Event ID 1525

KB ID 0000270 

Problem

Windows has detected that Offline Caching is enabled on the Roaming Profile share – to avoid potential profile corruption, Offline Caching must be disabled on shares where roaming user profiles are stored.

Pretty self explanatory – Offline caching is turned enabled on Windows shares by default, for shares that have profiles in them this needs disabling.

Solution

1. The error will tell you the username in question “It’s been blurred out above”. Go to a domain controller and click start > run > dsa.msc > locate that user > Properties.

2. The users profile can be in TWO places Either on the “Profile” tab, or the “Terminal Services Profile” tab. See which server it is on and go to that server.

3. If you are having trouble finding the share on the server click Start > Run > fsmgmt.msc {enter} > this will tell you where the folder is.

4. Locate the folder in question > Right click > Properties > Sharing > Caching tab.

5. Select “Files or programs from the share will not be available offline” > OK > Apply.

Related Articles, References, Credits, or External Links

NA

VMware View – Using Persona Management

KB ID 0000615 

Problem

Persona Management, is the VMware version of “Roaming Profiles” and “Redirected Folders” rolled into one. Though the redirected folders bit is a lot easier to set up and less problematic than the Microsoft Folder Redirection policy.

Its handy if you using floating pools but still want your users to have a persistent user interface. Having these files centrally makes them easier to backup, and the more your users can customise their desktops and settings the better their level of equipment husbandry.

Solution

Create a “Roaming Profile” Network share with the correct permissions

1. On a network accessible server, create a folder and set the SHARE permissions as follows;

Share Permissions

Everyone = Read. Domain Users = Full Control.

Note: You may also want to DISABLE Caching on this folder.

2. Stop inheritable permissions from propagating to the folders and set the security permissions as follows;

Security / NTFS Permissions

Creator Owner (Subfolders and Files Only) = Full Control. Domain Users (This folder Only) = List Folder/Read Data and Create Folders/Append Data. System (This Folder, Subfolders and files) = Full Control. Creator Owner (Subfolders and Files Only) = Full Control. Everyone = No Permissions.

Note: I’m using domain users, you might have a different security group that you want to substitute.

3. Make sure that the machines that you will be using as view targets, have the View Persona Management option selected (this is selected by default).

Configure Windows 7 to be a VMware View Desktop

4. You need to get the administrative template for Persona Management. You will find it on your VMware Connection Server in the following location;

[box] C:Program FilesVMwareVMware ViewServerextrasGroupPolicyFiles [/box]

Locate the ViewPM.adm file and copy it to a domain controller.

5. Create a new group policy that is linked to the OU containing your View machines.

6. Edit the policy > Expand Computer Configuration > Policies >Administrative Templates > Right Click > add/Remove Administrative Temple > Add in the ViewPM.adm template.

7. Navigate to;

[box] Computer Configuration > Polices > Administrative Templates > Classic Administrative Templates > VMware View Agent Configuration > Persona Management [/box]

8. In the roaming and Synchronisation Section > Manage user persona > Set to Enabled > Next Setting.

9. Enable > Enter the shared folder you created earlier > Next Setting.

10. Enabled (to remove local cached copies of the profile).

11. Enabled to roam the local folder > That’s all I’m going to configure in this branch of the policy.

Persona Management Folder Redirection

12. Navigate to;

[box] Computer Configuration > Polices > Administrative Templates > Classic Administrative Templates > VMware View Agent Configuration > Persona Management > Folder Redirection [/box]

Here you will find the folders that can be redirected to a central location.

13. For example, here I’m redirecting the users “My Documents” folder.

14. And their “My Pictures” folder.

15. Make sure you have a pool created, and your users are have an ‘entitlement’ to them. These machines will also HAVE TO be in the OU your policy is applying to.

Creating a ‘Manual Pool’ and Connecting a View Client

Deploying Linked Clone View Desktops

16. Now when your users connect to their View Desktops.

17. Their user profile will be persistent.

18. Because their settings are stored in your profile shared folder.

Note: Persona Management will store the profile in username.domainname format. The reason there is a V2 on the end of it, denotes the profile is for Windows 7 or Vista. If users swap between these OS’s and any older Windows OS’s, then they will get a separate profile for those as well. If this is the case rely on the folder redirection rather than the profile.

Related Articles, References, Credits, or External Links

NA

You have been logged on with a temporary profile”

KB ID 0000033

Problem

After renaming (because you didn’t want to lose the profile) or deleting a user profile, from the “users” directory. You will see the following error when you attempt to log on as the deleted user;

 

Error: You have been logged on with a temporary profile You cannot access your files and files created in this profile will be deleted when you log off. To fix this, log off and try logging on later. Please see the event log for details or contact your system administrator.

You will also see Event ID 1511 logged to the machines application log.

