[Samba] Roaming Profiles GPO

Anders Östling anders.ostling at gmail.com
Thu Dec 14 10:48:34 UTC 2023


Great tutorial for all of us that have been fighting with this setup over the years. I have a couple of follow up questions though

On page 8, you mention that existing local profiles should be deleted. Is there any pre-cautions that should be taken before doing this (to prevent data loss for example)?
The tutorial I straight forward for a new setup, but what is your practice when it comes to updating an existing domain with these features, again to prevent data loss and sad users.

/A

> On Dec 11, 2023, at 13:12, Stefan Kania via samba <samba at lists.samba.org> wrote:
> 
> You can also take a look at my tutorial from SambaXP
> https://u.pcloud.link/publink/show?code=XZ3bsRVZTShsXcE4k4m3DsgeYklEBLkP4sty
> 
> Am 11.12.23 um 11:30 schrieb Pluess, Tobias via samba:
>> Good Day,
>> I want to use a GPO to enable roaming profiles for certain users. For this,
>> I followed this guide:
>> https://learn.microsoft.com/en-us/windows-server/storage/folder-redirection/deploy-roaming-user-profiles#step-2-create-a-roaming-user-profiles-security-group
>> I created in my directory the group "Roaming Profile Users" and added 2
>> users to it. Afterwards, I went to the GPO editor and created the GPO for
>> the roaming profiles. I removed the "Authenticated users" from the
>> "Security Filtering" and added the "Authenticated users" back on the
>> "Delegation" tab.
>> Further, I added my freshly created "Roaming Profile Users" group under
>> "Security Filtering", because I understood it such that the GPO is only
>> applied to the users and groups under "Security Filtering".
>> So, according to my understanding, the configuration was correct. To make
>> sure the GPO is in effect, I executed "gpupdate /force" and rebooted the
>> computer. Now, when I want to login as one of the users in the "Roaming
>> Profile Users" group, no roaming profile is created on my file share, and a
>> normal local profile is created instead.
>> On the other hand, when I add the "Authenticated users" to the "Security
>> Filtering", everything works as expected, i.e. a roaming profile is created
>> during login, but this happens for all domain users, not just for the ones
>> I want.
>> So obviously it seems like it does not work to apply a GPO only for one
>> group, is this as intended or is this a bug?
>> I use Samba 4.17.12 on debian and Windows 10 N LTSC as the client.
>> Thanks for any hints!
> 
> -- 
> Stefan Kania
> Landweg 13
> 25693 St. Michaelisdonn
> 
> 
> Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre Privatsphäre. Ein kostenfreies Zertifikat erhalten Sie unter https://www.dgn.de/dgncert/index.html
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba



More information about the samba mailing list