Articles in this section

See more

VPSA: Use roaming profiles to store user profiles on an SMB share

Shlomi Avihou
  • Updated
Follow

Preface

This knowledge base article provides guidance for configuring and managing Windows Roaming User Profiles stored on SMB shares backed by Zadara VPSA NAS volumes. Roaming profiles enable users to maintain a consistent desktop and application experience across multiple devices, by storing their profile data on a centralized network share. When properly configured, roaming user profiles improve user mobility and simplify desktop management in enterprise environments.

This document outlines the key configuration steps and important caveats for ensuring a smooth and resilient roaming profile experience on VPSA-backed SMB shares. 

 

Environment

VPSA: 23.09-SP3, joined to a Microsoft Active Directory Domain

Windows Server and Domain Controller: Windows Server 2025

 

Steps

VPSA Configuration

  1. Create a VPSA NAS Volume ("profiles").
  2. Enable Windows Extended ACLs on the NAS volume.
  3. Ensure that the Windows share has Browsable enabled. After the initial share is configured on the host side it is recommended to disable the Browsable option.
  4. Attach the volume to a Window Server accessible by a domain administrator

 

Windows host (share configuration)

In the suggested configuration the objective of these settings is to enable members of the Domain Users group to store their roaming profiles on the VPSA share, without being able to access other users' profiles. Members of the Domain Admins group are able to access all directories on the share.

On the Windows host, open the share properties: 

Share tab permissions

Principal

Allow

Everyone

Full Control / Change / Read

 

Security tab 

Set the file system permissions on the root of the profiles share:

Principal

Access

Applies to

Domain Users *

Traverse folder / execute file
List folder / read data
Create folder / append data

This folder only

CREATOR OWNER

Full control

Subfolders and files only

Domain Admins

Full control

This folder, subfolders and files

 
The permissions tab should look like the following:
 

Apply and confirm the changes.

 

Active Directory setup - Domain Admin

In order to create an automatic profile mapping for all users, a profile attribute should be set to the domain users in the Active Directory MMC. Add the VPSA NAS volume export path along with the username attribute:

\\vsa-00000001-my-cloud-01.zadaravpsa.com\profiles\%username%

 

Windows workstation - Domain user


At this point, the users login to a workstation should sync their roaming profile from the SMB share upon login/logout event.

 

Related articles