Deploying LucidLink on an SMB file server on Windows allows you to use it for things like hosting Windows Roaming profiles. This allows you to integrate object storage and LucidLink in a Windows Virtual Desktop solution, to host user profile data.
-
Create and deploy LucidLink on a Windows File Server. This involves registering for a LucidLink account, creating a filespace, and installing the LucidLink Client. Ensure your filespace is initialized and you have configured the LucidLink Client to run as Windows Service.
-
You may wish to change your cache location to a high speed disk, or change the cache size, and the mount point to a location of your choosing.
-
Create an Active Directory Security Group called 'Roaming Profile Users and Computers'. Under 'Group scope' select 'Security, and select 'Global'.
-
Create a 'Users' folder in your Filespace root. Right click on the folder and select the 'Sharing' tab. Giving it a share name, such as 'Users'. Under share permissions ensure that 'Everyone' has full control. If you wish you can create a DFS namespace for this share, using the DFS namespace wizard, by selecting this server and existing share and keeping existing permissions.
-
Right click on the 'Users' folder and select the 'Security'. Click on Advanced Security Settings. Change security permissions so that these work specifically for Roaming Profiles. Click 'Disable inheritance' and convert inherited permissions into explicit permissions on this object. Then grant the following permissions, removing any references to other groups, such as the default 'Authenticated Users'.
Account Access Applies to System Full control This folder, subfolders, and files Administrators Full control This folder only Creator Owner Full control Subfolders and files only Roaming Profile Users and Computers List folder and create folders advanced permissions This folder only -
Create a new Group Policy Object (GPO) for Roaming Profile Users. Open up the Group Policy Management console, selecting the domain or organizational unit (OU) for which you wish to setup roaming profiles and select 'Create a GPO in this domain and link it here'. Instead of using domain-wide group policy, you can also configure roaming profile redirection on a per-user basis or per-machine basis.
-
Under 'Security Filtering' of this new roaming profile GPO remove any references to authenticated users and add the 'Roaming Profile Users and Computers Group'. Remember to add 'Authenticated Users' under the 'Delegation' tab, and ensure this has read permissions. Otherwise this group policy will not be applied.
-
Configure the group policy to support folder redirection by enabling both computer and user settings.
Computer Configuration Value Policies \ Administrative Templates \ System \ Group Policy \ Configure folder redirection policy processing Allow processing across a slow network connection - Enabled
Process even if GPO objects have not changed - EnabledPolicies \ Administrative Templates \ System \ User Profiles \ Add the Administrators security group to roaming user profiles Enabled Policies \ Administrative Templates \ System \ User Profiles \ Set roaming profile path for all users logging onto this computer Enabled - \domain\Users\%username% Policies \ Administrative Templates \ System \ User Profiles \ Wait for remote user profile Enabled
User Configuration Value User Configuration \ Policies \ Windows Settings \ Folder Redirection Configure redirection for each one of the user folders you wish to redirect. 'Create a folder for each user under the root path. With the given share name. And ensure that under 'Settings' you grant the user exclusive rights to their folder, and should you wish to migrate, move the contents of this folder to the new location. In addition GPO processing works differently for this on Windows 2003 and lower, so you may need to enable this, should you have older versions of Windows. User Configuration \ Preferences \ Windows Settings \ Drive Maps \ Create new drive map for the user profile. Drive letter - location - \domain\Users\%username% -
Ensure that any machine and any user that are to receive roaming profiles are added to the 'Roaming Profile Users and Computers' group we created earlier.
Log into a system where the group policy would be applied and rungpupdate /force
. Log off or restart the machine. At this point when you log into with a user account, a user profile will be created directly on the LucidLink mount point.