Configuring user home directories in Windows Server 2003 R2

By Derek Schauland January 29, 2008, 11:00 AM PST Takeaway: Derek Schauland walks you through the process of creating a user account in Windows Server 2003 R2 that can handle a home directory. In versions of Windows prior to Windows Server 2003 R2, when you create a new user account, you have to create the home directory in a separate step. This leaves room for error if the folder is not configured, meaning the user will have no access to the home directory. Windows Server 2003 R2 creates a home directory in the location you specify when creating the user account; this saves time and makes the process easier. Ill walk you through the process of creating a user account that can handle a home directory. (In the example, I will access a user account via Active Directory Users And Computers. The process is the same for new or existing accounts.) Follow these steps to assign a home directory to a user account: 1. On the server, open Active Directory Users And Computers. 2. Locate the user account for which you want to add a home directory, right-click the account, and choose Properties. 3. In the Properties dialog box, click the Profile tab. 4. Using the Home Folder section of the dialog page, specify if the users home directory should be a local folder on their computer (this can be useful for laptop users), or you can connect a network drive and use it as the home directory. (Note: When configuring a home directory, you dont need to create the directory before assigning it to a profile; Windows Server 2003 R2 will take care of that when the user logs in. You will need to make sure each user has rights to their home directory by assigning appropriate NTFS and/or Share level permissions to the folder. If you skip this step, the user will have a folder but will not be able to store any files there.)

If you choose to connect a network drive, select the letter for the drive mapping and then enter the share path for the share that will hold the home directory. For example, you might select U: in the drop-down menu (for users) and then point to the users share on the file server by entering \\fileserver\usersshare. Click OK to save the user properties to the account. If you decide to use a local folder, enter the path on the local computer where the folder will reside. You can enter the path using the actual drive letter and path C:\documents and settings\username\my documents or using an environment variable and path %userprofile %\My Documents. (The environment variable %userprofile% saves you typing and points

each user to their folder within C:\documents and settings\. This can save a lot of time if you have many accounts to configure.) By configuring home directories during account configuration, it will save you time and make home directories a bit more uniform.

Miss a Windows Server 2003 tip?

Check out the Windows Server 2003 archive, and catch up on the most useful tips from this newsletter. Stay on top of the latest Windows Server 2003 tips and tricks with our free Windows Server newsletter, delivered each Wednesday. Automatically sign up today! Get IT Tips, news, and reviews delivered directly to your inbox by subscribing to TechRepublics free newsletters.

How to Set Up User Profiles on Server 2003

Print this article

A user profile configured on the Windows Server 2003 typically contains the desktop settings (i.e., icons and color options), environment and preference settings, installed applications, and other information specific to a certain user. The local user profile and the roaming user profile are the two most commonly created on the Server 2003. Roaming user profiles can be created on any server, allowing users to move between different computers and retain the same customized settings. Changes made to roaming profiles are automatically updated on the server and can be accessed by that user using any computer in the network. A local user profile is created and stored on the first computer the user logs into. Changes to the local user profile will always remain specific to that computer. The following steps explain how to create both a local user and roaming user profile on the Windows Server 2003. Related Searches:

Difficulty: Moderately Challenging

Instructions

1. Create a Local User Profile

o

1 Open Computer Management: Click Start, then Control Panel, then double-click.

2 Find and click Users in the console tree: Computer Management/System Tools/Local Users and Groups/Users.

3 In the Action menu, click New User.

4 In the dialog box, enter the user information.

5 Check/clear the (four) boxes: User must change password at next logon; User cannot change password; Password never expires; Account is disabled.

6 Administrative Tools, and then double-click Computer Management. Click Create, then Close.Note: This task can only be performed by a member of the Power Users or Administrators group on the local computer, or someone who has been given the authority. If the computer is part of a domain, it is possible that members of the Domain Admins group may be able to perform the task as well.

2. Create a Roaming User Profile

o

1 On the server, create the top-level folder that will contain all individual user profiles and configure it as a shared folder, giving all users full control permissions. This folder does not have to be on the domain controller, and can exist on any server chosen by the Administrator.

