Configuring Roaming Profiles for User Accounts

Sign up to access this lesson

Click here to sign up and get access to this lesson!

Saving Progress...

In this lecture, we are going to be setting the shared folder for our Roaming Profile set up that we will have going on in Active Directory.

We have seen how to create a shared folder with File Explorer so this time let’s do it with Server Manager.

Click on File and Storage Services and then select Shares.

Now on the middle pane right-click and select New Share...

The New Share Wizard window will pop up. Select SMB Share - Quick. This is the fastest way to create a share. Click Next to continue.

In the Select the server and path for this share window select IPDC01 and on the Share Location choose the E:\ drive and click Next.

Now we need to Specify share name. Type the Share Name Profiles$. The dollar sign ($) makes the folder hidden so that its not easily viewable by people browsing the share path. Click Next to continue.

On the Configure sharing settings window, we need to mark Enable access-based enumeration. This enables users to only see folders and files that they have access to. Click on Encrypt data access. This is going to allow us to have more security by encrypting the remote file access. Click Next to continue.

Now we need to specify who is going to be able to access the file share under the Specify permissions to control access window. Click on Customize permissions… button.

Microsoft recommends that we remove the user groups that are by default added to the permissions. First, we need to disable inheritance by clicking on the Disable Inheritance button.

Now we need to choose Convert inherited permissions into explicit permissions on this object. This option takes the inherited permissions and it sets up a new set of permissions for just this profile share. That allows us to change the permissions settings.

We remove the last two groups of users from the list and click on the Apply button.

Now, let’s go to Active Directory by clicking on Server Manager > Active Directory Users and Computers and create a user group. This new user group will be called Roaming Profiles and we are going to give permissions to this group to the Profiles folder. Expand and the OU instructorpaul. Right-click it and select New > Organizational Unit.

Let’s call this OU Domain Groups and click on OK.

Now within this new OU, we will right-click it and select New > Group. 

We are going to call the new Global Security group Roaming Profile Users. We choose Global to make it accessible to our domain and all trusted domains and Security because we are going to be dealing with permissions. Click OK.

Now let’s add a user account to the new group. Double click the group and select the Members tab and click on Add...

Search for all the user accounts you want to add. In this case we will add paul.hill and click on the Check Names button and click OK. You will add all the user names or groups that you want to be able to use Roaming Profiles within your Active Directory Domain.

Now, go back to the New Share Wizard. We need to add that security group to these permissions entries. Click Add at the bottom and under Principal we need to click on Select a principal link.

Search for Roaming Profile Users group and click on Check Names button and OK.

We are going to uncheck all these Basic permissions (1) and click on Show advanced permissions (2).

From the Advanced Permissions list we are selecting:

  • List folder/read data
  • Create folders/append data

Sign up to access the rest of this lesson

You must either log in or sign up to access this lesson.

Saving Progress...

0 0 votes
Lesson Rating
Notify of
Newest Most Voted
Inline Feedbacks
View all comments
profile avatar
Ramiro Del Rio(@ramirod)
Points: 225
19 days ago

What else is synced under the roaming profiles besides the files? The Windows Explorer and Chrome settings as well?

Please advise,


profile avatar
Ricardo P(@ricardop)
Power Student
Points: 17376
Reply to  Ramiro Del Rio
18 days ago

Hi profile avatar Ramiro Del Rio

For Chrome, you might need to configure some settings manually. Check the following:


Group Policy & Security with Windows Server


0/1 Lessons

Course Introduction

• 2min

0 / 1 lessons complete

Introduction to Group Policy Management

• 1hr 24min

0 / 6 lessons complete

Manage Your Workstations

• 1hr 46min

0 / 7 lessons complete

Securing Your Domain

• 1hr 1min

0 / 5 lessons complete

Group Policy Troubleshooting

• 53min

0 / 5 lessons complete

Course Conclusion

• 1min

0 / 1 lessons complete