One of the questions I hear often is how to configure roaming profiles and/or folder redirection. The bigggest benefit to roaming profiles and folder redirection is when you replace a users workstation for an upgrade or repair. When the user logs on to their new PC their profile will be loaded from the network share and you won't have to worry about transferring their data from the old PC to the new.
Let's start with the roaming profile. When a user logs on to their PC for the first time a profile is created. The profile holds the users application settings, Internet Explorer favorites, desktop settings (shortcuts, wallpaper) and other customizations. This is normally kept under C:\Documents and Settings\ however with roaming profiles we can redirect this to a network share so that no matter what PC they log on from they get the exact same profile. To start we need to create a network share called Profiles, the name is irrelevant but Profiles makes sense! Share this folder and set the permissions to Everyone | Full Control, and lock down access by setting the NTFS permissions to Everyone - Read Only. Create a subfolder for each user and set the permissions to the user's folder to the following: Administrators - Full Control (optional but good for troubleshooting) Username - Full Control Finally remove the inheritance of permissions from the parent folder. Next, run DSA.msc from the Run box to open up Active Directory Users and Computers and drill down to the OU with your users. Right-click the user and select Properties and then click the Profile tab. Enter the path to the profile using UNC naming. i.e.
\\server\Profiles\{username}
Click OK to save the change. The next time the user logs on the their roaming profile will be non-existent so the system will default to the local profile, however, when the user logs off the local profile will be copied to the roaming profile. Roaming profiles will cause logins to slow to a crawl. The larger the profile, the longer the logon/off. This is because the roaming profile is copied down to the local machine at each logon and then copied back up to the share upon logoff. With a large profile this can take a very long time. The answer to this problem is Folder Redirection. There is a set of group policy settings that allow you to redirect the location of the Application Data, Desktop, Start Menu, and My Documents folders.
To redirect a folder, open the Group Policy Editor and drill down to User Configuration | Windows Settings | Folder Redirection. There are four group policy settings, one to redirect each of the four folders separately. The procedure is the same for each folder and I recommend you redirect all four, or at the very least the My Documents and Application Data folders. Start by creating a share on the network called Folders, again the name is irrelevant. The permissions can be left at the default. Set the folders Setting option to Basic Redirect Everyones Folder To The Same Location. Next, select the Create A Folder For Each User Under The Root Path option from the Target Folder Location drop down list. Finally, enter the path to the Folders share. i.e.
\\server\Folders
You do not have to create sub-folders or set permissions for these folders as Windows will create them automatically and set the permissions for you. Click the Settings tab. Here we can set the permissions to the redirected folder, choose to copy the data to the share and specify what to do when the policy is removed.
Allow the group policy to take effect and once the profile and folder redirection has synced the My Documents shortcut will be new and if you view the properties of the folder you will see it redirected.
Sit back and enjoy the benefits of fast logons, roaming profiles and centralized storage of your users "local" data.