Configuring LucidLink to host Windows Roaming Profiles

  • Updated

Deploying LucidLink on an SMB file server on Windows allows you to use it for things like hosting Windows Roaming profiles. This allows you to integrate object storage and LucidLink in a Windows Virtual Desktop solution, to host user profile data.

  1. Create and deploy LucidLink on a Windows File Server. This involves registering for a LucidLink account, creating a filespace, and installing the LucidLink Client. Ensure your filespace is initialized and you have configured the LucidLink Client to run as Windows Service.

  2. You may wish to change your cache location to a high speed disk, or change the cache size, and the mount point to a location of your choosing.

  3. Create an Active Directory Security Group called 'Roaming Profile Users and Computers'. Under 'Group scope' select 'Security, and select 'Global'.

  4. Create a 'Users' folder in your Filespace root. Right click on the folder and select the 'Sharing' tab. Giving it a share name, such as 'Users'. Under share permissions ensure that 'Everyone' has full control. If you wish you can create a DFS namespace for this share, using the DFS namespace wizard, by selecting this server and existing share and keeping existing permissions.WR1.pngWR2.png

  5. Right click on the 'Users' folder and select the 'Security'. Click on Advanced Security Settings. Change security permissions so that these work specifically for Roaming Profiles. Click 'Disable inheritance' and convert inherited permissions into explicit permissions on this object. WR3.png Then grant the following permissions, removing any references to other groups, such as the default 'Authenticated Users'.

    Account Access Applies to
    System Full control This folder, subfolders, and files
    Administrators Full control This folder only
    Creator Owner Full control Subfolders and files only
    Roaming Profile Users and Computers List folder and create folders advanced permissions This folder only
    WR4.png
  6. Create a new Group Policy Object (GPO) for Roaming Profile Users. Open up the Group Policy Management console, selecting the domain or organizational unit (OU) for which you wish to setup roaming profiles and select 'Create a GPO in this domain and link it here'. Instead of using domain-wide group policy, you can also configure roaming profile redirection on a per-user basis or per-machine basis.

  7. Under 'Security Filtering' of this new roaming profile GPO remove any references to authenticated users and add the 'Roaming Profile Users and Computers Group'. Remember to add 'Authenticated Users' under the 'Delegation' tab, and ensure this has read permissions. Otherwise this group policy will not be applied.

  8. Configure the group policy to support folder redirection by enabling both computer and user settings.

    Computer Configuration     Value
    Policies \ Administrative Templates \ System \ Group Policy \ Configure folder redirection policy processing Allow processing across a slow network connection - Enabled
    Process even if GPO objects have not changed - Enabled
    Policies \ Administrative Templates \ System \ User Profiles \ Add the Administrators security group to roaming user profiles Enabled
    Policies \ Administrative Templates \ System \ User Profiles \ Set roaming profile path for all users logging onto this computer Enabled - \domain\Users\%username%
    Policies \ Administrative Templates \ System \ User Profiles \ Wait for remote user profile Enabled

    User Configuration Value
    User Configuration \ Policies \ Windows Settings \ Folder Redirection Configure redirection for each one of the user folders you wish to redirect. 'Create a folder for each user under the root path. With the given share name. And ensure that under 'Settings' you grant the user exclusive rights to their folder, and should you wish to migrate, move the contents of this folder to the new location. In addition GPO processing works differently for this on Windows 2003 and lower, so you may need to enable this, should you have older versions of Windows.
    User Configuration \ Preferences \ Windows Settings \ Drive Maps \ Create new drive map for the user profile. Drive letter - location - \domain\Users\%username%
  9. WR5.pngWR6.pngEnsure that any machine and any user that are to receive roaming profiles are added to the 'Roaming Profile Users and Computers' group we created earlier. WR7.png

    Log into a system where the group policy would be applied and run gpupdate /force. Log off or restart the machine. At this point when you log into with a user account, a user profile will be created directly on the LucidLink mount point.

 

Was this article helpful?

0 out of 0 found this helpful