[Samba] Roaming Profiles GPO

Kees van Vloten keesvanvloten at gmail.com
Thu Dec 14 20:12:45 UTC 2023


On 14-12-2023 20:00, Stefan Kania via samba wrote:
> If you don't delete the local profile the user will never get the 
> roaming profile. You can also save the profile, then delete the 
> profile, let the user login and logoff and then copy the data back in 
> his roaming profile

It is worse than that, if the machine has troubles getting the roaming 
profile at logon, it will create a temporary profile and after that you 
will not get the roaming profile anymore.

Therefore I use a scheduled script that runs on boot. In case of trouble 
the user just has to reboot, which is probably the first thing they do.

The script:

# Remove .bak profiles, they can prevent users from getting a proper profile
Get-ChildItem -Path "hklm:\SOFTWARE\Microsoft\Windows 
NT\CurrentVersion\ProfileList" | Where Name -like "*.bak" | Remove-Item
Get-ChildItem -Path "hklm:\SOFTWARE\Microsoft\Windows 
NT\CurrentVersion\ProfileGuid" | Where Name -like "*.bak" | Remove-Item

If this is stored (for example) in C:\Windows\del_temp_profiles.ps1 and 
this task in xml is stored in C:\windows\temp\del_temp_profiles.xml

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" 
xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
   <RegistrationInfo>
     <URI>\Custom\custom_del_temp_profiles</URI>
   </RegistrationInfo>
   <Principals>
     <Principal id="Author">
       <UserId>S-1-5-18</UserId>
     </Principal>
   </Principals>
   <Settings>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
     <IdleSettings>
       <Duration>PT10M</Duration>
       <WaitTimeout>PT1H</WaitTimeout>
       <StopOnIdleEnd>true</StopOnIdleEnd>
       <RestartOnIdle>false</RestartOnIdle>
     </IdleSettings>
   </Settings>
   <Triggers>
     <BootTrigger />
   </Triggers>
   <Actions Context="Author">
     <Exec>
<Command>C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe</Command>
       <Arguments>-ExecutionPolicy Bypass -NonInteractive -File 
c:\Windows\del_temp_profiles.ps1</Arguments>
     </Exec>
   </Actions>
</Task>

then the command to get it scheduled should be

schtasks /create /RU "NT AUTHORITY\SYSTEM" /XML 
C:\windows\temp\del_temp_profiles.xml


- Kees.

>
> Am 14.12.23 um 11:48 schrieb Anders Östling:
>> On page 8, you mention that existing local profiles should be deleted.
>> Is there any pre-cautions that should be taken before doing this (to
>> prevent data loss for example)?
>> The tutorial I straight forward for a new setup, but what is your
>> practice when it comes to updating an existing domain with these
>> features, again to prevent data loss and sad users.
>
>
>
>



More information about the samba mailing list