC: Share \\SERVER\profiles$ mapped to drive F. Returned Path F:\TestProUSERENV(24c.250) 13:01:06:374 ParseProfilePath: CSC bypassed. Profile path F:\TestProUSERENV(24c.250) 13:01:06:390 ParseProfilePath: GetFileAttributes failed with error 2USERENV(24c.250) 13:01:06:390 CreateSecureDirectory: Entering with <F:\TestPro>USERENV(24c.250) 13:01:06:515 CreateSecureDirectory: Created the directory <F:\TestPro>USERENV(24c.250) 13:01:06:515 ParseProfilePath: Succesfully created the sub-directoryUSERENV(24c.250) 13:01:06:515 LoadUserProfile: ParseProfilePath returned a directory of <F:\TestPro>USERENV(24c.250) 13:01:06:515 RestoreUserProfile: EnteringUSERENV(24c.250) 13:01:06:530 IsCentralProfileReachable: EnteringUSERENV(24c.250) 13:01:06:530 CheckRoamingShareOwnership: checking ownership for F:\TestProUSERENV(24c.250) 13:01:06:530 CheckRoamingShareOwnership: policy set to disable ownership checkUSERENV(24c.250) 13:01:06:530 IsCentralProfileReachable: Testing <F:\TestPro\ntuser.man>USERENV(24c.250) 13:01:06:530 IsCentralProfileReachable: Profile is not reachable, error = 2USERENV(24c.250) 13:01:06:546 IsCentralProfileReachable: Testing <F:\TestPro\ntuser.dat>USERENV(24c.250) 13:01:06:546 IsCentralProfileReachable: Profile is not reachable, error = 2USERENV(24c.250) 13:01:06:546 IsCentralProfileReachable: Ok to create a user profile.USERENV(24c.250) 13:01:06:546 RestoreUserProfile: Central Profile is reachableUSERENV(24c.250) 13:01:06:561 RestoreUserProfile: Central Profile is roamingUSERENV(24c.250) 13:01:06:561 RestoreUserProfile: Profile path = <F:\TestPro>USERENV(24c.250) 13:01:06:561 ExtractProfileFromBackup: Failed to open key Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2724874549-794252346-2489469141-1237 with error 2USERENV(24c.250) 13:01:06:561 ExtractProfileFromBackup: Couldn't open backup profile key. Error = 2USERENV(24c.250) 13:01:06:561 GetOldSidString: Failed to open profile profile guid key with error 2USERENV(24c.250) 13:01:06:561 PatchNewProfileIfRequred: No OldSidString foundUSERENV(24c.250) 13:01:06:608 CreateLocalProfileKey: Not setting additional SecurityUSERENV(24c.250) 13:01:06:608 CreateLocalProfileImage: One way or another we haven't got an existing local profile, try and create oneUSERENV(24c.250) 13:01:06:608 CreateSecureDirectory: Entering with <C:\Documents and Settings\TestPro>USERENV(24c.250) 13:01:06:624 CreateSecureDirectory: Created the directory <C:\Documents and Settings\TestPro>USERENV(24c.250) 13:01:06:624 ComputeLocalProfileName: generated the profile directory <C:\Documents and Settings\TestPro>USERENV(24c.250) 13:01:06:624 Creating Local ProfileUSERENV(24c.250) 13:01:06:640 Local profile name is <C:\Documents and Settings\TestPro>USERENV(24c.250) 13:01:06:640 RestoreUserProfile: Working with a new user. Go straight to issuing a default profile.USERENV(24c.250) 13:01:06:640 RestoreUserProfile: Issuing default profileUSERENV(24c.250) 13:01:06:640 CheckNetDefaultProfile: Entering, lpNetPath = <NULL>USERENV(24c.250) 13:01:06:640 IssueDefaultProfile: Entering. lpDefaultProfile = <C:\Documents and Settings\Default User> lpLocalProfile = <C:\Documents and Settings\TestPro>USERENV(24c.250) 13:01:06:640 CopyProfileDirectoryEx: Entering, lpSourceDir = <C:\Documents and Settings\Default User>, lpDestinationDir = <C:\Documents and Settings\TestPro>, dwFlags = 0xc8103USERENV(24c.250) 13:01:06:655 RecurseDirectory: Adding C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates\ to the list of directories Link to comment Share on other sites More sharing options...
