none
Roaming profiles not working with VDI

    Question

  • Hi,

    We're setting up a new VDI system, configured as follows:

    VM-HOST - Server 2008 R2 Enterprise on physical box, Hyper-V and RD Virtualization Host roles, hosting VMs for VM-BROKER and 25x Win 7 Pro VMs for VDI

    VM-BROKER - Server 2008 R2 Enterprise VM, RD Session Host, Connection Broker, Gateway and Web Access roles

    PDC - Server 2003, AD, DNS etc

    We have a GPO for Computer/Administrative Templates/Windows Components/Terminal Services/Set path for TS Roaming Profiles set to \\VM-HOST\VDIProfile$ (Do not append the user name to the profile path is disabled) and linked to the OU that the VDI VMs are in.

    Sharing permissions on the roaming profiles folder are :
    CREATOR OWNER, Everyone: Full Control

    NTFS permissions on the roaming profiles folder are:
    CREATOR OWNER: Full Control - Subfolders and files only
    Administrators, SYSTEM and Domain Users: Full Control - This  folder, subfolders and files only


    The VDI setup itself is working fine, however when we log in with test users it never creates the roaming profile folder for the user. 


    Any help much appreciated.
    Friday, March 30, 2012 2:07 PM

Answers

  • Hi,


    We suggest you to make the following changes in group policies:


    1.) Remove all profile path settings from the individual user objects in AD and in GPO.
    2.) Configure the following policy in a GPO that contains all the VDI computer objects:

    Set roaming profile path for all users logging onto this computer
                    Path:                     Machine\System\User Profiles
                    Requires:             At least Windows Vista


    Explain:  Specifies whether Microsoft Windows should use the specified network path as the roaming user profile path for all users logging onto this computer. To use this setting, type the path to the network share in the form \\Computername\Sharename\. It is recommended to add %USERNAME% to the path to give each user an individual profile folder. If not specified, all users logging onto this computer will use the same roaming profile folder as specified by this policy. You need to ensure that you have set the appropriate security on the folder to allow all users to access the profile. If you enable this policy setting, all users logging on this computer will use the roaming profile path specified in this policy. If you disable or do not configure this policy setting, then users logging on this computer will use their local profile or standard roaming user profile.  


    Note: There are 4 ways to configure a roaming profile for a user. Windows reads profile configuration in the following order and uses the first configured setting it reads:

    1. Terminal Services roaming profile path specified by Terminal Services policy.
    2. Terminal Services roaming profile path specified by the user object
    3. A per-computer roaming profile path specified in this policy.
    4. A per-user roaming profile path specified in the user object.


    There are several supported and unsupported scenarios described in this article:
    http://blogs.technet.com/b/askds/archive/2010/09/01/microsoft-s-support-statement-around-replicated-user-profile-data.aspx

     


    Technology changes life……

    Tuesday, April 03, 2012 8:20 AM
    Moderator