« Applying User Policies | Main | Printing posters & large format scanning »

March 12, 2005

Roaming Profiles w/Case ADS

Roaming profiles not only make sense for a lab environment, but an office environment as well. In the Engineering Dean's Office I use them as a means of backing up all of a user's settings. If something happens to their PC, I can quickly put a backup machine in place while their office machine is repaired. The user simply logs in, and their previous settings are restored. This is how roaming profiles work with the campus ADS:

Other methods exist for setting the environment variables, so you can more easily change them without revisiting each machine. One is creating an ADM file with a custom policy for these environment variables (something I'll look into). Another way is defining them in the login script, which is the method used by Alan Rothenbush at Simon Fraser University - whom I got this whole roaming profile idea from.

The default profile used when creating the user's first profile is the "C:\Documents and Settings\Default User" profile on the local machine used when first logging on. This is because no Default User profile exists in the SYSVOL share of the campus domain controllers (probably a good thing). Make any changes to this profile if you want them to apply to users when the first log in. See KB305709: HOW TO: Create a Custom Default User Profile

I have also setup Folder Redirection of the user's My Documents folder to speed up profile loading. Aside from the "nord-profile$" share I've created on my server, I've also setup "nord-home$". I then set the Folder Redirection policy to put My Documents in \\servername\nord-home$\%username% - using the same share/file system permissions listed above for the profile share. The results are seperating "My Documents" from the user's profile, so it isn't copied back and forth every time the user logs in. One 'surprise' is that Windows XP automatically turns on offline file caching for redirected folders. If you don't like this behaviour, enable the policy "Do not automatically make redirected folders available offline", under User Configuration -> Administrative Templates -> Network -> Offline Files.

Make sure to read Recommendations for Folder Redirection for more information on Folder Redirection policies.

Posted by djc6 at March 12, 2005 03:35 PM

Trackback Pings

TrackBack URL for this entry:


This is probably one of the single most complete "roaming profile" how-to's I've seen..

Good work!..another nice site for roaming profiles is

Keep up the good work!

Posted by: Kenny Calero at November 17, 2005 01:14 AM

Quick note: the system environment variable known as "ProfileServer" has to be set to the FQDN of the server. It was driving me nuts until I set the full name. (ex: servername.case.edu)

Posted by: Keith Wane at January 17, 2006 11:27 AM

Great article! Have you considered putting it up on Wikipedia?

Posted by: Les at March 22, 2006 12:21 AM

I can't find the "Add the Administrators security group to roaming user profiles" in policy editor.
I am using windows 2000 SP4. Can anyone help?

Posted by: Jon Cann at June 23, 2006 05:19 AM

This is a very good way to use multiple roaming profiles, for example depending on cmputer type (desktop or laptop).
Something I've used to be sure that the computer have the profilepath computer environment variable before the user loggs on is the following customized ADM file:

----- CustomizedComputer.adm -----


CATEGORY "Customized - Computer"

CATEGORY "Aditional computer environment variables"

KEYNAME "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"

POLICY "Aditional self dfined variables"



----- CustomizedComputer.adm -----

I've tried it on Windows 2000 Standard Server SP4 with Windows XP Professional SP2 clients and it runs good


Posted by: Daniel at October 23, 2006 12:12 PM


Thanks so much for this excellent document. I am having a problem, though, setting the environment variables so that they are used on login.

They are available to the user once logged in but when used in the Profile Path they seem to not expand, or something...e.g. echo %PROFILESERVER% does in fact echo the name of the profile server, likewise for %PROFILESHARE%.

I have copied your naming conventions exactly and still no luck.

Any advice appreciated

Posted by: Erik M. at November 19, 2006 07:49 PM

the custom .adm file provided by daniel does not do anything. the file must be modified to work properly.

Posted by: keith at March 29, 2007 11:52 AM