The network share you use for roaming profiles can be on any server in the organization. However, a bit of planning should go into the rollout. Because profiles can be quite large, you typically don’t want users to have to retrieve or update profiles over remote networks. Many other factors go into this consideration, of course, such as whether you will also be redirecting user data folders, but you will typically want the profile server to be in the same geographic location as the users.

Caution

Unlike redirected folders, the network share you use for profiles should not be configured for offline file use or encryption. With this in mind, you should disable offline file caching (as discussed in Microsoft Knowledge Base article 842007) and also turn off the Encrypting File System.

To create the shared folder for the roaming profiles, follow these steps:

Once you create and configure the profile share, you can configure user accounts with roaming profiles to use the share. Typically, you use Active Directory Users And Computers or Server Manager to configure roaming profiles. With these tools, you use the %UserName% environment variable to act as a placeholder in the profile path. The server then creates a subfolder for the user based on the user’s account name.

Tip

The %UserName% variable is what tells the server to create subfolders on a per-user basis. For example, if you set the profile path to \NYServer08Profiles\%UserName% and you are configuring the account for ZachM, the profile path will be set as \NYServer08ProfilesachM. The subfolder, ZachM, is created automatically, and the roaming profile is then stored in this folder. By default, when Windows creates this user-specific folder, NTFS permissions are set so that only the user has access to read and manage its contents. If you want administrators to have access to the profile, you must enable Add The Administrators Security Group To Roaming User Profiles in Group Policy, as discussed in the "Modifying the Way Profile Data Can Be Accessed" section in this chapter.

If you are using Active Directory Users And Computers to configure roaming profiles, follow these steps:

As discussed in Chapter 13 of the Microsoft Windows Command-Line Administrator’s Pocket Consultant (Microsoft Press, 2004), you can also use the command line to change user profile settings. In fact, you can use a single command line to change the profile setting for every user in a selected site, domain, or OU. Here is an example:

dsquery user "OU=Tech, DC=cpandl, DC=com" | dsmod user -profile
"\NYServer08profiles$username$"

If you were to type this command on a single line and press Enter, all user accounts in the Tech OU in the Cpandl.com domain would have their profile paths set to \NYServer08profiles\%username%. In this example, the quotes and the dollar signs are necessary to ensure proper interpretation of the command.

Note

When users log on to multiple computers or start multiple Terminal Services sessions, changes made to roaming profiles can get lost or overwritten because the profile of the last session is the one reflected on the profile server. To see why this happens, consider the following scenario: You are logged on to two terminal server sessions simultaneously. In session 1, you create a persistent network drive. When you log off session 1, this change is reflected in your profile, but then you log off session 2 and the profile from this session is uploaded, overwriting the changes from session 1. The next time you log on, the network drive will not be mapped as expected. To avoid this situation, you would need to ensure that the last session you log off is the one that contains the profile you want to save.