Setting Up Roaming Profiles in Windows Server 2012
Vložit
- čas přidán 22. 07. 2024
- Info
Level: Intermediate
Presenter: Eli the Computer Guy
Date Created: April 22, 2013
Length of Class: 17:47
Research Assistance:
Tracks
Windows Server 2012
Prerequisites
Comfortable working in the Windows Server 2012 Environment
Be able to create User Accounts
Be able to Share Folders on Windows Server 2012
Purpose of Class
This class introduces students to Roaming Profiles in a Windows Server Environment.
Class Notes
Roaming Profiles allow users to be able to log into different machines and automatically be give their own Profile
Shared Profile Folder can be on any File Server on the Network, but for small to medium sized environments it is usually on the Domain Controller.
If network connection is down you will use the cached profile from the last time you logged in.
Profiles encompass: files, folders, settings. Applications/ Programs must be installed locally on each machine..
Steps:
Create a Share on Your Server called PROFILES and share is with Everyone with Read/ Write Permission
Create New User (If Needed)
Open User Profile
Go to Profile Tab
Type in Profile Path \\SERVERNAME\profile\%username% (Substitute SERVERNAME with your Server's Name)
Login to a computer with User Account that will be made Roaming
Profile in PROFILES folder will be automatically created.
Caution
Profile Information gets Cached on Local Machine (Hacking Vector)
Cached Profiles take up hard drive space
Corrections
Lab Setup Used in Demonstration
The ETCG Host Computer Specs are:
ASUS Model: CM6870US01
16 GB of RAM
1 TB 7200 RPM Hard Drive
i7 3.4 GHz Intel Processor
Windows Server 2012 Virtual Machine
AD, DNS, and DHCP
ETCG.com Domain Created
Internal Network Connection in VirtualBox
2 Windows 8 Virtual Machines
Both machines are members of ETCG.com domain
Internal Network Connection in VirtualBox
Study Guide
Resources
technet.microsoft.com/en-us/li... - Věda a technologie
Eli, you have saved me thousands of dollars, just from watching your videos I've setup a domain accross 3 locations with hundreds of users. We ended up hiring a few IT Guys to manage but they say it was all setup surprisingly well! Thankyou so much! I owe it all to you!
i like how you are always trying to give a real life scenario in your teachings rather than just a lab
Dear Eli, I am not a system guy, but did roaming profiles by your help in few minutes. wonderful. Hope see more good lessons from you
Dude I love you. Person that suppose to train me does not make anything clear. After watching your videos I know more than I could ever learn from anywhere else!!! Thank you.
Nicely presented, I appreciate the introduction of when to use Roaming Profiles. So many comments we receive is, "Get to the point". Well it's important to listen when or when not to apply the topic. Nicely done!
Hi Eli. one word... AMAZING. Thank you for making this simple, clear and calm.
Eli, Terrific video. The one key point that you may wish to communicate as well is whether you can migrate a local profile to the roaming and vice versa should you wish to reverse or start the process. Thanks for your wonderful resources.
Thanks so much, using this I was able to publish roaming profiles on our Citrix Farm.
worked at an insurance company where they used roaming profiles. back then they still had desktops and towers of course. handy thing was, as a job student, i could sit at any desk and just log in, no problem. just a minute and i could do my tasks as a job student. very handy indeed since i would sit at a desk, the normal user of said desk would come back, and i'd sit at another desk. now they use laptops and docking stations but still roaming profiles because that makes it easy to turn in laptops for repairs and such.
QUESTION: can it be done in older version of windows server?
Eli...you are good teacher to explain the things ..!!!!!
i really love the way you explain all those things. you are legend
It does, and not just network traffic, but it can significantly increase logon/logoff times. Folder Redirection GPO's solve this and makes moving between computers much nicer, as the computer you're on simply redirects your documents/pictures/music, even AppData, to a user share on a server, and the computer treats them as local. Now no data has to be synced back and forth, unless you're a laptop user, in which case you can configure an Offline Files GPO which cache's your redirected folders.
hay Eli just wanted to say thanks heaps for all your videos - appreciate them
Hi dear ELi,
Thank you SO MUCH for your instructions, explanation and courses in this presentation and many others, I usually take a look at your courses, I really appreciate and wishing you GOOD LUCK.
