[Samba] Roaming Profiles GPO

Anders Östling anders.ostling at gmail.com
Mon Dec 11 12:10:24 UTC 2023


Tobias, i experienced exactly the same thing, file server for the shares is
4.18 and the clients windows 10 pro, so you are not alone (if that is any
comfort).

mån 11 dec. 2023 kl. 13:01 skrev Pluess, Tobias via samba <
samba at lists.samba.org>:

> Hi Rowland
>
> yes, if I do it according to this guide, it works indeed, but it does so
> for all accounts. However I don't want, for example, a roaming profile for
> the Administrator and a couple other accounts. Instead, I wanted this GPO
> only applied for one specific group. Isn't that possible?
>
> On Mon, 11 Dec 2023, 12:35 Rowland Penny via samba, <samba at lists.samba.org
> >
> wrote:
>
> > On Mon, 11 Dec 2023 11:30:43 +0100
> > "Pluess, Tobias via samba" <samba at lists.samba.org> wrote:
> >
> > > Good Day,
> > >
> > > I want to use a GPO to enable roaming profiles for certain users. For
> > > this, I followed this guide:
> > >
> > >
> >
> https://learn.microsoft.com/en-us/windows-server/storage/folder-redirection/deploy-roaming-user-profiles#step-2-create-a-roaming-user-profiles-security-group
> > >
> > > I created in my directory the group "Roaming Profile Users" and added
> > > 2 users to it. Afterwards, I went to the GPO editor and created the
> > > GPO for the roaming profiles. I removed the "Authenticated users"
> > > from the "Security Filtering" and added the "Authenticated users"
> > > back on the "Delegation" tab.
> > > Further, I added my freshly created "Roaming Profile Users" group
> > > under "Security Filtering", because I understood it such that the GPO
> > > is only applied to the users and groups under "Security Filtering".
> > >
> > > So, according to my understanding, the configuration was correct. To
> > > make sure the GPO is in effect, I executed "gpupdate /force" and
> > > rebooted the computer. Now, when I want to login as one of the users
> > > in the "Roaming Profile Users" group, no roaming profile is created
> > > on my file share, and a normal local profile is created instead.
> > > On the other hand, when I add the "Authenticated users" to the
> > > "Security Filtering", everything works as expected, i.e. a roaming
> > > profile is created during login, but this happens for all domain
> > > users, not just for the ones I want.
> > > So obviously it seems like it does not work to apply a GPO only for
> > > one group, is this as intended or is this a bug?
> > >
> > > I use Samba 4.17.12 on debian and Windows 10 N LTSC as the client.
> > >
> > > Thanks for any hints!
> >
> > Try reading this wiki page, it worked at the beginning of the month :-)
> >
> > https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list