Much of the functionality provided by certain common NETID user attributes can be attained without actually leveraging those user attributes.
This document explains some alternatives to setting user attribute values for home directory, logon script and profile path while still getting the functionality provided by setting those user attributes. Most of the content of this document was developed by IT administrators in the ISchool and School of Nursing.
Loopback Group Policy Setting
A workable configuration for user based home directory (and specifically My Documents), profile path, and login script relies on group policy. In concept, you leverage group policy loopback functionality to set user group policy settings on GPOs linked to the computer the user is logging into. The following steps describe the required group policy settings to enable loopback:
- Create a GPO targeting the computers your roaming users will use.
- Edit the GPO to enable Group Policy Loopback with a value of “Merge”.
Computer Configuration\Policies\Administrative Templates\System\Group Policy\User Group Policy processing mode=Merge
This will force all user configuration settings defined in the GPO (or any GPO processed after that GPO) to be applied to any user who logs into the computers this GPO is linked to.
This step is required to setup group policy based folder redirection, login scripts, or the profile solution noted below. The group policy parts of each of those solutions can be added to the GPO here, or be in separate GPOs as long as the separate GPOs are processed after this GPO.
Logon/Logoff Script
You can set a logon/logoff script for a set of users using group policy. This approach is as good as setting a user account based logon/logoff script. Assuming you’ve set loopback (as described above), you can leverage the following group policy settings for logon or logoff.
- Logon:
User Configuration\Policies\Windows Settings\Scripts\Logon
- Logoff:
User Configuration\Policies\Windows Settings\Scripts\Logoff
With these GPO settings reference a file that is a script that all your computers can run. VBScript and batch scripts are supported across all Windows platforms, and many Windows platforms natively support PowerShell.
Home Directory
A workable solution which meets most requirements exists. This solution involves mapping a drive at logon and using group policy based folder redirection on My Documents. This solution does not address the %homedrive% and %homeshare% environment variables which are typically also set by the user account based home directory attribute, but very few things actually rely on those values, so this solution is generally as good as setting the home directory value.
Mapping a Drive
To map a drive at logon there are two solutions, both group policy based, both assume you’ve set loopback (as described above).
Solution A:
- Leverage the logon script solution described above.
- In the logon script, include a statement like the following:
net use h: \\yourfileserver.washington.edu\homes\%username%
Solution B:
- Leverage the group policy preference setting:
User Configuration\Preferences\Windows Settings\Drive Maps
- Specify the desired drive letter, UNC path, and other settings.
Folder Redirection
To redirect My Documents to the drive you’ve mapped above, you need to set loopback (as described above), and then:
- Leverage the group policy setting:
User Configuration\Policies\Windows Settings\Folder Redirection\Documents
- Right click, choose properties.
- On the Target tab,
Setting should be set to “Basic – Redirect everyone’s folder to the same location”.
Target folder location should be set to “Redirect to the following location”.
Root path should be set to “H:\”. Click OK.
On the Settings tab,
Choose the settings which are appropriate for your environment.
You may want to choose to redirect additional folders like Pictures, Music, Videos, Favorites and others. For Pictures, Music, and Videos, you can choose to “Follow the Documents folder” and skip the rest of the configuration since these folders are typically represented as subfolders of “My Documents”.
NOTE: There are a number of problems with folder redirection, so we generally advise against using it.