Tech Notes‎ > ‎

How to move Terminal Server roaming profile to other location

 

How to move Terminal Server roaming profile to other location


-Take ownership on TS roaming profile folders. Make sure "Replace owner on subcontainers and objects" selected.
-In advanced security settings, grant administrators full control permissions and apply to "This folder, subfolders and files".
-In advanced security settings, grant the user full control permissions and apply to "This folder, subfolders and files".

or

-Use script to take the ownership and grant permissions

1. Create test.bat file with the following content

@echo off
takeown /R /A /F %1 /D Y
cacls %1 /T /E /P "Administrators":F
cacls %1 /T /E /P SYSTEM:F
cacls %1 /T /E /P %1:F
@echo on

2. Put test.bat file in the folder which contains user's roaming profile folder. I am assuming that the profile folder name is the same as user name. If not, replace the last %1 with %2. When you run the script, add user name as the second argument.

3. Run this script as the following
test.bat foldername

4. Use robocopy to copy the folder to new location
robocopy c:\profiles\ z:\ /copyall /sec /mir /LOG:robolog.txt

5. Check robocopy logs and verify user's roaming profile




Information

Setting up a GPO and add administrators to users' TS roaming profiles will help to avoid ownership and permissions problems. But this does not work for existing users' folders.
(Computer Configuration->Administrative Templates->System->User Profiles->Add the Administrators security group to roaming user profiles)


-takeown syntax
takeown [/s <Computer> [/u [<Domain>\]<User name> [/p [<Password>]]]] /f <File name> [/a] [/r [/d {Y|N}]]

parameters

/s <Computer> Specifies the name or IP address of a remote computer (do not use backslashes). The default value is the local computer. This parameter applies to all of the files and folders specified in the command.

/u [<Domain>\]<User name> Runs the script with the permissions of the specified user account. The default value is system permissions.

/p [<Password>] Specifies the password of the user account that is specified in the /u parameter.

/f <File name> Specifies the file name or directory name pattern. You can use the wildcard character * when specifying the pattern. You can also use the syntax ShareName\FileName.

/a Gives ownership to the Administrators group instead of the current user.

/r Performs a recursive operation on all files in the specified directory and subdirectories.

/d {Y | N} Suppresses the confirmation prompt that is displayed when the current user does not have the "List Folder" permission on a specified directory, and instead uses the specified default value. Valid values for the /d option are as follows:
Y: Take ownership of the directory.
N: Skip the directory.
Note that you must use this option in conjunction with the /r option.

-cacls sytax
cacls FileName [/t] [/e] [/c] [/g User:permission] [/r User [...]] [/p User:permission [...]] [/d User [...]]

Parameters

FileName : Required. Displays DACLs of specified files.

/t : Changes DACLs of specified files in the current directory and all subdirectories.

/e : Edits a DACL instead of replacing it.

/c : Continues to change DACLs, ignoring errors.

/g User:permission : Grants access rights to the specified user. The following table lists valid values for permission.
Value Description
n None
r Read
w Write
c Change (Write)
f Full Control

/r User : Revokes access rights for the specified user.

/p User:permission : Replaces access rights for the specified user. The following table lists valid values for permission.
Value Description
n None
r Read
w Write
c Change (Write)
f Full Control

/d User : Denies access for the specified user.
 
 
Comments