Windows 7 / Getting Started

Implementing Roaming User Profiles

To implement RUP for users of Windows Vista and later computers in an AD DS environment, follow these steps:

  1. Prepare the file server where you want to store roaming user profiles for users by creating a shared folder on the server. (This server is sometimes called the profile server; a typical share name for this shared folder is Profiles.)
  2. Assign the permissions shown in Tables 1 and 2 to the underlying folder being shared and to the share itself. Also, confirm that the permissions in Table 3 are automatically applied to each roaming user profile folder.
  3. Create a default network profile for users and copy it to the NETLOGON share on a domain controller. Let it replicate to other domain controllers in the domain. (This step is optional and is typically necessary only if you want to preconfigure a roaming user profile for your users so that they will all have the same desktop experience when they first log on. If you do not create a default network profile, Windows Vista and later versions will use the local %SystemRoot%\Users\Default profile instead.)
  4. Open Active Directory Users And Computers and configure the profile path on the Profile tab for each user who will roam.

Additional optional steps include configuring roaming profiles as mandatory profiles or as super-mandatory profiles if desired.

Table-1: NTFS Permissions for the Roaming Profile Parent Folder

User AccountMinimum Permissions Required
Creator/OwnerFull Control - Subfolders And Files Only
AdministratorNone
Security group of users needing to put data on the shareList Folder/Read Data, Create Folders/Append Data - This Folder Only
EveryoneNo Permissions
LocalSystemFull Control - This Folder, Subfolders, And Files

Table 2: Share-Level Server Message Block Permissions for the Roaming Profile Share

User AccountDefault PermissionsMinimum Permission Required
EveryoneFull ControlNo Permissions
The security groupof the users needing to put data on the shareN/AFull Control

Table-3: NTFS Permissions for Each User's Roaming Profile Folder

Table 2: Share-Level Server Message Block Permissions for the Roaming Profile Share

User AccountDefault PermissionsMinimum Permission Required
%UserName%Full Control, Owner Of FolderFull Control, Owner Of Folder
LocalSystemFull ControlFull Control
AdministratorsNo Permissions*No Permissions
EveryoneNo PermissionsNo Permissions

*This is true unless you set the Add The Administrator Security Group To The Roaming User Profile Share policy, in which case the Administrators group has Full Control (requires Windows 2000 SP2 or later versions).

[Previous] [Contents] [Next]

In this tutorial:

  1. Managing Users and User Data
  2. Understanding User Profiles in Windows 7
  3. Types of User Profiles
  4. User Profile Namespace
  5. User Profile Namespace in Windows XP
  6. User Profile Namespace in Windows Vista and Windows 7
  7. Application Compatibility Issue
  8. Disabling Known Folders
  9. Windows 7 Understanding Libraries
  10. Working with Libraries
  11. Including Indexed Folders in a Library
  12. Adding Nonindexed Remote Locations to a Library
  13. Creating Additional Libraries
  14. Managing Libraries
  15. Implementing Corporate Roaming
  16. Understanding Roaming User Profiles and Folder Redirection
  17. Understanding Roaming User Profiles in Earlier Versions of Windows
  18. Understanding Folder Redirection in Earlier Versions of Windows
  19. Enhancements to Roaming User Profiles and Folder Redirection Previously Introduced in Windows Vista
  20. Additional Enhancements to Roaming User Profiles and Folder Redirection Introduced in Windows 7
  21. Improved First Logon Performance With Folder Redirection
  22. Implementing Folder Redirection
  23. Configuring the Redirection Method
  24. Configuring Target Folder Location
  25. Configuring Redirection Options
  26. Configuring Policy Removal Options
  27. Folder Redirection and Sync Center
  28. Considerations for Mixed Environments
  29. Additional Group Policy Settings for Folder Redirection
  30. Troubleshooting Folder Redirection
  31. Implementing Roaming User Profiles
  32. Creating a Default Network Profile
  33. Configuring a User Account to Use a Roaming Profile
  34. Implementing Mandatory Profiles
  35. Implementing Super-Mandatory Profiles
  36. Managing User Profiles Using Group Policy
  37. Working with Offline Files
  38. Enhancements to Offline Files Introduced Previously in Windows Vista
  39. Additional Enhancements to Offline Files Introduced in Windows 7
  40. Understanding Offline File Sync
  41. Modes of Operation in Offline Files
  42. Managing Offline Files
  43. Managing Offline Files Using Windows Explorer
  44. Managing Offline Files Using the Offline Files Control Panel
  45. Managing Offline Files Using Sync Center
  46. Configuring Offline Files on the Server
  47. Managing Offline Files Using Group Policy
  48. Offline Files Policy Settings Introduced in Windows Vista
  49. Additional Offline Files Policy Settings for Windows 7