Hi dear ELi again,
Thank you SO MUCH for your instructions, explanation and courses in this presentation MS Windows 2012 Server and many others, I usually take a look at your courses, I really appreciate and wishing you GOOD LUCK.
The profile gets cached locally so if the computer is not connected to the network it will just load from the cache...
something fishy from pc 2,where did fourth folder below recyclbin come from ?
so loving the shelf of books,
Your lessons are great, mate! Keep it up!
Roaming user profiles on Windows 8-based or Windows Server 2012-based computers are incompatible with roaming user profiles in other versions of Windows.
Profiles are compatible only between the following client and server operating system pairs:
Windows 8.1 and Windows Server 2012 R2
Windows 8 and Windows Server 2012
Windows 7 and Windows Server 2008 R2
Windows Vista and Windows Server 2008
Note In this article, when the client operating system is referenced, the same issue applies to its corollary server operating system.
For example, if you try to deploy Windows 8 in an environment that uses roaming, mandatory, super-mandatory, or domain default profiles in Windows 7, you experience the following:
After you use a user account that has an existing Windows 7 profile to log on to a Windows 8-based computer for the first time, the components from Windows 8 read and modify the profile state.
Certain Windows 8.1 features may not work as expected because the expected profile state is not present.
When you try to use the same user account to log on to a Windows 7-based computer, the user profile modification that was performed in Windows 8 may not work as expected in Windows 7.
The issues occur because the profile will contain values that are used differently between the versions of Windows. The user profile will be missing default profile configuration information that is expected by the operating system, and could contain unexpected values that are set by a different operating system version. Therefore, the operating system will not behave as expected. Additionally, profile corruption may occur.
Notes
Roaming, mandatory, super-mandatory, and domain default user profiles have to be isolated between versions of Windows.
For more information about this issue in Windows 8.1, click the following article number to view the article in the Microsoft Knowledge Base:
2890783 Incompatibility between Windows 8.1 roaming user profiles and roaming profiles in earlier versions of Windows
I have seen cases where users log in with a Temp profile in such an environment.It actually occurs very often.What we then do is delete the temp folder,remove the temp "user" from registry and then ask the user to login again.Then they can login again,but roaming profiles can be a pain in the butt sometimes.Hence my question; is RDS ( formarly known as terminal services ) better then roaming profile ?
I was told at school that one problem roaming profiles have on large scale networks is that they can generate A LOT of traffic. I worked at a call center for two years, we had around 150 desks in total, and the net admins and i sometimes would chit chat about geeky stuff, and they told me that roaming profiles are cool, and that they were implemented for some time before i entered the company, but that they ultimately ditched them because of network congestion. We had crappy network gear, too, wich didnt help, LOL.
ComandanteJ This. Sooo much this.
Managing Roaming Profiles and DFS file replication issues are as deep an artform as GPO management.
Unless there's a NAS server with DFS in close proximity to the department(s) in question you WILL clog the network.
Eli, thanks for sharing this Server 2012 information. It has given me enough "ammunition" to present to the higher ups to bite the bullet and get a new server entirely.
Now for the fun part of migrating all those workgroup logins. lol
Keep up the great work.
Mike95DSM you can script all these changes in power shell, and i believe command prompt if you really want to take the time to figure out how.
Raleigh Dale The problem is this: Every computer uses the same username and password to log onto the computers.
With my implementation of the 2012 DC and AD I have to migrate the local user to the domain user names.
Each computer will require each user to login with their account. So there will be 4 or 5 users on one computer on any given day. I may consider a kiosk approach, but that will wait until I get the AD DS/DC all set up.
But scripting is a good idea. I will definitely look into that. Thanks.
I'm trying this to implement this in my home situation.
But whenever I'm trying to get my win7 client making contact with the server (Change computername and/or Domain) I run into a DNS problem.
