What is the difference between a profile and a roaming profile, you might ask yourself? Well, a profile is a folder that contains all the settings pertaining to a user’s working environment. By default, the profile is stored in the C:\Users directory.
A roaming profile, on the other hand, is stored on a network instead on the local drive of the machine where you are logged. A Roaming profile is cached locally by default. The advantage of a roaming profile is that a user can log into any machine in the domain and have a consistent working environment.
A profile has two types of content:
- Files and folders
The concept of a roaming profile is that the user’s profile is stored on a file share, and it is downloaded from the file server whenever a user logs in, doesn’t matter on which machine. It is cached in C:\Users on the computer that the user is logged into.
When the user is logged out, the content changes of the profile are saved back to the file server.
OK, lets try to configure roaming profile share.
Also check: Uptime of the server with PowerShell
Creating a Roaming Profile Share
First, you need to have a file server, right? Right. And that server should be in a domain environment. Right? Right.
Create a folder called R_Profiles in E:\Shares:
Once you have created a new folder, you should disable the inheritance of permissions on the folder. Why, you might ask? Well, we will store all our future profiles in this folder, and if every user which will be created inherit the permissions from the parent folder, everyone will have the same permissions, and I believe you don’t want that.
So, it is better to disable inheritance, and instead of that, we decide the level of permissions for every user.
Leave Authenticated users, Creator Owner, Administrators, and System group, just like in this screenshot which I have taken:
With this being done, lets go to File and Storage Services and share the R_Profiles folder.
Open Server Manager > File and Storage Services > Shares > Tasks > New Share…
Choose SMB Share – Quick (we gonna do the easiest way now) and hit Next:
On next page, select the server and the place where the profiles will be (in our case choose the last option “Type a custom path”):
Specify a share name, local path to share, remote path to share, and description if you want:
On a ‘Specify permissions to control access’ page, click the customize permissions… button to configure the permissions:
When the Advanced Security Settings for R_Profiles opens, click on Share tab, remove Everyone group, and add administrators group (Full control) and Authenticated Users group (Change):
Confirm the configuration and click Create:
Creating a Namespace
Now, once we have finished with the creation of the share were the roaming profiles will be shared, lets make the profile share available in the DFS namespace (make sure that you have DFS Namespaces installed). By using DFS namespace, you will be able to replicate the folder or move it when you need to.
Also check: Installing Active Directory
Alright, after you have installed DFS Namespace, open up the console:
Once the console is opened, right-click on ‘Namespaces’ and choose ‘New Namespace…’
Choose the server that will host the namespace. You can write it in the box, or you can choose the ‘Browse’ button and search the domain for the server – whichever suites you better.
On the next page, enter Name for the Namespace, for example ‘Profiles’, and choose ‘Edit Settings’ button, to configure the Namespace:
Hit the ‘Browse’ button and choose the folder on E: drive which we have created previously – R_Profiles.
For the permissions, choose the last option, ‘Use Custom Permissions’, remove Everyone group, add Administrators group (Full Control), and Authenticated users group (Change).
Also check: Features on Demand in Windows 2012 R2
It is going to be a domain-based namespace (you can read the description, no need to explain anything as it is self-explanatory)
On next page, review the settings and after that, hit the ‘Create’ button.
And that is it. Namespace has been created.
Test the Connection to a Roaming Profile Share
Lets bring our Windows 10 Client machine and try to access this namespace (you can use any server/client which is in your domain).
In the Run box, type \server01\Profiles – you should be able to access share:
If you can’t access the share (doesn’t exist, or it is asking you to enter admin credentials), go back and check everything twice to be sure you didn’t skip any step.
Now, go to Active Directory Users and Computers > Users container > pick one account > right-click and choose Properties > Profile tab.
in ‘User Profile’ section, in ‘Profile Path’ box, type the full network share path: \server01\Profiles\rusty
In ‘Home Folder’ section, choose ‘Connect’, enter the desired drive letter and full network share path: \server01\Profiles\Rusty
So, lets try. Login with your user account to your Client machine and try to access your share. You should be able to see folder with the name of your account:
And you should also be able to see the DFS share when you open file explorer/windows explorer: