We're setting up a new VDI system, configured as follows:
VM-HOST - Server 2008 R2 Enterprise on physical box, Hyper-V and RD Virtualization Host roles, hosting VMs for VM-BROKER and 25x Win 7 Pro VMs for VDI
VM-BROKER - Server 2008 R2 Enterprise VM, RD Session Host, Connection Broker, Gateway and Web Access roles
PDC - Server 2003, AD, DNS etc
We have a GPO for Computer/Administrative Templates/Windows Components/Terminal Services/Set path for TS Roaming Profiles set to \\VM-HOST\VDIProfile$ (Do not append the user name to the profile path is disabled) and linked to the OU that the VDI VMs are in.
Sharing permissions on the roaming profiles folder are :
CREATOR OWNER, Everyone: Full Control
NTFS permissions on the roaming profiles folder are:
CREATOR OWNER: Full Control - Subfolders and files only
Administrators, SYSTEM and Domain Users: Full Control - This folder, subfolders and files only
The VDI setup itself is working fine, however when we log in with test users it never creates the roaming profile folder for the user.
We suggest you to make the following changes in group policies:
1.) Remove all profile path settings from the individual user objects in AD and in GPO.
2.) Configure the following policy in a GPO that contains all the VDI computer objects:
Set roaming profile path for all users logging onto this computer
Path: Machine\System\User Profiles
Requires: At least Windows Vista
Explain: Specifies whether Microsoft Windows should use the specified network path as the roaming user profile path for all users logging onto this computer. To use this setting, type the path to the network share in the form
\\Computername\Sharename\. It is recommended to add %USERNAME% to the path to give each user an individual profile folder. If not specified, all users logging onto this computer will use the same roaming profile
folder as specified by this policy. You need to ensure that you have set the appropriate security on the folder to allow all users to access the profile. If you enable this policy setting, all users logging on this computer will use the roaming profile path
specified in this policy. If you disable or do not configure this policy setting, then users logging on this computer will use their local profile or standard roaming user profile.
Note: There are 4 ways to configure a roaming profile for a user. Windows reads profile configuration in the following order and uses the first configured setting it reads:
1. Terminal Services roaming profile path specified by Terminal Services policy.
2. Terminal Services roaming profile path specified by the user object
3. A per-computer roaming profile path specified in this policy.
4. A per-user roaming profile path specified in the user object.
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.