Any suggestion?
Pop Quiz : If I've enabled folder redirection and I'm redirecting a user's Appdata\Roaming folder, am I actually using roaming profiles by proxy?
Hi Eli, thanks for your video, I've set it up however as an Administrator I cannot open the roaming folders; I get the error saying that the device is offline, I thought they were supposed to be saved to my server?
can roaming profile also function some application installed in a workstation? like slack messanger, browser etc...or only profile background only?
Bro!!! Your profile has grown!
Thx I was looking for right this piece of information!
Dear Eli, Can you please provide a tutorial on installation & deployment of ms exchange server ? hope see your reply.
Question: Can I disable the cashe for the account so server access is required to log in?
Where does the administration occur if you want the roaming profiles to be created to a different drive destination? i.e. By default, roam profiles are written to C:\users, can you assign it to write to D:\users on a certain PC? Does this "rule" get implemented on the server or client? thanks
i realy like ur teaching of all networking like linux, server of windows
i realy thanx
question sir: what if the installed application on main pc example word 2010 and the other pc word 2017 does the file can be open or no?
Great explanation!!!
The problem is you can simultaneously have more than 1 active session using the same roaming account. is there a way where you can limit it as 1 active session per roaming profile account?
Its really helpfull to all of us. Thankyou.
I know that clearing cache might be one but people don't do that on a daily basis; plus you might clear files you need if you don't quite know what you're doing. I wander what would be the solution to protect the cached files from being accessed by a hacker?
what if my network have different OS version, for example windows xp,7 and 8, is this going to work perfectly? and if not, what are the things/settings/files/folders that will be able to roam? Thank you in advance.
Can you use this in combo with a hidden share?
So the appdata folder is included in the roaming profiles I'm guessing?
Is there any disadvantages when you have people logging into different versions of Windows?
Not sure if that answered the question but i was thinking say if i go home with my laptop and i do some work offline, when i get back on-line does the work that i saved on my laptop get transferred to my roaming profile on the ADDC?
Hi Eli,
have a question, i am migrating my user profiles (including roaming profiles) from 2008r2 to 2012r2.
have successfully migrated, but when i log in to a workstation with a migrated roaming profile, if only loads a temporary profile.
but for a roaming profile created on 2012r2 it works fine. any help would be appreciated?
Hello Eli, nice video. I have a slight issue with this though. I have configured the roaming profile as shown step-by-step on your video, and tested same with a user account, but it doesn't roam. when I checked the profile status on the client PC, it shows Local; if I attempt to change the type user, I see only Local profile active, with Roaming profile greyed out.
What could be the cause? Anyone please!!!
thanks.
straight and clear explanation
i tried the same in windows server 2008 r2 .i have AD & file server running inside . but it showing following warning
can you explain in text what may be the possibilities
Windows(R) Lightweight Directory Access Protocol (LDAP) failed a request to connect to Active Directory Domain Services(R) for Windows user .
Without the corresponding UNIX identity of the Windows user, the user cannot access Network File System (NFS) shared resources.
Verify that the Windows user is in Active Directory Domain Services and has access permissions.
Hello Eli,
Is it possible to use a mapped drive instead of using C drive
(Q) how about outlook profile saved in i mean they cant access their mails from any computers i am also confused how any body can access their own desktop data or my documents file i got this doubt in the middle of your class please clarify.
Quick question, I am trying to implement a SUPER mandatory profile, I have Roaming / Mandatory Profiles working but how can I test that my GPO is in effect for SUPER mandatory profiles? Should I just delete a test account to see that if no account exists no login is permitted? If you could get back to me on this, I would greatly appreciate it!
Does anybody know what happens if the users move from Windows 8 to Windows 7 to Windows 10 desktops?
question sir: is there is any complication if the users using different os like win7 profile to win10? does the user profile still copy into the win10?
Does this work with remote employees on a laptop?
Eli can this same method be used with Windows Server Manager 2019 on Win10? I saw another methods using Security Group in the OU why is that?
