[Samba] Roaming Profiles GPO

Thu Dec 14 12:07:08 UTC 2023

Indeed, the folder redirection is quite cool, I have never thought about it
but it makes totally sense.
However, I have one little addition to this!

I noticed that, when you activate folder redirection for all folders, i.e.
including Desktop, and you place some shortcuts on your desktop, you get
always a very annoying warning message when double clicking on the
shortcut, because the shortcut now actually lives on the network share and
no longer on your local computer.

Fortunately, GPO also comes to the rescue here, to get rid of this message.
I found a good tutorial on how to set it up here:

https://garvis.ca/2014/12/18/folder-redirection-whered-these-warnings-come-from/

I did the steps as recommended and now, I can open all shortcuts on any
user profile, without annoying warnings all the time.
This GPO simply adds your file share to the "Intranet" security zone, for
which the warning is not displayed. For me it works just fine.

best
Tobias

On Thu, Dec 14, 2023 at 11:49 AM Anders Östling via samba <
samba at lists.samba.org> wrote:

> Great tutorial for all of us that have been fighting with this setup over
> the years. I have a couple of follow up questions though
>
> On page 8, you mention that existing local profiles should be deleted. Is
> there any pre-cautions that should be taken before doing this (to prevent
> data loss for example)?
> The tutorial I straight forward for a new setup, but what is your practice
> when it comes to updating an existing domain with these features, again to
> prevent data loss and sad users.
>
> /A
>
> > On Dec 11, 2023, at 13:12, Stefan Kania via samba <samba at lists.samba.org>
> wrote:
> >
> > You can also take a look at my tutorial from SambaXP
> >
> https://u.pcloud.link/publink/show?code=XZ3bsRVZTShsXcE4k4m3DsgeYklEBLkP4sty
> >
> > Am 11.12.23 um 11:30 schrieb Pluess, Tobias via samba:
> >> Good Day,
> >> I want to use a GPO to enable roaming profiles for certain users. For
> this,
> >> I followed this guide:
> >>
> https://learn.microsoft.com/en-us/windows-server/storage/folder-redirection/deploy-roaming-user-profiles#step-2-create-a-roaming-user-profiles-security-group
> >> I created in my directory the group "Roaming Profile Users" and added 2
> >> users to it. Afterwards, I went to the GPO editor and created the GPO
> for
> >> the roaming profiles. I removed the "Authenticated users" from the
> >> "Security Filtering" and added the "Authenticated users" back on the
> >> "Delegation" tab.
> >> Further, I added my freshly created "Roaming Profile Users" group under
> >> "Security Filtering", because I understood it such that the GPO is only
> >> applied to the users and groups under "Security Filtering".
> >> So, according to my understanding, the configuration was correct. To
> make
> >> sure the GPO is in effect, I executed "gpupdate /force" and rebooted the
> >> computer. Now, when I want to login as one of the users in the "Roaming
> >> Profile Users" group, no roaming profile is created on my file share,
> and a
> >> normal local profile is created instead.
> >> On the other hand, when I add the "Authenticated users" to the "Security
> >> Filtering", everything works as expected, i.e. a roaming profile is
> created
> >> during login, but this happens for all domain users, not just for the
> ones
> >> I want.
> >> So obviously it seems like it does not work to apply a GPO only for one
> >> group, is this as intended or is this a bug?
> >> I use Samba 4.17.12 on debian and Windows 10 N LTSC as the client.
> >> Thanks for any hints!
> >
> > --
> > Stefan Kania
> > Landweg 13
> > 25693 St. Michaelisdonn
> >
> >
> > Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre
> Privatsphäre. Ein kostenfreies Zertifikat erhalten Sie unter
> https://www.dgn.de/dgncert/index.html
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>