Rebuild Roaming Profiles

We currently use roaming profiles. They get corrupted often resulting in Temporary profile creation. I have to go to the v2 file and rename .old and then let the new profile folder get created and then copy the files back.

I am trying to do this with powershell. Reset the permissions and create a new profile folder. However when i finish creating the new folder There are still on a temp profile

Here’s what I have so far

any help would be appreciated

function FixTempProfile($user) {


#Get the Profile Folder 
$ProfileFolder = Get-Item -Path "\\dns01\Profiles\$user.v2" 

# .Old Filel Name
$OldName = ($ProfileFolder.BaseName.Split('.')[0]) + '.old'

# the new V2 file name
$V2Name = $ProfileFolder.Name

#rename .old to .v2
Rename-Item -Path $ProfileFolder -NewName $OldName -Force

#make new .v2 folder
mkdir "\\dns01\Profiles\$V2Name" 


dir  "\\dns01\Profiles\Profiles\$OldName" -Recurse  | Copy-Item -Destination "\\dns01\Profiles\$V2Name" -Force


$NewProfileFolder = "\\dns01\Profiles\$V2Name" 

#remove all ACE from folder
$acl = Get-Acl $NewProfileFolder
$acl.Access | %{$acl.RemoveAccessRule($_)}
Set-Acl $NewProfileFolder $acl 

#Take Ownership
function Take-Ownership {
	param(
	 [String]$Folder
	) 

	takeown.exe /A /F $Folder
	$acl = Get-Acl $Folder
	$new = "Lgs\Domain Admins","FullControl","ContainerInherit,ObjectInherit","None","Allow"
	$newFileSystemAccessRule = new-object System.Security.AccessControl.FileSystemAccessRule $new
	$acl.AddAccessRule($newFileSystemAccessRule)
	Set-Acl -Path $Folder -AclObject $acl
	} 

Take-Ownership -Folder $NewProfileFolder

#Enable Inheritance
$acl.SetAccessRuleProtection($false,$false)
Set-Acl $f $acl 

}

Hey fella,

lol, we have similar problems where I work as well. Couple of things I can think of to check.

  • Are you also setting the ACL on the new folder to include the user’s account?
  • It’s not fun, but if you’re copying over the user.dat as well, it might be an idea to check to see if it has any references to the previous location. Run Regedit and mount the user.dat to a hive and have a look through it. Make sure you’ve got lots of coffee nearby…

We still do it manually because it’s such a pain. :frowning:

Hey Tim thanks for the reply.

I am setting the user on the folder but for some reason its still going to a temp file. I dont know about the user.dat file can you explain ?

here’s what i am using just for the file coping between the 2 folders

function Rename-ProfileFolder($user)
{
$ProfileFolder = Get-Item -Path "\\dns01\Profiles\$user.v2" 
$OldName = ($ProfileFolder.BaseName.Split('.')[0]) + '.old'
$V2Name = $ProfileFolder.Name
Rename-Item -Path $ProfileFolder -NewName $OldName
}



function Restore-ProfileData($user)
{
$Source = "\\dns01\Profiles\$user.old"
$destination  = "\\dns01\Profiles\$user.v2" 
Robocopy  "$Source" "$destination" /mir /r:2 /w:3
}



There is normally a user.dat file stored within a users profile, remotely or locally, which effectively contains the registry settings you would see under HKCU if the user was logged onto the box. I’m wondering if you are copying that file that it might still contain settings from the previous profile, which for example point to a path that no longer exists. Particularly the special folders for where it looks for favorites, my documents etc. It’s just a shot in the dark though.

Might be an idea to stick process monitor on the RDS and filter it to register file operations where those folders are, so you get an idea what activity is actually happens during the process.

Hi

I have seen this problem on several servers when using RDP.
You could check under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList and verify that none of the entries end with ‘.bak’
If they do log off the user and rename the entry in the list.

(Get-ChildItem -Path "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList").name | ? {$_.name -like '*.bak'}

Stein