Nice roaming profiles lesson.👍
What about mobile users with laptops? How this process is managed whn they are ouside the company with no VPN?
nice explaination Eli. Helped me .:)
how to create roaming profile on windows server 2016 with administrator access, please help me....
i need to do this for a school project Eli your the man.
Great explained, thx!
this is great .Thank you
That is if the computer has been logged in on that particular pro
file to load from cache? Right...
Hi Eli, thanks for another great informative video. I do have one question though. What happens when a user gets a virus on the machine, and the only result is to wipe the machine? Is there anything that would needs to be done to that users share folder? Would files needs to be back up manually? Thanks
Awesome training
great stuff...great video
Question - if a person has a dual monitor and then logs into a station with one monitor, what happens to the items in the profile? Do all the icons cram onto one screen?? If so, what happens when I log back onto the station with two monitors? Do the icons stay on one screen or two?
Im thinking of doing this with a few users at work. I am an amature IT guy so please excuse my ignorance.
Wouldn't it be fine to do if all the files were centrally saved on a server and the users only had shortcuts to it? I know that if they leave the domain they would loose connection to the server and would need to use a VPN to maintain connection. Does this approach make sense?
How do roaming profiles deal with laptops that often log in while not connected to the network?
Hi Eli all works for me, but i can not access created folders from my account as administrator shows me an error "do not have permissions"
would appreciate you to help me
Eli, was the folder that you deleted on the first VM still present on the second because of the caching?
Hi plz share about temp profile frequently creating in domin
If I have windows 7 and 8 clients and I have windows server 2012 can my windows 7 clients authenticate through ad ds or is this incompatible
Eli, i have a few clients that i implemented the roaming profile - works great! the biggest problem that i don't seem to overcome is that the profiles are accessable only for the users which makes the backup skip these folders because Admin doesn't have access to them. i do backups for all files so then if a user delete a file, i have someone to pull it back from. how would you resolve it?
thank you!
hi Eli,, does your personal folder or PST file will also be copied to another computer when you login?
Besides security concerns, roaming profiles can get corrupted quite easily as opposed to static profiles. That's one reason, why some organizations don't always implement it. In addition, users can get frustrated very easily, if they have to always contact the help-desk to redo their profile, or fix any issues related to their roaming profile.
@Eli mostly our desktop data will be stored in their own systems as far as i know.
can this be setup on windows home server 2011?
does roaming profile consume big space on the server?
good work Eli.
Eli..
I have a little issue with roaming profiles.
My client had exchange server installed onto there DC and yes they have roaming profiles..
Well.. The exchange server has been acting up..
So.. I suggested they migrate to O365..
All is well so far..
But..
Now every so often..
My clients Outlook reverts back to their old Email address and i have to reset their Outlook account to get their email working.
I am thinking the roaming profile has something to do with this.
Thoughts?
Heck, maybe do a video on removing Roaming Profiles.. Thanks in advance.
Background picture and profile pic does not roam, any ideas why?
Does anyone think this would cause a ton of network traffic? say at a school where users are constantly logging in and out onto different computers?
Hi Eli, will you br doing any videos on Microsoft Exchange Server 2010 or 2013?
Could you please tell me about cross forest roaming...please..
you sir are AWESOME!!!
Hi Eli
Loving your videos; especially the Windows Server 2012 training series.
I'm studying for my MCSA Windows Server 2012 and am using your videos are part of my training.
The last certification I obtained was MCSA 2003. I decided to skip the 2008 track. As such, there is a LOT to learn as things have changed SO much since I did my certification.
Question - will you be covering Hyper-V? This wasn't around in the 2003 days; and so an in-depth tutorial here would be great :-)
hi would you do a video on wds and mdt
the profile doesn't even have to be on a windows host either,Iiv'e used OSX to host it with a vbox shared folder
Never, never ever ever store roaming profiles on a DC, and certainly not on the system drive, you can easily run the server out of disk space and then corrupt your AD database. DC's should do one or two things, host AD & host DNS. You can control the caching of roaming profiles on local machines to reduce the potential for data loss in the event of a lost machine, but laptops that are accessed off-net will need a cached copy. Folder redirection is also a must and the two topics go together!
