Windows Server 2003: How to add an environment variable for a Domain user on a client platform

Windows XP profiles are not compatible with Vista/W7 profiles out of the box. Microsoft has a whitepaper Managing Roaming User Data Deployment Guide which includes a section called 'Windows Vista and Windows XP Roaming User Profile Interoperability'. This document contains the details you need to get as much compatibility as possible on Vista, I believe most of the directions should be the same for Windows 7.

Here's a rundown of what I did:

• Spun up a W2K3 R2 Std. Edition x86 SP2 VM with an Active Directory domain.

• Created a "Profiles" shared folder on the server VM. Shared with "Everyone / Full Control" share permissions, and set the NTFS to "Administrators - Full Control", "SYSTEM - Full Control", and "Authenticated Users - Read and Execute - This folder only".

• Created a "Sales" subfolder of that "Profiles" folder.

• Created a domain local group called "Sales (Local)" and a global group called "Sales (Global)".

• Created two user accounts - "John" and "Mary". Left their default "Domain Users" group membership intact and added them as members to the "Sales (Global)" group.

• Logged-on to a Windows XP Professional Service Pack 3 VM as "john" and created a new local profile. Set the desktop color to red (for quick visual indication of the loading of that profile) and logged-off.

• Logged-on to the WinXP machine as the domain Administrator account and used the "User Profiles" functionality in the properties of "My Computer" to copy the newly-created "john" user profile to the "Profiles" share on the server computer, granting "Sales (Local)" the "Permitted to use" permission.

• Back on the server computer I modified the security of the "Sales" subfolder of the "Profiles" folder to inherit permission from the parent folder and added "Sales (Local) - Read and Execute". I re-applied that permission to all subfolders.

• I renamed the "NTUSER.DAT" file in the "\Profiles\Sales" folder to "NTUSER.MAN".

• I modified the properties of the "John" and "Mary" user accounts to specify a roaming user profile at "\SERVER\Profiles\Sales".

• I logged-on to the Windows XP machine as "Mary" (who had never been logged-on before) and verified that I received the red desktop background. I modified the desktop background color, logged-off, logged-on again, and verified that the red desktop color persisted (meaning that the mandatory user profile was applying).

• I logged-on as "John" and performed the same verification steps as with "Mary".

Everything worked as I expected by specifying "Sales (Local)" in all permissions. I'm at a loss as to tell you what might be different about what you did. What do you see that I did differently?