 

Solution

1. Log on to the machine with administrative rights.

2. Click Start > In the Start Search box type Regedit {enter}.

3. Navigate to;

[box] HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList[/box]

4. Here you will see the SID (Security Identifier) for all the users on the machine, you will notice one has .bak on the end of it.

5. Delete the entire key that ends in .bak then reboot and log on as the user in question.

How to properly delete a user profile

Note: You might want to take a backup of the c:users{user_profile} folder first.

1. Click Start > in the Search/Run box type sysdm.cpl {enter} > Select the Advanced tab > User Profile Section > Settings.

2. Locate the offending profile and select delete > then confirm.

Deleting Multiple Profiles

Update 28/01/13 (Email form Rick Sparrow)

If you have several profiles to remove, this method can be quite time consuming. There is a command line utility called delprof2 that works the same as Microsoft’s old delprof, but is compatible with Windows 7. You can remove all inactive profiles instead of one at a time.

Related Articles, References, Credits, or External Links

Original article written: 23/05/09

Thanks to Rick Sparrow for the feedback.

Windows Server – Setup Home Folders and Profile Folders

KB ID 0000739 

Problem

A while back I got an email,

Message: Hallo Pete,

Can you make a tutorial for me for sharing a Home Folder or Profile Path folder for every user?
It’s hard to get one.

Thanks in advance.

Sincerely,
Matthew Wittenberg
</br

Well it’s taken me a while (sorry!) But here you go,

Solution

Creating and Allocating Home Folders to Users

1. Create a folder that is on a drive or volume with plenty of room.

2. I’ve simply used ‘Home’ as the folder name, open the folder’s properties.

3. Sharing Tab > Advanced Sharing.

4. Tick to share > put a dollar ‘$’ symbol onto the end of the share name (this just stops the folder being visible to someone browsing the network) > Permissions.

5. Grant Everyone ‘Full Control’, Don’t worry we will lock it down with NTFS permissions (Remember permissions are cumulative, and most restrictive apply) > Apply > OK.

6. Security tab > Advanced.

7. Change Permissions.

8. Untick ‘Include inheritable permissions……’ > Add.

9. Select CREATOR OWNER > Edit > Permissions should apply to ‘Subfolders and files only’ > Full control.

10. Select SYSTEM > Edit > Permissions should apply to ‘This Folder, subfolders and files only’ > Full control.

11. Select DOMAINNAMEAdministrators > Edit > Permissions should apply to ‘This Folder, subfolders and files only’ > Full control.

12. Remove the Users (the one with Read & Execute).

13. Remove the Users (the one with Special).

14. Add.

15. Everyone > check Name (make sure it underlines Everyone) > OK

16. Sett Apply to = This folder only > Allow the following.

Traverse Folder / execute file
List Folder / read data
Read attributes
Create Folders / append data

Allocate the Home Folder to the Domain Users

1. From within Active Directory Users and Computers locate your users, (you can press Windows Key+A to select them all).

2. Open their properties.

3. Profile tab > You can connect a drive letter (I usually use H:) and connect that to the users home drive. Set the path like so;

[box]

\\Server-name\Folder-name\%username%
e.g.
\\PNL-DC\Home$\%username%

[/box]

4. This is what the users will see.

5. On the server the folders are all created straight away.

Creating and Allocating Roaming Profile Folders to Users

The process for setting up the folder is identical to the one above for the home folders.

1. Create a folder that is on a drive or volume with plenty of room.

2. I’ve simply used ‘Profile’ as the folder name, open the folder’s properties > Sharing Tab > Advanced Sharing > Tick to share > put a dollar ‘$’ symbol onto the end of the share name (this just stops the folder being visible to someone browsing the network) > Permissions.

3.  Grant Everyone ‘Full Control’, Don’t worry we will lock it down with NTFS permissions (Remember permissions are cumulative, and most restrictive apply) > Apply > OK.

4. Security tab > Advanced.

5. Change Permissions > Untick ‘Include inheritable permissions..’ > Add.

6. Remove the Users (the one with Read & Execute).

7. Remove the Users (the one with Special).

8. Add.

9. Everyone > check Name (make sure it underlines Everyone) > OK.

10. Set Apply to = This folder only > Allow the following.

Traverse Folder / execute file
List Folder / read data
Read attributes
Create Folders / append data

Allocate the Roaming Profile Folder to the Domain Users

1. From within Active Directory Users and Computers locate your users, (you can press Windows Key+A to select them all).

2. Open their properties > Profile Tab > Tick ‘Profile path’ > Set the path as follows;

[box]

\\Server-name\Folder-name\%username%
e.g.
\\PNL-DC\Profiles$\%username%

[/box]

3. Unlike home folders, profile folders are only created when the users log onto the network, here you can see this profile has a V2 on the end of it (a version 2 profile means it has come from a Windows Vista or newer machine). For this reason if your users use Windows XP (or older) clients, AND Windows Vista (or newer) clients they will get TWO DIFFERENT profiles.

Related Articles, References, Credits, or External Links

NA