Configuring Roaming Profiles for User Accounts
Full-Access Members Only
Sorry, this lesson is only available to Server Academy Full-Access members. Become a Full-Access member now and get instant access to this and many more premium courses. Click the button below and get instant access now.
There are no resources for this lesson.
In this lecture, we are going to be setting the shared folder for our Roaming Profile set up that we will have going on in Active Directory.
We have seen how to create a shared folder with File Explorer so this time let’s do it with Server Manager.
Click on File and Storage Services and then select Shares.
Now on the middle pane right-click and select New Share...
The New Share Wizard window will pop up. Select SMB Share - Quick. This is the fastest way to create a share. Click Next to continue.
In the Select the server and path for this share window select IPDC01 and on the Share Location choose the E:\ drive and click Next.
Now we need to Specify share name. Type the Share Name Profiles$. The dollar sign ($) makes the folder hidden so that its not easily viewable by people browsing the share path. Click Next to continue.
On the Configure sharing settings window, we need to mark Enable access-based enumeration. This enables users to only see folders and files that they have access to. Click on Encrypt data access. This is going to allow us to have more security by encrypting the remote file access. Click Next to continue.
Now we need to specify who is going to be able to access the file share under the Specify permissions to control access window. Click on Customize permissions… button.
Microsoft recommends that we remove the user groups that are by default added to the permissions. First, we need to disable inheritance by clicking on the Disable Inheritance button.
Now we need to choose Convert inherited permissions into explicit permissions on this object. This option takes the inherited permissions and it sets up a new set of permissions for just this profile share. That allows us to change the permissions settings.
We remove the last two groups of users from the list and click on the Apply button.
Now, let’s go to Active Directory by clicking on Server Manager > Active Directory Users and Computers and create a user group. This new user group will be called Roaming Profiles and we are going to give permissions to this group to the Profiles folder. Expand instructorpaul.com and the OU instructorpaul. Right-click it and select New > Organizational Unit.
Let’s call this OU Domain Groups and click on OK.
Now within this new OU, we will right-click it and select New > Group.
We are going to call the new Global Security group Roaming Profile Users. We choose Global to make it accessible to our domain and all trusted domains and Security because we are going to be dealing with permissions. Click OK.
Now let’s add a user account to the new group. Double click the group and select the Members tab and click on Add...
Search for all the user accounts you want to add. In this case we will add paul.hill and click on the Check Names button and click OK. You will add all the user names or groups that you want to be able to use Roaming Profiles within your Active Directory Domain.
Now, go back to the New Share Wizard. We need to add that security group to these permissions entries. Click Add at the bottom and under Principal we need to click on Select a principal link.
Search for Roaming Profile Users group and click on Check Names button and OK.
We are going to uncheck all these Basic permissions (1) and click on Show advanced permissions (2).
From the Advanced Permissions list we are selecting:
- List folder/read data
- Create folders/append data
Server Academy Members Only
Sorry, this lesson is only available to Server Academy Full Access members. Become a Full-Access Member now and you’ll get instant access to all of our courses.