Roaming profiles with Windows 2003

C

CrimsonKain

Weaksauce
Joined
Oct 7, 2003
Messages
122
I'm trying to experiment a little with Windows 2003 Standard to try to learn a thing or two about networking (bear with me I'm quite the newbie). I set up my server for file sharing, domain controller, and dns. I created a dummy user and then tried to log on to the domain with this dummy account using another computer on the network (XP Pro). After I log out it gives me a nice message saying it can't save the roaming profile.

I double checked the directory I gave the user for their profile. Everything is spelled correctly, they have enough quota, and they have write permissions to that directory. I can't think of another reason why it wouldn't be able to be saved. Can anyone offer me an idea or even a tutorial on the subject? I've searched around google and the 2003 help docs but I don't think I'm using the right search terms as I can't find exactly what I'm looking for. I'd appreciate any help on the subject. Thanks.
 
what folder are you saving the profiles in? i have mine saved under 'netlogon'. here is how mine is setup:

1. under the share permissions tab for netlogon folder, highlight the group/user 'everyone' and check allow for full control, change, read.

2. under the security tab, make sure the group 'users' is listed with the default permissions.

3. create the new user's profile in the netlogon folder. in the new folder, edit the security tab and add the new user's name and check allow for all the boxes.

ps. the netlogon folder can be found from going to start, run, //localhost

if you need anymore help, just PM me and i can help you on msn messenger.
 
Netlogon is probably not such a good place to put roaming profiles since the DC's will try and replicate the profiles to each and every DC in the domain using the file replication service....

Also, you shouldn't need to do anything to the permissions of user profiles so long as they are created dynamically by virtue of their account properties.


As for the original question, double-check that your user on the domain has a terminal services profile setup as part of their account. The normal user profile tab doesn't apply. You can use any combinations of policies to override the various terminal services behaviors, but I recommend if you're in an AD domain that you use domain policies only. If you want to change the terminal server profile path for users to be different from what their account says it should be you can do so by setting a policy. If you want that policy (which is a user policy) to be in effect for only certain terminal servers, then you should apply the user policy to the OU that the terminal server is in, and ensure that the policy uses loopback processing so that the users will process the policy based on it's applicability to the machine. But I digress....
 
Itr and rcolbert, thank you very much for your responses. I tried to follow your post itr using my folder names instead of netlogin but was unsuccessful. Rcolbert, your post really flew over my head. Perhaps if I go through the steps I took you can tell me exactly what I did wrong/missed. Here's how I set it up (all done on the win2003 machine):

I shared a folder on my hard drive (D:\public). I created the folders D:\public\users\dummy\profile.

I went into the "Active Directory Users and Computers" manager and added a new user to server > Users directory. I called the new user "dummy."

I go into the user properties and then into the profile tab. I change the profile path to: \\servername\\public\users\dummy\profile.

I open windows explorer and check the properties of the D:\public\users\dummy\profile folder. I go to the security tab and add a user (dummy). Then I make sure they have full control, read, write, etc. (everything is checked)

As a double check I change the security settings for the "Users" group to give them full control as well.
 
to make sure if it's still a permissions problem, make the dummy account as an administrator. that should give full access to all folders.
 
make sure that both the share permissions and local permissions allow them to write to that folder.. i didn't realize that there were both share and local permissions and had all kinds of problems for a while..

also a folder called public wouldn't be where you want to have a profile.. if you used it in real practice.. i would say make a folder called "profiles" and another called "public" then for example you can right click in "my documents" in a profile and set it to //server/public/%username%...

also.. try creating a new user.. and put //server/profile/%username% in the profile path and hitting enter.. this will create the folder instead of you creating it.. and then the person will have access to their own folder for sure...

that should get you on the right track.. i don't know much about this stuff easier, but was able to manage a network for a while.. so that whole "AD domain" and OU stuff means notihgn to me..

it sounds like the shares are not quite right.. give "dummy" ownership of the dummy profile folder... and make sure both share and local permissions are set right.. that's probably where the problem is.. generally you set share permissions to allow almost anythign since there is only read, write, and modify.. or something liek that.. and then you do more specific stuff with the local permisssions..


i know i can't type correctly.. but.. it should be
\\servername\public\users\dummy\profile
not
\\servername\\public\users\dummy\profile.

see the extra blackslash, forward slash.. whatever it is.... but like i already said.. try
\\servername\\public\users\dummy\%username%
that should create a folder called
\\servername\\public\users\dummy\dummy
 
I have mine setup on my test box ...

Profile path for user test is...

\\servername\profiles\test

profiles folder is setup like....

C:\profiles

the C:\profiles folder is shared

the C:\profiles shared tab click permissions I give full rights to domain admins and users (think security permission overides this setting but I forget)

under the C:\profiles security permissions tab I give admin and system full rights and users get read and execute, list, and read..


then the C:\profiles\test user folder has test with full rights as well as admin and system with full rights.
 
You must log in or register to reply here.
Back
Top