Eli, how about if you have two DC's? If one DC1 goes down, then roaming profiles won't work. In this case, should I then place it on the NAS? Or is there a way for DC1 and DC2 to have identical roaming profiles folder?
If you have multiplpe DC's, chances are, you also have a dedicated File Server. That's where you store the User Profiles.
like it very much.
Always wonder my boss why not do that in my last work, once they have a huge call center, and in times of a broken pc they ad do do all the personalization again in other pc.
Never mind, dont work there no more. But Ive got a question.
Is there any way to write a script for all users? Because is not good to doable to do this procedure to 200 users for example.
I dont think so...
Hi, nice demonstration, and nice work. Thank you first of all for going through the trouble explaining it the best possible way for everybody to understand. My little questions in general are: 1. wont it be over time very bandwidth consuming during startup every morning where ten or more employees boot their system almost at the same time? Especially the .ost or .pst files, where each can easily hold 2-3 or more GB, that have to travel every time a user sits on a new computer? and 2. Couldn't you just use GPO and use Folder redirection, where you can specify which folders are important to a user. For example, a average user, who needs to move to a different computer for any sudden reason would probably not need his music collection or videos to follow him as well, especially when it comes to time pressure and you want to work asap. I always wondered why I should use roaming instead of Folder redirection!
I'm pretty sure Eli just used the C: drive as an example here for demonstration purposes. Eli? The C:\ or system drive is for Windows programs and other important processes running on the server. In an Enterprise OR non-lab world, you can set the user profiles here but a "best practice" would be to use folder redirection to a SAN using fiber channel interconnects for speedier access. Also, it makes running back-ups of the system drive quicker. I hope this helps.
Eli Good Video I their a way to deleate the cashed profile when the user logoff as it would save me the time to delete them my self
I tried this i get a message you have been lodged but their was a problem
Roaming profile by your method isn't work if user has a very large file. It will syncronize file every time user login and this make a very long time loading. You need to set Folder redirection for desktop and my document too in GPO.
great video
Quick but maybe dumb question. Does this also take into account appdata for 3rd party browsers? In other words, will I be able to have a user log into another machine and use their bookmarks and saved passwords?
Also, with newer Server OS's, is there a way to prevent local caching of the profiles on the machines? I feel like there is....
I have been exploring Group Policy on Windows 10 and 11 Pro and I can say there’s a Group Policy setting that allows you to delete cached copies of roaming profiles however this setting is available in the local group policy on a Windows machine and as far as I know not available on the DC
The drawback is that you have to disable the slow link detection policy on the local computer because the slow link detection uses the previously cached copy of your roaming profile from the last time you logged into the profile on the specific computer
If you enable the “Delete cached copies of roaming profiles” policy and DO NOT DISABLE the slow link detection you’re basically going to get some errors but my recommendation is you MIGHT WANT TO NOT ENABLE the “Delete cached copies of roaming profiles” policy because you need a copy of your roaming profile to log into the computer on which you’re working WHEN your internet or intranet is down for maintenance or other issues
There’s an answer to your question about a policy for removing cached copies of roaming profiles from the local hard drive
In theory you should delete some of the cache but in practice you might mess up and be unable to log in to your computer because you don’t have a local copy of your user profile
Do you have any plans to continue your Linux classes?
Eli you asked "why people do not use this much in the real world?" It could be bandwidth issues several years back of 100 mb backbones on networks. Computers and servers like Windows XP were slow to cache the initial roaming profile and some of the updates/changes. Some Network Administrators abandoned the thought of using roaming profiles after the experience.
Thanks for another great video Eli! I'm having an issue in my enviroment. I am switching from Novell to AD and I use to have user profiles on the local C:/ drive but my roaming profile memory is seeing the profile that is on the local drive and not the roaming profile. Any help on how I can resolve this issue?
Well at the end of the video you spoek of a cached profile. What would the name of that profile be?