Creating a Roaming Profiles Share in Windows Server 2012 R2

What is the difference between a profile and a roaming profile, you might ask yourself? Well, a profile is a folder that contains all the settings pertaining to a user’s working environment. By default, the profile is stored in the C:\Users directory.

A roaming profile, on the other hand, is stored on a network  instead on the local drive of the machine where you are logged. A Roaming profile is cached locally by default. The advantage of a roaming profile is that a user can log into any machine in the domain and have a consistent working environment.

A profile has two types of content:

  • Files and folders
  • NTUSER.DAT

The concept of a roaming profile is that the user’s profile is stored on a file share, and it is downloaded from the file server whenever a user logs in, doesn’t matter on which machine. It is cached in C:\Users on the computer that the user is logged into.

When the user is logged out, the content changes of the profile are saved back to the file server.

OK, lets try to configure roaming profile share.

Also check: Uptime of the server with PowerShell

Creating a Roaming Profile Share

First, you need to have a file server, right? Right. And that server should be in a domain environment. Right? Right.

Create a folder called R_Profiles in E:\Shares:

Roaming profiles new folder

Once you have created a new folder, you should disable the inheritance of permissions on the folder. Why, you might ask? Well, we will store all our future profiles in this folder, and if every user which will be created inherit the permissions from the parent folder, everyone will have the same permissions, and I believe you don’t want that.

So, it is better to disable inheritance, and instead of that, we decide the level of permissions for every user.

Leave Authenticated users, Creator Owner, Administrators, and System group, just like in this screenshot which I have taken:

Roaming profiles disable inheritance

With this being done, lets go to File and Storage Services and share the R_Profiles folder.

Also check: Deploying features and roles on remote servers using PowerShell

Open Server Manager > File and Storage Services > Shares > Tasks > New Share…

Roaming profiles File and Storage Services New Share

Choose SMB Share – Quick (we gonna do the easiest way now) and hit Next:

Roaming profiles SMB Share Quick

On next page, select the server and the place where the profiles will be (in our case choose the last option “Type a custom path”):

Roaming profiles select server and drive

Specify a share name, local path to share, remote path to share, and description if you want:

Roaming profiles share name local path to share

On a ‘Specify permissions to control access’ page, click the customize permissions… button to configure the permissions:

Roaming profiles customize permissions

When the Advanced Security Settings for R_Profiles opens, click on Share tab, remove Everyone group, and add administrators group (Full control) and Authenticated Users group (Change):

Roaming profiles change share permissions

Confirm the configuration and click Create:

Roaming profiles confirm configuration

 

Creating a Namespace

Now, once we have finished with the creation of the share were the roaming profiles will be shared, lets make the profile share available in the DFS namespace (make sure that you have DFS Namespaces installed). By using DFS namespace, you will be able to replicate the folder or move it when you need to.

Also check: Installing Active Directory

Alright, after you have installed DFS Namespace, open up the console:

 

create a roaming profile DFS Namespace

 

Once the console is opened, right-click on ‘Namespaces’ and choose ‘New Namespace…’

create a roaming profile Choose New Namespace

Choose the server that will host the namespace. You can write it in the box, or you can choose the ‘Browse’ button and search the domain for the server – whichever suites you better.

create a roaming profile Choose Namespace server

On the next page, enter Name for the Namespace, for example ‘Profiles’, and choose ‘Edit Settings’ button, to configure the Namespace:

create a roaming profile Configure Namespace

Hit the ‘Browse’ button and choose the folder on E: drive which we have created previously – R_Profiles.

For the permissions, choose the last option, ‘Use Custom Permissions’, remove Everyone group, add Administrators group (Full Control), and Authenticated users group (Change).

Also check: Features on Demand in Windows 2012 R2

It is going to be a domain-based namespace (you can read the description, no need to explain anything as it is self-explanatory)

create a roaming profile Choose Namespace type

On next page, review the settings and after that, hit the ‘Create’ button.

create a roaming profile Create Namespace

And that is it. Namespace has been created.

create a roaming profile Namespace created

 

Test the Connection to a Roaming Profile Share

Lets bring our Windows 10 Client machine and try to access this namespace (you can use any server/client which is in your domain).

In the Run box, type \server01\Profiles – you should be able to access share:

create a roaming profile Accessing Share

If you can’t access the share (doesn’t exist, or it is asking you to enter admin credentials), go back and check everything twice to be sure you didn’t skip any step.

Now, go to Active Directory Users and Computers > Users container > pick one account > right-click and choose Properties > Profile tab.

Also check: Installing Windows Deployment Services on Windows Server 2012 R2

in ‘User Profile’ section, in ‘Profile Path’ box, type the full network share path: \server01\Profiles\rusty

In ‘Home Folder’ section, choose ‘Connect’, enter the desired drive letter and full network share path: \server01\Profiles\Rusty

create a roaming profile configuring profile settings

So, lets try. Login with your user account to your Client machine and try to access your share. You should be able to see folder with the name of your account:

create a roaming profile Folder created

And you should also be able to see the DFS share when you open file explorer/windows explorer:

create a roaming profile DFS share in file explorer

2 thoughts on “Creating a Roaming Profiles Share in Windows Server 2012 R2

  1. Hi Vlad, I was searching the web re this subject and came across your blog. You mention DFS-R, but don’t explicitly spell it out, but Microsoft only support roaming profiles in a very limited way as per their Technet article here https://blogs.technet.microsoft.com/askds/2010/09/01/microsofts-support-statement-around-replicated-user-profile-data/

    Has that changed, since that article was written in 2010? I’m running Win2012 and want to implement DFS-N/DFS-R for roaming profiles on the same site

    Cheers
    Steve

  2. Hello Steve.
    This was just a small presentation for small environments, maybe mid-size environments.
    I didn’t have main office – branch office scenario 🙂
    As MS stated, we could use only one replica managed by users, which is in local branch location. The one in main hub is only for backup purposes. If you decide to use DFS-N, to have a unique and easily manageable namespace, that is a plus, but only with one target, so yeah, in case your branch file server goes down, you will have a downtime.
    And this scenario was for Windows Server 2008 R2, not sure if it applies for Windows Server 2012 R2 as well.
    Hope this helps.
    Goodluck with your build 🙂
    Regards,
    Vladimir