Rebuild Roaming Profiles

This topic contains 4 replies, has 3 voices, and was last updated by Profile photo of Stein Petersen Stein Petersen 1 year, 10 months ago.

  • Author
    Posts
  • #21863
    Profile photo of H Man
    H Man
    Participant

    We currently use roaming profiles. They get corrupted often resulting in Temporary profile creation. I have to go to the v2 file and rename .old and then let the new profile folder get created and then copy the files back.

    I am trying to do this with powershell. Reset the permissions and create a new profile folder. However when i finish creating the new folder There are still on a temp profile

    Here's what I have so far

    any help would be appreciated

    function FixTempProfile($user) {
    
    
    #Get the Profile Folder 
    $ProfileFolder = Get-Item -Path "\\dns01\Profiles\$user.v2" 
    
    # .Old Filel Name
    $OldName = ($ProfileFolder.BaseName.Split('.')[0]) + '.old'
    
    # the new V2 file name
    $V2Name = $ProfileFolder.Name
    
    #rename .old to .v2
    Rename-Item -Path $ProfileFolder -NewName $OldName -Force
    
    #make new .v2 folder
    mkdir "\\dns01\Profiles\$V2Name" 
    
    
    dir  "\\dns01\Profiles\Profiles\$OldName" -Recurse  | Copy-Item -Destination "\\dns01\Profiles\$V2Name" -Force
    
    
    $NewProfileFolder = "\\dns01\Profiles\$V2Name" 
    
    #remove all ACE from folder
    $acl = Get-Acl $NewProfileFolder
    $acl.Access | %{$acl.RemoveAccessRule($_)}
    Set-Acl $NewProfileFolder $acl 
    
    #Take Ownership
    function Take-Ownership {
    	param(
    	 [String]$Folder
    	) 
    
    	takeown.exe /A /F $Folder
    	$acl = Get-Acl $Folder
    	$new = "Lgs\Domain Admins","FullControl","ContainerInherit,ObjectInherit","None","Allow"
    	$newFileSystemAccessRule = new-object System.Security.AccessControl.FileSystemAccessRule $new
    	$acl.AddAccessRule($newFileSystemAccessRule)
    	Set-Acl -Path $Folder -AclObject $acl
    	} 
    
    Take-Ownership -Folder $NewProfileFolder
    
    #Enable Inheritance
    $acl.SetAccessRuleProtection($false,$false)
    Set-Acl $f $acl 
    
    }
    
    
  • #21873
    Profile photo of Tim Pringle
    Tim Pringle
    Participant

    Hey fella,

    lol, we have similar problems where I work as well. Couple of things I can think of to check.

    – Are you also setting the ACL on the new folder to include the user's account?
    – It's not fun, but if you're copying over the user.dat as well, it might be an idea to check to see if it has any references to the previous location. Run Regedit and mount the user.dat to a hive and have a look through it. Make sure you've got lots of coffee nearby....

    We still do it manually because it's such a pain. 🙁

  • #21882
    Profile photo of H Man
    H Man
    Participant

    Hey Tim thanks for the reply.

    I am setting the user on the folder but for some reason its still going to a temp file. I dont know about the user.dat file can you explain ?

    here's what i am using just for the file coping between the 2 folders

    function Rename-ProfileFolder($user)
    {
    $ProfileFolder = Get-Item -Path "\\dns01\Profiles\$user.v2" 
    $OldName = ($ProfileFolder.BaseName.Split('.')[0]) + '.old'
    $V2Name = $ProfileFolder.Name
    Rename-Item -Path $ProfileFolder -NewName $OldName
    }
    
    
    
    function Restore-ProfileData($user)
    {
    $Source = "\\dns01\Profiles\$user.old"
    $destination  = "\\dns01\Profiles\$user.v2" 
    Robocopy  "$Source" "$destination" /mir /r:2 /w:3
    }
    
    
    
    
  • #21944
    Profile photo of Tim Pringle
    Tim Pringle
    Participant

    There is normally a user.dat file stored within a users profile, remotely or locally, which effectively contains the registry settings you would see under HKCU if the user was logged onto the box. I'm wondering if you are copying that file that it might still contain settings from the previous profile, which for example point to a path that no longer exists. Particularly the special folders for where it looks for favorites, my documents etc. It's just a shot in the dark though.

    Might be an idea to stick process monitor on the RDS and filter it to register file operations where those folders are, so you get an idea what activity is actually happens during the process.

  • #21996
    Profile photo of Stein Petersen
    Stein Petersen
    Participant

    Hi

    I have seen this problem on several servers when using RDP.
    You could check under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList and verify that none of the entries end with '.bak'
    If they do log off the user and rename the entry in the list.

    (Get-ChildItem -Path "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList").name | ? {$_.name -like '*.bak'}

    Stein

You must be logged in to reply to this topic.