2 Open Active Directory Users and Computers: Click Start, click Control Panel, double-click Administrative Tools, then double-click Active Directory Users and Computers.

3 Find the individual's User Object.

4 Right-click the User's name, then click Properties.

5 Click the Profile tab. Enter the Profile Path as the path to the shared user profile folder like this: \\ServerName\Profiles\%username%, where username is the network name of the user whose roaming profile you are creating, and the ServerName is the server containing the shared user profile folder created in Step 1.Now, if the new user logs on and the server happens to not be the domain controller, Windows will find the user profile path you just created and copy the user profile to the local computer.Note: This task can only be performed by a member of the Account Operators group, Domain Admins group, or the Enterprise Admins group in Active Directory, or someone who has been given the authority.

3. Switch Between a Roaming and Local User Profile

o

1 Open System in Control Panel.

2 On the Advanced tab, click Settings under User Profiles.

3 Under Profiles on this computer, click the user profile to change, then click Change Type.

4 Select Roaming or Local profile.Note: To perform this task, administrative credentials are not required.

User profile

ve always considered dealing with end users to be about as much fun as a trip to the dentist or a tax audit. Fortunately, there are some things that you can do to help keep the users happy (a happy user is a quiet user). The techniques that I am going to be showing you in this article center around the use of roaming profiles and folder redirection. Right now you might be wondering how something like roaming profiles can make your life easier. Well, there are several situations in which roaming profiles and folder redirections pay off big time. For example, any decent administrator will instruct their users to save their data on a network drive so that the data gets backed up each night. Inevitably though, some users will save data to the local hard drive. If that hard drive happens to crash, then the user will lose all of their data and will be upset because you didnt back it up. One of the techniques that I will show you will redirect the users My Documents folder to a network share. Another example of how roaming profiles and folder redirections can make your life easier involves a situation in which the user gets a new PC. Normally, you would have to manually move all of the users documents and settings from the old PC to the new one. You would have to be careful not to leave anything behind to avoid upsetting the user and to accidentally exposing the users files to whoever inherits the users old PC. With roaming profiles though, each users files and settings follow them from PC to PC, so there is no need to move anything. Another situation in which roaming profiles and folder redirections come in handy is when a users workstation crashes. Management can easily have the user whose computer crashed use someone elses PC for the day and all of the users normal files and settings will be there. This frees up your time so that you can focus on resurrecting the dead computer. I could go on and on with more examples of how roaming profiles and folder redirections can improve the quality of your life, but I think you probably get the idea. Instead, I want to move on and show you how its done.

The Anatomy of A Profile

Before I show you how to set up a roaming profile, you need to understand that any time a user logs into a Windows XP workstation, Windows automatically creates a profile for that user (unless the machine already contains a profile for the user). The profiles are stored in the Documents and Settings folder and are contained within a sub-folder bearing the users name. For example, if I logged onto a machine as Brien, then Windows would place my profile in a folder named C:\Documents and Settings\Brien. The profile itself is fairly intricate because it contains the users documents and any settings that are user specific. For example, a profile contains things like the users application settings (EX: how Outlook is configured to allow that user access to their E-mail), Internet Explorer favorites and cookies, the users desktop, and the users Start Menu. Figure A shows the contents of a profile directory, and should give you a better idea of what all information is stored within a users profile.

Figure A: This is a users profile folder

Defining A Roaming Profile

Now that you know what a profile looks like, lets talk about making the profile mobile. The basic technique behind creating a roaming profile involves creating a shared folder on the server, creating the user a folder within the share, and then defining the users profile location through the group policy. For example, suppose that you wanted to implement roaming profiles in your own organization. The first thing that you would have to do is to create an empty folder on one of your file servers. You can call the folder anything that you want, but I have traditionally named this folder PROFILES. After you create the Profiles folder, you must share the folder. I recommend sharing

