[Samba] Roaming Profiles GPO
Rowland Penny
rpenny at samba.org
Mon Dec 11 11:34:57 UTC 2023
On Mon, 11 Dec 2023 11:30:43 +0100
"Pluess, Tobias via samba" <samba at lists.samba.org> wrote:
> Good Day,
>
> I want to use a GPO to enable roaming profiles for certain users. For
> this, I followed this guide:
>
> https://learn.microsoft.com/en-us/windows-server/storage/folder-redirection/deploy-roaming-user-profiles#step-2-create-a-roaming-user-profiles-security-group
>
> I created in my directory the group "Roaming Profile Users" and added
> 2 users to it. Afterwards, I went to the GPO editor and created the
> GPO for the roaming profiles. I removed the "Authenticated users"
> from the "Security Filtering" and added the "Authenticated users"
> back on the "Delegation" tab.
> Further, I added my freshly created "Roaming Profile Users" group
> under "Security Filtering", because I understood it such that the GPO
> is only applied to the users and groups under "Security Filtering".
>
> So, according to my understanding, the configuration was correct. To
> make sure the GPO is in effect, I executed "gpupdate /force" and
> rebooted the computer. Now, when I want to login as one of the users
> in the "Roaming Profile Users" group, no roaming profile is created
> on my file share, and a normal local profile is created instead.
> On the other hand, when I add the "Authenticated users" to the
> "Security Filtering", everything works as expected, i.e. a roaming
> profile is created during login, but this happens for all domain
> users, not just for the ones I want.
> So obviously it seems like it does not work to apply a GPO only for
> one group, is this as intended or is this a bug?
>
> I use Samba 4.17.12 on debian and Windows 10 N LTSC as the client.
>
> Thanks for any hints!
Try reading this wiki page, it worked at the beginning of the month :-)
https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles
Rowland
More information about the samba
mailing list