I am working with a Windows Server 2012 R2 domain controller, and mainly Windows 7 Professional clients.
I am trying to set up a system wherein all user data lives on a file server, and is read and written as synchronously as possible (that is to say, minimal copying of user data at login and logout, and no local profiles or storage.)
To do this I'm using both folder redirection and roaming user profiles in tandem. Folder redirections live on the file server at,
\\MYSERVER\Home$\%USERNAME%
and roaming profiles at,
\\MYSERVER\Profile$\%USERNAME%
I am additionally using the group policy,
Computer Configuration
> Policies
> Administrative Templates
> System
> User Profiles
> Set user home folder
to set the user home folder to the same location as the folder redirections. To be explicit,
Location = On the network
Path = \\MYSERVER\Home$
Drive letter = Y:
This has the effect of mounting,
\\MYSERVER\Home$\%USERNAME%
at Y: on user login, as expected. However, it would seem that when a user starts a Command Prompt instance, their "home" directory is local at,
C:\Users\%USERNAME%
This path is also the value of %USERPROFILE%. Moreover, even though Y: is mounted and accessible through Windows Explorer, cd Y: in Command Prompt immediately redirects back to local C:. Coming from a Linux background this has left me slightly bewildered!
So, my question is, how can I ensure that a domain users' home folder is properly and fully redirected to a network share location using group policy?
Best Answer
There is sometimes a grey area between "home drive" and the user "profile". These are a few environmental variables to keep in mind:
Notice that:
1) USERPROFILE is the same for all 3 user types
2) For a user WITHOUT a network home drive, the USERPROFILE is the same as the (Homedrive + Homepath) and that there is no "HOMESHARE" envar.
There are 3 kind of profiles: local, roaming, mandatory.
All 3 varities of windows profiles use a local profile path, but they each use it in different ways.
Even for users with roaming profiles, USERPROFILE is still always C:\Users...
For all these reasons, you cannot prevent the creation of C:\Users\Name.
You can control the default path for "cmd" (on a per shortcut basis) by setting the "start in" option of the cmd shortcut, or for all cmd the user starts by setting a registry key:
You can use GPO's to redirect any of the "MyX" folders to a network path, so that clicking on a MyX item in a file dialog goes to that path, but if someone manually navigates to C:\Users\Name\somePlace nothing can or will stop them from writing to the local path.
Every group policy has 2 branches: computer, user.
You don't want to use the COMPUTER branch to control USER home drives. I think your "Computer/.../Set user home folder" GPO may be causing your Y back to C problem. You don't need to use GPO to map the home drive letter. It's best to control that with user account properties, and when done that way, its mapped automatically by the OS.
Regarding your "asynchronous" goal - Some of the files within your profile (ntuser.dat) are locked while logged in and can only be copied during the login/logout process.