none
Profile Redirection and GPP drive mapping with NFS Share.

    Question

  • Hi all , I'm trying to redirect a terminal server ( RDS ) profile to an NFS share - does anybody know if this is supported or workable solution ?

    I currently have a Windows 2008 R2 RDS server with NFS services installed.  I can mount and write to an NFS share using the mount or net use or even the map drive command however if I try to access it via a UNC path in explorer it fails.  The Group Policy for profile redirection is specified in UNC format : \\NFSServer\Share however when I try to specify it this way a temporary profile is loaded instead - even though the users profile directory does get created on the NFS share.   I've even tried using the NFS share format : NFSSserver:/Share however that doesn't work either.   Is NFS format allowed in GP ? I digress......

    The policy I'm modifing is Computer / Policies / Admin Templates / Windows Components / RDS/ RDS Host / Profile - set path for Remote Desktop Services Roaming User. 

    There are errors in the logs for security which seems to be the issue - obviously with NFS I can't specify NTFS permissions on the folder though...

    Windows could not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you log off. Windows could not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrators group must be the owner of the folder.

    Also I'm trying to use a GPP for a drive map to an NFS share and it doesn't appear to be working either - again is this supported on an NFS share ?

    Error for drive map :

    The user 'H:' preference item in the 'Drive Mapping {5783CE47-C1F6-485A-BC8B-B54460037E97}' Group Policy object did not apply because it failed with error code '0x800300fd An unexpected error occurred.' This error was suppressed.

    I also receive an NFSCLNT event log :

      Windows(R) Lightweight Directory Access Protocol (LDAP) failed a request to connect to Active Directory Domain Services(R) for Windows user <Domain\User2>.

      Without the corresponding UNIX identity of the Windows user, the user cannot access Network File System (NFS) shared resources.

      Verify that the Windows user is in Active Directory Domain Services and has access permissions.

    Does this need to be setup for accessing NFS shares correctly and does anyone have any good resources for this ?

    Thanks

    Monday, February 18, 2013 9:09 PM

Answers

  • Hi,

    Folder Redirection, Roaming profile and Drive mapping are SMB based. As the error message you've seen, redirect profile to NFS is not supported. Regarding mapping drive, you can try to use logon script instead.

    Regards,
    Cicely

    Wednesday, February 20, 2013 4:23 AM
  • Am 20.02.2013 05:23, schrieb Cicely Feng:
    > redirect profile to NFS is not supported
     
    It is not really "NFS is not supported", but NFS cannot handle the ACL
    requirements for redirected profiles... You MUST use a file system that
    supports sufficient ACLs (CIFS/SMB).
     
    In addition, NFS uses UIDs/GIDs instead of windows SIDs, so you need a
    proper mapping. But how to do that is out of my experience...
     

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    Wednesday, February 20, 2013 7:56 PM

All replies

  • Hi,

    Folder Redirection, Roaming profile and Drive mapping are SMB based. As the error message you've seen, redirect profile to NFS is not supported. Regarding mapping drive, you can try to use logon script instead.

    Regards,
    Cicely

    Wednesday, February 20, 2013 4:23 AM
  • Am 20.02.2013 05:23, schrieb Cicely Feng:
    > redirect profile to NFS is not supported
     
    It is not really "NFS is not supported", but NFS cannot handle the ACL
    requirements for redirected profiles... You MUST use a file system that
    supports sufficient ACLs (CIFS/SMB).
     
    In addition, NFS uses UIDs/GIDs instead of windows SIDs, so you need a
    proper mapping. But how to do that is out of my experience...
     

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    Wednesday, February 20, 2013 7:56 PM
  • Thanks guys pretty much what I thought.  Guess I'll have to switch to SMB !

    Monday, February 25, 2013 4:01 AM