Главная » Linux

What is roaming user profile in windows

Содержание
  1. Roaming Windows User Profiles
  2. Namespaces
  3. Page actions
  4. Contents
  5. Introduction
  6. Windows Roaming Profile Versions
  7. Setting up the Share on the Samba File Server
  8. Using Windows ACLs
  9. Using POSIX ACLs on a Unix domain member
  10. Assigning a Roaming Profile to a User
  11. In an Active Directory
  12. Using Active Directory Users and Computers
  13. Using a Group Policy Object
  14. Using ldbedit on a Domain Controller
  15. In an NT4 Domain
  16. Configuring Windows Profile Folder Redirections
  17. Folder Redirection, Offline Files, and Roaming User Profiles overview
  18. Technology description
  19. Practical applications
  20. New and changed functionality
  21. Always Offline mode
  22. What value does Always Offline mode add?
  23. How has Always Offline mode changed things?
  24. Cost-aware synchronization
  25. What value does cost-aware synchronization add?
  26. How has cost-aware synchronization changed things?
  27. Primary computers for Folder Redirection and Roaming User Profiles
  28. What value do primary computers add?
  29. How have primary computers changed things?
  30. Hardware requirements
  31. Software requirements
  32. More information

Roaming Windows User Profiles

Namespaces

Page actions

Contents

Introduction

A Windows profile is a set of files that contains all settings of a user including per-user configuration files and registry settings. In an Active Directory or NT4 domain you can set that the profile of a user is stored on a server. This enables the user to log on to different Windows domain members and use the same settings.

When using roaming user profiles, a copy of the profile is downloaded from the server to the Windows domain member when a user logs into. Until the user logs out, all settings are stored and updated in the local copy. During the log out, the profile is uploaded to the server.

Windows Roaming Profile Versions

Depending on the operating system version, Windows uses separate profile folders for a user to support Windows version-specific features. Version 2 profiles and later append the .V* suffix to the user’s profile folder.

The following Windows profile versions exist:

Windows Client OS Version Windows Server OS Version Profile Suffix Example Profile Folder Name
Windows NT 4.0 — Windows Vista Windows NT Server 4.0 — Windows Server 2008 none user
Windows 7 Windows Server 2008 R2 V2 user.V2
Windows 8.0 — 8.1* Windows Server 2012 — 2012 R2* V3 user.V3
Windows 8.1* Windows Server 2012 R2* V4 user.V4
Windows 10 (1507 to 1511) Windows Server 2016 V5 user.V5
Windows 10 (1607 and later) V6 user.V6

* Using the default settings, Windows 8.1 and Windows Server 2012 R2 use V3 profiles. However, the profiles are incompatible with Windows 8.0 and Windows Server 2012. For this reason it is recommended that you configure Windows 8.1 and Windows Server 2012 R2 to use V4 profiles. For further details, see: Incompatibility between Windows 8.1 roaming user profiles and those in earlier versions of Windows.

When you set the profile path for a user, you always set the path without any version suffix. For example:

Setting up the Share on the Samba File Server

Using Windows ACLs

To create a share, for example, profiles for hosting the roaming profiles on a Samba file server:

  • Create a new share. For details, see Setting up a Share Using Windows ACLs. Set the following permissions:
  • Share tab permissions:
Principal Allow
Everyone Full Control / Change / Read
  • Security tab file system permissions on the root of the profiles share:
Principal Access Applies to
Domain Users * Traverse folder / execute file
List folder / read data
Create folder / append data		 This folder only
CREATOR OWNER Full control Subfolders and files only
Domain Admins Full control This folder, subfolders and files
SYSTEM ** Full control This folder, subfolders and files

* You can alternatively set other groups, to enable the group members to store their user profile on the share. When using different groups, apply the permissions as displayed for Domain Users in the previous example. ** For details, see The SYSTEM Account. Verify that permission inheritance is disabled on the root of the share. If any permission entry in the Advanced Security Settings window displays a path in the Inherited from column, click the Disable inheritance button. On Windows 7, unselect the Include inheritable permissions from this object’s parent check box to set the same setting.

These settings enable members of the Domain Users group to store their roaming profiles on the share, without being able to access other user’s profiles. Members of the Domain Admins group are able to access all directories on the share.

Using POSIX ACLs on a Unix domain member

On a Unix domain member server, you can set up the profiles share using POSIX ACLs instead of using Windows access control lists (ACL). This will not work on a Samba Active Directory Controller.

