Configuring Windows 7 roaming profiles on a Windows 2008 R2 Server

The last few days I am playing around with Windows 7 and roaming profiles. At first I wrote it down for my own documentation but maybe its usefull for someone else as well.

Requirements

• A Windows 2008 R2 Server with the File Server Resource Manager (FSRM) role
• A Windows 7 Client
• Both machines in the same domain

Creating the home share on the windows 2008 R2 server

• Create a folder called HomeWin7 and rightmouseclick and choose properties
• You should see the following permissions

• Click on the Advanced button and click on Change Permissions
• DEselect Include inheritable permission form this object’s parent and click on ADD
• Select the Users “Special” ACL and then click the Edit Button

• Change the Apply to : This folder Only and click OK
• Select the Users “Read & execute” ACL and then click the Edit Button

• Change the Apply to : This folder Only and click OK
• It should look like this now:

• Click OK to close this screen and click on the “Sharing Tab” on the Users Properties screen and then click on the “Advanced Sharing” button to create a share
• Select share this folder and the sharename should be HomeWin7$

• Click on the caching button and select: no files or programs are avaliable offline
• Click OK and click on the permissions button
• Give the everyone group Full Control on the share and click on OK, OK and Close
• Start the Server Manager and go to File Services, Share and storage management
• Select the HomeWin7$ share, rightmouseclick and select properties, advanced
• Select: enable Enable access-based enumeration and click OK (this results in that users can only see their own folder if the users connect to the \\servername\HomeWin7$ share)

• Lets configure some GPO’s

Configure GPO’s for roaming profiles

• Start the GPMC and browse to the specific user OU
• Create a new GPO and then edit
• Browse to : User Configuration -> Policies -> Windows Settings -> Folder Redirection

• Rightmouseclick Appdata(roaming) and select properties. Configure like this:

• Select the Settings tab and configure like this:

• Make sure you configure all other redirection policies like the above
• Rightmouseclick Desktop and select properties. Configure like this:

• (if needed) Rightmouseclick Start Menu and select properties. We have it redirected to the Teachers startmenu on a different server
• Rightmouseclick Documents and select properties. Configure like this:

• Rightmouseclick Pictures,  Music, Videos’. Configure like this:

• Rightmouseclick Favorites and select properties. Configure like this:

• Rightmouseclick Contacts and select properties. Configure like this:

• Rightmouseclick Downloads and select properties. Configure like this:

• Rightmouseclick Links and select properties. Configure like this:

• Rightmouseclick Searches and select properties. Configure like this:

• Rightmouseclick Saved Games and select properties. Configure like this:

Additional Main GPO’s

• Browse to : User Configuration -> Policies -> Administrative Templates-> System -> User Profiles -> Exclude directories in roaming profiles. By default, the Appdata\Local and Appdata\LocalLow folders and all their subfolders like the History, Temp, and Temporary Internet Files folders are excluded from the user’s roaming profile. If you need to exclude additional folders you can add them here.
• Start the GPMC and browse to the specific computer OU and create a new GPO and then edit.
• Browse to : Computer Configuration -> Policies -> Administrative Templates-> System -> User Profiles -> Add the administrators security group to roaming user profiles. Set this to Enabled.
• Browse to : Computer Configuration -> Policies -> Administrative Templates-> System -> User Profiles -> Delete user profiles older than a specified number of days on system restart. Set this to Enabled and 30 days.
• Browse to : Computer Configuration -> Policies -> Administrative Templates-> System -> User Profiles -> Do not check for user ownership of roaming profiles folders. Set this to Enabled.
• Browse to : Computer Configuration -> Policies -> Administrative Templates-> System -> User Profiles -> Delete cached copies of roaming profiles. Can be usefull on student computers. Student profiles get deleted after logoff.
• Browse to : Computer Configuration -> Policies -> Administrative Templates-> System -> User Profiles -> Do not log users on with temporary profiles. Set this to Enabled. Can be usefull to avoid creating a temporary profile if the roaming profiles is corrupt or unavailable.

ADUC

• Open the user properties and configure the profile path like this:

• If you check the profile folder structure it will look like this:

Extra information

• Managing Roaming User Data Deployment Guide
• Stealthpuppy: Reduce logon times by excluding the bloat