the folder in a way that gives everyone full control at the share level. I would then recommend controlling permissions at the NTFS level. When I define the NTFS permissions, I allow everyone to have read access to the PROFILES folder. I then create sub folders for each user. The sub folders name should match the users name. As you create each users individual folder, you will need to define some NTFS permissions. I recommend granting the Administrator and the user full control over the folder. You should also make the user the owner of the folder. After you have set these permissions, you should block parent permissions from propagating to the folder. Otherwise, everyone will be able to read anything in the users profile folder. In most situations, this will take care of the necessary permissions. However, I have seen at least one network in which the backup software was unable to backup the users profile directories until the backup programs service account was granted access to each users folder. That is the exception rather than the rule though. Once you have created the necessary folders and defined the appropriate permissions, its time to redirect the users profile. To do so, open the Active Directory Users and Computers console, right click on a user account, and select the Properties command from the resulting shortcut menu. When you do, you will see the users properties sheet. Now, select the properties sheets Profile tab. The very first field on the tab is the profile path. Enter the users profile path as: \\server_name\share_name\user_name. For example, if you created a share named PROFILES on a server named TAZ, then the path to Briens profile should be \\TAZ\PROFILES\Brien. Click OK and then the users profile will be roaming starting with the next login.

Folder Redirection
After you enable roaming profiles for a couple of users, the first thing that you will probably notice is that logins and log offs become extremely slow for those users. The reason for this is that the users profile is actually being maintained in multiple locations. The first time that a user logs in after roaming profiles have been enabled, a roaming profile does not exist for the user, so Windows uses the profile thats stored in the local C:\Documents and Settings\ folder. When the user logs off, the entire contents of the local profile (minus the Internet Explorer cache) is copied to the server. If the user has lots of big files, this process can take a long time to complete. The next time that the user logs on, a roaming profile does exist. The roaming profile takes precedence over any local profile that might exist. Therefore, the entire profile is copied from the server to the local C:\Documents and Settings folder as a part of the login process. As before, if the user has a lot of large files, this can take a long time to complete. I have personally seen situations in which a login has taken over an hour because the users profile was so massive. Once the login process completes, the user works off of the local copy of the profile (which is now a mirror of the network copy). However, its very possible that the user could modify the profile by creating a document, placing an icon on the desktop, changing wallpapers, or whatever. Therefore,

Windows considers the local profile to be the most current and copies it to the network when the user logs off. The solution to obscenely long logons and log offs is to use folder redirection. Folder redirection allows you to save portions of the users profile in a different location on the network. The advantage to using folder redirection is that once a folder has been redirected to an alternate location, it no longer has to be copied every time that the user logs on or off. Windows just understands that those particular folders will always reside on the network. Windows will only touch those folders when it needs to open a file from one of them. You cant redirect every folder in a users profile, but you can redirect the ones that tend to be the largest and take the longest to copy each time a user logs in or out. The folders that you can redirect are Application Data, Desktop, My Documents, and Start Menu. You can actually redirect these folders to a users local profile, but that defeats the purpose of implementing roaming profiles. Therefore, I recommend creating a share point on the server to which you can redirect these folders. Creating a share point for folder redirection is a lot easier than creating a share point for roaming profiles. Basically, you can just create a folder, share it, and give everyone full control at the share level. The actual folder redirection is done through the group policy. To redirect a folder, open the Group Policy Editor and navigate to User Settings | Windows Settings | Folder Redirection. The group policy requires you to redirect each of the four folders separately, but the procedure for doing so is the same for each folder. Set the folders Setting option to Basic Redirect Everyones Folder To The Same Location. Next, select the Create A Folder For Each User Under The Root Path option from the Target Folder Location drop down list. Finally, enter your root path in the place provided. For example, on my test server, I just created a share called USERS on a server named TAZMANIA. Therefore, I entered \\TAZMANIA\USERS as the root path. If you look at Figure B, you will notice that in the example under the root path, Windows automatically fills in the user name and the folder name. This occurs because Windows will automatically create all of the necessary folders and will set the required permissions as well.

Figure B: Windows will automatically create the necessary folders beneath the root path and set the required permissions