Whilst it is possible to use POSIX ACLs for the profiles share on an Unix domain member, it is recommended that you set up the permissions from Windows. To do this, see Setting up the Profiles Share on the Samba File Server — Using Windows ACLs.
When setting up the share on a Samba Active Directory (AD) domain controller (DC), you cannot use POSIX ACLs. On an Samba DC, only shares using extended ACLs are supported. For further details, see Enable Extended ACL Support in the smb.conf File. To set up the share on a Samba AD DC, see Setting up the Profiles Share on the Samba File Server — Using Windows ACLs.
  • Add the following share configuration section to your smb.conf file:
Читайте также:  Цветовой профиль экрана windows 10

For details about the parameters used, see the descriptions in the smb.conf(5) man page.

  • Create the directory and set permissions:

These settings enable members of the Domain Users group to store their roaming profiles on the share, without being able to access other user’s profiles. Alternatively, you can set a different group.

  • Reload Samba:

Assigning a Roaming Profile to a User

Depending on the Windows version, Windows uses different folders to store the roaming profile of a user. However, when you set the profile path for a user, you always set the path to the folder without any version suffix. For example:

Note that you must not set a trailing backslash.

In an Active Directory

Using Active Directory Users and Computers

In an Active Directory, you can use the Active Directory Users and Computers Windows application to set the path to the user’s profile folder. If you do not have the Remote Server Administration Tools (RSAT) installed, see Installing RSAT.

To assign \\server\profiles\demo as profile folder to the demo account:

  • Log in to a computer using an account that is enabled to edit user accounts.
  • Open the Active Directory Users and Computers application.
  • Navigate to the directory container that contains the demo account.
  • Right-click to the demo user account and select Properties .
  • Select the Profile tab.
  • Fill the path to the home folder into the Profile path field.

Set the path always without any profile version suffix and without trailing backslash. For details, see The Windows Roaming Profile Versions. .

  • Click OK .

The setting is applied the next time the user logs in.

Using a Group Policy Object

Using group policy objects (GPO), you can assign settings to organizational units (OU) or to a domain. This enables you, for example, to automatically assign profile paths to all users that log on to a computer that is a member of the OU or domain. If you move the computer to a different OU or domain, the setting is removed or updated. Using this way, you do not have to assign manually the settings to each user account.

Windows only supports assigning a profile path using GPOs on a per-computer basis. This means that the path is also applied to local users on domain members, which have no access to the profile share. To set the profile path on a per-user basis, see Using Active Directory Users and Computers.

To create a group policy object (GPO) for the domain that automatically assigns the \\server\path\user_name path to every user that logs on to a Windows domain member:

  • Log in to a computer using an account that is allowed to edit group policies, such as the AD domain Administrator account.
  • Open the Group Policy Management Console . If you are not having the Remote Server Administration Tools (RSAT) installed on this computer, see Installing RSAT.
  • Right-click to your AD domain and select Create a GPO in this domain, and Link it here .

  • Enter a name for the GPO, such as Profiles on server . The new GPO is shown below the domain entry.
  • Right-click to the newly-created GPO and select Edit to open the Group Policy Management Editor .
  • Navigate to the Computer Configuration → Policies → Administrative Templates → System → User Profiles entry.
  • Double-click the Set roaming profile path for all users logging onto this computer policy to edit:
  • Enable the policy and set the profile path. For example:

Windows replaces the %USERNAME% variable with the user name during login. Set the path without trailing backslash.

  • Click OK .
  • Close the Group Policy Management Editor . The GPOs are automatically saved on the Sysvol share on the domain controller (DC).
  • Close the Group Policy Management Console .

The GPO is applied at the next reboot of the Windows domain members or when they reload the group policies.

Using ldbedit on a Domain Controller

On a domain controller (DC), to assign, for example, the \\server\profiles\demo\ path as profile folder to the demo account:

  • Edit the demo user account:
  • The accounts attributes are displayed in an editor. Append the following attribute and value to the end of the list:

You must not set a trailing backslash to the path.

  • Save the changes.

The setting is applied the next time the user logs in.

In an NT4 Domain

In an Samba NT4 domain, to set \\server\profiles\%U as path to the profile folder:

  • Add the following parameter to the [global] section in your smb.conf file:

During logging in to the domain member, Samba automatically replaces the %U variable with the session user name. For further details, see the Variable Substitutions section in the smb.conf(5) man page.

