I'm replacing all of the workstations and the server in one of our branch offices.
The server is running Windows Server 2003 R2 Standard Edition. It's also the only Domain Controller, DNS Server, DHCP Server and Exchange server in that site.
The workstations are 6 new HP Desktop machines running Windows 7 Professional.
We've set up a very nice instance of "FOG" (http://www.fogproject.org/) for workstation imaging, running in a Virtual Machine on the server.
The idea is, we set up a single working image of one of these workstations and FOG can deploy that image (via Boot on LAN) to each of the workstations whenever we have a problem with the machines (viruses, etc). It even supports Multicasting so I can replace the images on all 6 machines simultaneously. Fog also runs a service on each machine, so that after it boots up with the generic image we can make changes (change computer name, join domain, etc). So it makes life much easier than our current solution (send the workstation back to Sydney to be rebuilt).
The problem I had was that we want to use roaming profiles on each machine, so that once the computer is imaged, it gets renamed by Fog, joins the domain automatically, and then the user can simply log on as themselves, and have their profile come down off the server, just as it was before the imaging took place.
Obviously at this point there will be a bunch of Windows Updates and AntiVirus updates that need to be done, but that's not a problem.
The problem I found was that Windows 7 (and Vista) profiles are apparently not compatible with Windows Server 2003.
The normal profile path (as defined in Active Directory) is \\servername\Profiles\%USERNAME% but when the machine logs on, it creates a new profile called \\servername\Profiles\%USERNAME%.V2 and then logs the user on with a Temporary Profile.
It never uploads the profile to the server, and therefore never syncs. Every time it logs on, you get the "You have been logged on with a temporary profile" error message, and no changes are ever saved.
- In Active Directory: Remove the value for "Roaming Profile". Leave it blank.
- Log on to the Workstation as the user you want to create the profile for.
- Log off the Workstation as the user
- On the Server, navigate to the Profiles folder and create the folder %USERNAME%.V2 with appropriate user permissions (Domain Admins (FULL), SYSTEM (FULL), %USERNAME% (FULL))
- Using Robocopy (http://www.microsoft.com/Downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd) copy the Profile from the Workstation to the new Roaming Profile folder:
robocopy \\workstation\C$\Users\%USERNAME% \\servername\Profiles\%USERNAME%.V2 /MIR /XD "Application Data"
- The important thing to note here is the '/XD "Application Data"' switch. This excludes the "Application Data" folder from being copied. This is VERY important, as if you don't do this you will get an infinite loop of Application Data folders which will cause a LOT of problems.
- Once you have copied the profile from the workstation to the server, you must then go back in to Active Directory and set the Roaming Profile path to be "\\servername\Profiles\%USERNAME%". <- Do NOT specify the .V2 folder, it'll automatically look for the .V2 extension.
- Log back on to the workstation as that user. You'll get a bunch of errors about how the profile has only been partially synchronised. This is OK to ignore, and won't come up again.
Make changes to your profile, log off, and back on again, and they should be there again and it shouldn't come up with any errors!