Appendix A: Not Using NETLOGON?

By default, the ProfileUnity Client installs to the NETLOGON share on your domain controller. This path is recommended but is not required. The NETLOGON share is a DFS replicated path that is available on all properly functioning domain controllers. Installing ProfileUnity to this path prevents a single point of failure. ProfileUnity can operate if at least one domain controller is online. Additionally, this path allows ProfileUnity to scale through load distribution across domain controllers.

If you choose to install the ProfileUnity client to an alternative UNC path, you will need to complete the following steps:

  1. Specify the alternative UNC path when running the Client installer.
  2. Specify the alternative UNC path when manually configuring the Group Policy. You will need to specify this path for the startup script, the INI File Path, and the logoff script.

Using Alternative File Share Location

Creating the folder and share

  1. Create a folder on a file server to use in place of the netlogon share.

  2. Note: This location will need to be accessible by the workstation system accounts, as well as user accounts.


  3. Set NTFS permissions on the share as follows (minimum requirements).
    1. Authenticated Users need.
      • Read & Execute – Allow
      • List folder contents - Allow
      • Read – Allow
    2. System
      • Full control – Allow
    3. Administrators
      • Full control – Allow
    4. Optionally – Add the user/group that will update the ini files for ProfileUnity.
      • Full control - Allow
  4. Create a share using the folder created in step 1.
  5. Grant the Read share permission to Everyone.
  6. Grant the Full Control permission to Administrators.
    1. Optionally - Add the user/group that will update the ini files for ProfileUnity Full control permissions.

DFS Replication

It is highly recommended that DFS replication is configuration with a second file server and share. This will provide a secondary location for where the client files and ini files may be accessed by the users.

Using the share instead of Netlogon

When specifying deployment paths within ProfileUnity and GPO settings, make sure to use the new alternative location instead of "\\domain\netlogon". The path to the ini files and client files must be "\\server\share\profileunity". The path must contain at a minimum servers, share, and folder. You may set the ini path to a subfolder, but the three levels must exist in the path.

Using Cloud Storage

Another alternative is to use cloud storage. If you are planning to set up your cloud storage for use with ProfileUnity, this should be done before using the ProfileUnity Management Console. The Using Cloud Storage Guide explains the process in detail. Pay close attention to the cloud storage related instructions throughout this guide, especially when using the Guided Configuration Wizard and using the section on manually configuring your GPO settings.

Note: The Group Policy startup script will execute using the computer’s credentials. The ProfileUnity Client and the Group Policy logoff script will execute using the user’s credentials. The recommended way to set up the alternative UNC path is to allow either Authenticated Users or Everyone read access. This permission setup will allow both the computer and the user to access ProfileUnity.