  • Reload Samba:

Configuring Windows Profile Folder Redirections

Folder Redirection, Offline Files, and Roaming User Profiles overview

Applies to: Windows 10, Windows 8, Windows 8.1, Windows Server 2019, Windows Server 2016, Windows Server 2012, Windows Server 2012 R2

This topic discusses the Folder Redirection, Offline Files (client-side caching or CSC), and Roaming User Profiles (sometimes known as RUP) technologies, including what’s new and where to find additional information.

Читайте также:  Mac mini windows нет звука

Technology description

Folder Redirection and Offline Files are used together to redirect the path of local folders (such as the Documents folder) to a network location, while caching the contents locally for increased speed and availability. Roaming User Profiles is used to redirect a user profile to a network location. These features used to be referred to as Intellimirror.

  • Folder RedirectionВ enables users and administrators to redirect the path of a known folder to a new location, manually or by using Group Policy. The new location can be a folder on the local computer or a directory on a file share. Users interact with files in the redirected folder as if it still existed on the local drive. For example, you can redirect the Documents folder, which is usually stored on a local drive, to a network location. The files in the folder are then available to the user from any computer on the network.
  • Offline FilesВ makes network files available to a user, even if the network connection to the server is unavailable or slow. When working online, file access performance is at the speed of the network and server. When working offline, files are retrieved from the Offline Files folder at local access speeds. A computer switches to Offline Mode when:
    • Always Offline mode has been enabled
    • The server is unavailable
    • The network connection is slower than a configurable threshold
    • The user manually switches to Offline Mode by using the Work offline button in Windows Explorer
  • Roaming User ProfilesВ redirects user profiles to a file share so that users receive the same operating system and application settings on multiple computers. When a user signs in to a computer by using an account that is set up with a file share as the profile path, the user’s profile is downloaded to the local computer and merged with the local profile (if present). When the user signs out of the computer, the local copy of their profile, including any changes, is merged with the server copy of the profile. Typically, a network administrator enables Roaming User Profiles on domain accounts.

Practical applications

Administrators can use Folder Redirection, Offline Files, and Roaming User Profiles to centralize storage for user data and settings and to provide users with the ability to access their data while offline or in the event of a network or server outage. Some specific applications include:

  • Centralize data from client computers for administrative tasks, such as using a server-based backup tool to back up user folders and settings.
  • Enable users to continue accessing network files, even if there is a network or server outage.
  • Optimize bandwidth usage and enhance the experience of users in branch offices who access files and folders that are hosted by corporate servers located offsite.
  • Enable mobile users to access network files while working offline or over slow networks.

New and changed functionality

The following table describes some of the major changes in Folder Redirection, Offline Files, and Roaming User Profiles that are available in this release.

Feature/functionality New or updated? Description
Always Offline mode New Provides faster access to files and lower bandwidth usage by always working offline, even when connected through a high-speed network connection.
Cost-aware synchronization New Helps users avoid high data usage costs from synchronization while using metered connections that have usage limits, or while roaming on another provider’s network.
Primary Computer support New Enables you to limit the use of Folder Redirection, Roaming User Profiles, or both to only a user’s primary computers.

Always Offline mode

Starting with Windows 8 and Windows Server 2012, administrators can configure the experience for users of Offline Files to always work offline, even when they are connected through a high-speed network connection. Windows updates files in the Offline Files cache by synchronizing hourly in the background, by default.

What value does Always Offline mode add?

The Always Offline mode provides the following benefits:

  • Users experience faster access to files in redirected folders, such as the Documents folder.
  • Network bandwidth is reduced, decreasing costs on expensive WAN connections or metered connections such as a 4G mobile network.

How has Always Offline mode changed things?

Prior to Windows 8, Windows Server 2012, users would transition between the Online and Offline modes, depending on network availability and conditions, even when the Slow-Link mode (also known as the Slow Connection mode) was enabled and set to a 1В millisecond latency threshold.

With Always Offline mode, computers never transition to Online mode when the Configure slow-link mode Group Policy setting is configured and the Latency threshold parameter is set to 1В millisecond. Changes are synced in the background every 120 minutes, by default, but synchronization is configurable by using the Configure Background Sync Group Policy setting.

