I hope someone can help me, because I'm a relative newbie at networking. I'm migrating the 15-20 machines in my church from peer to peer to a Windows 2003 server network. All machines are able to join the domain I set up, but I'm having a problem with the roaming user profiles.

1. Everything I have read for Windows XP (the client machines) says you can change a profile to roaming, but the option is always grayed out no matter who logs on?

2. I set up a profiles share and gave everyone full access, and updated the profiles with the path. However, when I try to copy the profiles from the client machine I get an error saying something like unable to copy to destination: security failed?? Could this be because I did not install Windows 2003 with two partitions? Everytime I look at a folder I created it is marked read-only and will not change, despite being logged in as the administrator. Permission changes do take when I change them...is the read only the problem?

3. Users are able to logon to the domain, but use a local profile to do it?

Any help would be GREATLY appreciated! Thanks in advance!

1) Even as local admin?

2) What about share permissions? Default on W2k3 server is that noone har share rights (in w2k everyone is granted full, I believe.
When you create a new folder it inherits rights from its parent - could that be the the problem with Read only? Seems as it's OK once you change, right?

3) If profile path is correct (users and computers) and it's a permission problem, the users would get a temporary profile (unless they have logged in earlier and created a local profile before the profile path was set).

Do users get an errormessage when they log on/off?

The first thing you need to do is hit microsoft's web site and read up on creating roaming user profiles in 2003.

If I'm not mistaken, once you've created your domain you then have to enable folder redirection on the domain controller before you can create/use roaming profiles.

StarClub and CurtR, thanks for your replies so quickly. To answer the questions,

1. Yes, even as local admin.

2. The permissions stick and inheirit correctly from the parent folder, but it still says read only - note that this may or may not be my problem - I noticed it while troubleshooting.

3. Users don't get an error when I don't put in a profile path, but when I do, they get the standard "unable to locate your roaming profile, attempting to log you on using local profile" (or similar)

Curt R. I had no idea that folder redirection on the domain controller was necessary, I'll look that up. I'm a ColdFusion/SQL web developer who's just trying to help them out :)

You do not need folder redirection enabled to use roaming user profiles. an easy way is to set the profile folder path in the properties of the user in active directory. This shoul then create a roaming user profile automatically.

As far as I am aware, roaming profiles are thought of as a thing of the past. The alternative is folder redirection teamed up with group policies (gpo's). I have set My Documents and Application Data to be redirected to the server, you could also set the Start Menu and the Desktop.

You can pretty much set any profile specific item to be redirected. The only one which doesn't seems to work without using a visual basic script to do it for you is IE Favourites.

Each OU has it's own group policy which you can use to set computer configurations (which apply to the local client settings) and user configurations. You can control hundreds of things with group policies from desktop appearance, internet settings, scripts to run at logon. Have a look through a typical group policy to see exactly what you can set.

A tip is to try and only set one of the two possible areas within a group policy. I.e. if you set a user configuration setting in a group policy, you should disable the computer configuration for that group policy. Create a different OU and set the computer configuration there. It seems to speed up logons (group policy can have a negative effect on logon speeds if set incorrectly).

As an example for you, I work in a student lab environment with several rooms, all with different configurations. I use the domain gpo to set very generic settings such as proxy settings for internet explorer which apply to all computers on the domain. I then have a labs OU where I set more specific settings which apply only to individual labs such as applying software restrictions or mapping network drives so that a person can log on in one room and see one network drive, then log into a different room where they see a different set of network drives.

It's a huge subject but once you get your head around it you will find the combination of folder redirection and group policies very powerful.

Computers = pain in the arse

i had this problem and found out the in 2003 server all shared folders have only read. In 2000, the shared folders are read and change. On your shared folder for the profiles change the sharing permissions to change (for security add domain users and give them the change and remove everyone). Then go to AD users and computer. Go to where your users are and hightlight them all. Then right click; go to properties to the profile tab. Enter the \\server name\shared folder\%username%. this will allow the users to get a folder for the roaming profiles.