GPO DFS Based Profiles & Home Directories - SomethingGeneric/sparkle.local GitHub Wiki
Configure DFS Share Settings
- For this task, I decided to make use of Windows
Roaming User Profiles
which can enable users to keep their user profiles and home directories stored on a central server rather than creating a new local user profile every time they log into a new system on our domain. - In order to allow users logging into either W01 and W02 to store Roaming User Profiles on the DFS share (sparkle-share), we must first create the necessary share folder locations and configure the DFS share settings to allow access to said Domain Users.
This task involves:
- Navigating to
Server Manager
>File and Storage Services > Shares
> andConfiguring the Properties
of our newsparkle-share
. - Customizing the
User Permissions
to allowFull Control
for Domain Admins andModify
access for Domain Users. - Modifying the
DFS Share Permissions
to allowFull Control
for the Domain Users Group.
Modifying sharing permissions for our User Profile and Home Directory folders
- In order to allow our Roaming Users access to their User Profiles and Home Directories, I next navigated to the DFS File Share Location
(\\sparkle.local\sparkle-share)
and created two new folder locationsUser-Profiles
andHome-Directories
respectively.
For each folder, I modified the Advanced Security Properties to Disable Inheritance, allow Full Control
for Domain Admins, and apply Special
permissions for Domain Users (applies select permissions for Domain Users as shown below).
Configuring Roaming User Profiles and Home Directories via GPO
Next I configured a new GPO to configure users logging into either W01
or W02
use Roaming User Profiles
and to store their User Profiles and Home Directories onto the DFS share. To do this, I opened Group Policy Management
and created a new GPO “DFS User Profiles and Shares” under the “Sparkle GPO” > “Computers” OU in Group Policy Management. After creating the new OU, I then specified the Security Filtering such that the GPO would only apply to “W1” and “W2”.
^^ Screenshot showing me creating a new GPO and applying the GPO to Domain Users and both W01 and W02
From here, I then edited the new "DFS User Profiles and Home Directories" GPO so that the Workstations would use Roaming Profiles for users who log onto the system. These settings can be found under Computer Configuration
> Administrative Templates
> System
> User Profiles
.
- To ensure that Roaming Profiles can be loaded onto each workstation, I
disabled
theOnly allow local user profiles
setting.
- To set the location of the Roaming User Profiles, I
enabled
the setting forSet roaming profile path for all users logging onto this computer
and specified the Roaming Profiles to be stored at\\sparkle.local\sparkle-share\User-Profiles\%USERNAME%
("%USERNAME%" is used to indicate any user who logs into W01 or W02).
- To set the location of the User Home Folder, I
enabled
the setting forSet user home folder
and specified its location to be\\sparkle.local\sparkle-share\Home-Directories
(mounted to the S: Drive).
Applying and Testing the New DFS User Profile GPO
After applying the new DFS User Profile GPO, I then ran a gpupdate /force
command on both W01
and W02
to apply the new Group Policy and then restarted each system to ensure that the GPO is also applied to each system.
- To verify that we are now using Roaming User profiles, I opened
Control Panel
on either Workstation machine and navigated toSystem and Security
>System
>Advanced System Settings
>Advanced
> SelectedSettings
underUser Profiles
> and verified that new users are now usingRoaming
User Profiles.
- To verify that the new User Home Folder has been moved/configured, I opened
File Explorer
on a Workstation machine, selectedThis PC
and verified that the current user is able to access to their home folder (which should be a mounted network share mounted as the S:\ Drive)