Cost-aware synchronization

With cost-aware synchronization, Windows disables background synchronization when the user is using a metered network connection, such as a 4G mobile network, and the subscriber is near or over their bandwidth limit, or roaming on another provider’s network.

Metered network connections usually have round-trip network latencies that are slower than the default 35 millisecond latency value for transitioning to Offline (Slow Connection) mode in Windows 8, Windows Server 2019, Windows Server 2016, and Windows Server 2012. Therefore, these connections usually transition to Offline (Slow Connection) mode automatically.

What value does cost-aware synchronization add?

Cost-aware synchronization helps users avoid unexpectedly high data usage costs while using metered connections that have usage limits, or while roaming on another provider’s network.

How has cost-aware synchronization changed things?

Prior to Windows 8 and Windows Server 2012, users who wanted to minimize fees while using Offline Files on metered network connections had to track their data usage by using tools from the mobile network provider. The users could then manually switch to Offline mode when they were roaming, near their bandwidth limit, or over their limit.

With cost-aware sync, Windows automatically tracks roaming and bandwidth usage limits while on metered connections. When the user is roaming, near their bandwidth limit, or over their limit, Windows switches to Offline mode and prevents all synchronization. Users can still manually initiate synchronization, and administrators can override cost-aware synchronization for specific users, such as executives.

Primary computers for Folder Redirection and Roaming User Profiles

You can now designate a set of computers, known as primary computers, for each domain user, which enables you to control which computers use Folder Redirection, Roaming User Profiles, or both. Designating primary computers is a simple and powerful method to associate user data and settings with particular computers or devices, simplify administrator oversight, improve data security, and help protect user profiles from corruption.

What value do primary computers add?

There are four major benefits to designating primary computers for users:

  • The administrator can specify which computers users can use to access their redirected data and settings. For example, the administrator can choose to roam user data and settings between a user’s desktop and laptop, and to not roam the information when that user logs on to any other computer, such as a conference room computer.
  • Designating primary computers reduces the security and privacy risk of leaving residual personal or corporate data on computers where the user has logged on. For example, a general manager who logs on to an employee’s computer for temporary access does not leave behind any personal or corporate data.
  • Primary computers enable the administrator to mitigate the risk of an improperly configured or otherwise corrupt profile, which could result from roaming between differently configured systems, such as between x86-based and x64-based computers.
  • The amount of time required for a user’s first sign-in on a non-primary computer, such as a server, is faster because the user’s roaming user profile and/or redirected folders are not downloaded. Sign-out times are also reduced, because changes to the user profile do not need to be uploaded to the file share.

How have primary computers changed things?

To limit downloading private user data to primary computers, the Folder Redirection and Roaming User Profiles technologies perform the following logic checks when a user signs in to a computer:

  1. The Windows operating system checks the new Group Policy settings (Download roaming profiles on primary computers only and Redirect folders on primary computers only) to determine if the msDS-Primary-Computer attribute in Active Directory Domain Services (ADВ DS) should influence the decision to roam the user’s profile or apply Folder Redirection.
  2. If the policy setting enables primary computer support, Windows verifies that the AD DS schema supports the msDS-Primary-Computer attribute. If it does, Windows determines if the computer that the user is logging on to is designated as a primary computer for the user as follows:
    1. If the computer is one of the user’s primary computers, Windows applies the Roaming User Profiles and Folder Redirection settings.
    2. If the computer is not one of the user’s primary computers, Windows loads the user’s cached local profile, if present, or it creates a new local profile. Windows also removes any existing redirected folders according to the removal action that was specified by the previously applied Group Policy setting, which is retained in the local Folder Redirection configuration.

Hardware requirements

Folder Redirection, Offline Files, and Roaming User Profiles require an x64-based or x86-based computer, and they are not supported by Windows on ARM (WOA)-based computers.

Software requirements

To designate primary computers, your environment must meet the following requirements:

  • The Active Directory Domain Services (ADВ DS) schema must be updated to include Windows Server 2012 schema and conditions (installing a Windows Server 2012 or later domain controller automatically updates the schema). For more information about upgrading the AD DS schema, see Upgrade Domain Controllers to Windows Server 2016.
  • Client computers must run Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012 and be joined to the Active Directory domain that you are managing.

More information

For additional related information, see the following resources.

Читайте также:  Windows cmd exe colors
Оцените статью
© 2024 Советы по настройке компьютера