[Samba] Roaming Profiles GPO
Pluess, Tobias
tpluess at ieee.org
Mon Dec 11 11:59:58 UTC 2023
Hi Rowland
yes, if I do it according to this guide, it works indeed, but it does so
for all accounts. However I don't want, for example, a roaming profile for
the Administrator and a couple other accounts. Instead, I wanted this GPO
only applied for one specific group. Isn't that possible?
On Mon, 11 Dec 2023, 12:35 Rowland Penny via samba, <samba at lists.samba.org>
wrote:
> On Mon, 11 Dec 2023 11:30:43 +0100
> "Pluess, Tobias via samba" <samba at lists.samba.org> wrote:
>
> > Good Day,
> >
> > I want to use a GPO to enable roaming profiles for certain users. For
> > this, I followed this guide:
> >
> >
> https://learn.microsoft.com/en-us/windows-server/storage/folder-redirection/deploy-roaming-user-profiles#step-2-create-a-roaming-user-profiles-security-group
> >
> > I created in my directory the group "Roaming Profile Users" and added
> > 2 users to it. Afterwards, I went to the GPO editor and created the
> > GPO for the roaming profiles. I removed the "Authenticated users"
> > from the "Security Filtering" and added the "Authenticated users"
> > back on the "Delegation" tab.
> > Further, I added my freshly created "Roaming Profile Users" group
> > under "Security Filtering", because I understood it such that the GPO
> > is only applied to the users and groups under "Security Filtering".
> >
> > So, according to my understanding, the configuration was correct. To
> > make sure the GPO is in effect, I executed "gpupdate /force" and
> > rebooted the computer. Now, when I want to login as one of the users
> > in the "Roaming Profile Users" group, no roaming profile is created
> > on my file share, and a normal local profile is created instead.
> > On the other hand, when I add the "Authenticated users" to the
> > "Security Filtering", everything works as expected, i.e. a roaming
> > profile is created during login, but this happens for all domain
> > users, not just for the ones I want.
> > So obviously it seems like it does not work to apply a GPO only for
> > one group, is this as intended or is this a bug?
> >
> > I use Samba 4.17.12 on debian and Windows 10 N LTSC as the client.
> >
> > Thanks for any hints!
>
> Try reading this wiki page, it worked at the beginning of the month :-)
>
> https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list