Hamins Posted February 12, 2006 Share Posted February 12, 2006 Storm, have you checked whether the users have read access to \\Server\Netlogon\Default User folder ? Link to comment Share on other sites More sharing options...
Hamins Posted February 12, 2006 Share Posted February 12, 2006 Here's a detailed run-down on how I create roaming Profiles(1) Create a folder by the name of Profiles$ (you could use any name). Create this preferably on a non-system volume.(2) Share the Profiles$ folder you just created, and set the following SHARE permissions on it : Administrators = Full Control, Domain Users = Change & Read(3) Set the following NTFS Security permissions, but before setting any permissions, make sure that you click on ADVANCE, un-check the "ALLOW INHERITABLE PERMISSIONS ......", click on REMOVE, and then click on OK. Administrators = Full Control (This Folder, Subfolder, and Files) Creator Owner = Full Control (Sub Folder and Files) Domain User = Read + Write (This folder, Subfolders, and Files)(4) Now, to map the Profiles$ folder to the user account, open up Active Directory Users and Computers, double-click on the user(s), select the Profiles tab, and in the PROFILE PATH field type \\<The name of your server>\Profiles$\%username%. Make sure that the path to the profile folder is type in UNC format like above, and not in absolute format. Once you have typed the profile path, click OK.That's all ... I hope this help you understand how to create a roaming profile for users on your network. Link to comment Share on other sites More sharing options...
StormRage Posted February 13, 2006 Share Posted February 13, 2006 (edited) Thanks for the advice, yet, unfortunately I do not have any problems with the roaming profiles of individual users.The problem I am experiencing, is with a NEW user obtaining the "Default User" profile that was copied to the \\Server\Netlogon share, acting as a NEW USER TEMPLATE upon FIRST TIME EVER logon.Well, the "Authenticated Users" security group has 1. Traverse Folder / Execute File2. List Folder / Read Data3. Read Attributes4. Read Extended Attributes5. Read Permissionson the c:\winnt\SYSVOL\domain.co.za\scripts folder.Any idees?........Thanks P.S. Summary of my Profiles$ share:-SHARE permissions: Administrators = Full Control, Authenticated Users = Change & ReadNTFS permissions: Administrators = Full Control (This Folder, Subfolder, and Files) SYSTEM = Full Control (This Folder, Subfolder, and Files) Creator Owner = Full Control (Sub Folder and Files) Autenticated Users = List Folder / Read Data & Create Folders / Append Data (This folder Only) Edited February 13, 2006 by StormRage Link to comment Share on other sites More sharing options...
cluberti Posted February 13, 2006 Share Posted February 13, 2006 I don't see any lines pertaining to "lpDefaultPath =" there - meaning it never looked for \\ntserver\netlogon\default user. You SURE the network is up _and_ the user has at least NTFS and share read access to the netlogon share? Because it's not showing up in your userenv logs... Link to comment Share on other sites More sharing options...
StormRage Posted February 13, 2006 Share Posted February 13, 2006 And that is exactly the problem I am experiencing....Did notice something most interesting the past weekend though.A brand new factory pre-loaded WinXP notebook does exactly the same. Yet, when I reloaded a dektop test machine with Windows 2000 Pro, simply outta the blue, the Desktop machine obtained the Default User from te Netlogon share. What am I missing the last two months battling with this issue?.... Link to comment Share on other sites More sharing options...
cluberti Posted February 13, 2006 Share Posted February 13, 2006 Is the XP firewall enabled? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now