[Samba] Roaming Profiles GPO

[Stefan Kania]

Am 11.12.23 um 19:48 schrieb Rowland Penny via samba:
> On Mon, 11 Dec 2023 19:25:23 +0100
> "Pluess, Tobias via samba" <samba at lists.samba.org> wrote:
> 
>>   Hi Rowland,
>>
>> if I do it as you recommend,
>>
>> * You can alternatively set other groups, to enable the group members
>> to store their user profile on the share. When using different
>> groups, apply the permissions as displayed for Domain Users in the
>> previous example.
>>
>> then it sort-of works: YES, a user that is not in the "Roaming Profile
>> Users" group gets not created a roaming user profile on the file
>> server, which is good, but he gets, on every login on Windows, the
>> warning message from the "User Profile Service", that his/her profile
>> cannot be synced with the server.
>>
>> To me this makes 100% sense, because the GPO is applied to
>> "Authenticated Users", but if the user in question is not member of
>> the "Roaming User Profiles" group, he/she cannot access the share on
>> the file server.
>>
> 
> I think using 'Authenticated Users' is the problem.
>  From my understanding, this is a group that contains any user that has
> authenticated, so the GPO is running for ALL users.
> However, the actual profile isn't created unless the user is a member of
> the group you created.
>  
If you remove "authenticate users" you will get an error message that 
you must add doamin-computers to the ACL of the GPO. Best practice is to 
create an ou-structure so you can stay with "authenticated users". As I 
posted before. look at my tutorial from sambaxp there you will find 
anything to get roaming profiles with folder redirection running

> Rowland
> 

-- 
Stefan Kania
Landweg 13
25693 St. Michaelisdonn


Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre 
Privatsphäre. Ein kostenfreies Zertifikat erhalten Sie unter 
https://www.dgn.de/dgncert/index.html
Download der root-Zertifikate: https://www.dgn.de/dgncert/downloads.html

Neuer GPG-Key der public key befindet sich im Anhang