The Local machines
Log in as a local administrator and configure the following two (new) system environment variables
Profileserver
which should be set to the fully qualified DNS name of the server used above, e.g. acs-server1.acs.sfu.ca
Profileshare
which is set to the share name. Again, in the example above, it is ACS Users
A reboot is likely required at this point.
Annoyingly, this must be done at the keyboard of all local machines. If I can figure out a way to push this out, I'll certainly document it.
Roaming profile Group Policy
There isn't any required. At this point, any new user logging in will have their profile automatically created on the server at first login (to any machine configured as above) and synchronized appropriately at logout. However, while no Group Policy is required, some may be desired, for one of two reasons.
1. Profiles are always local, even when set to roaming, in that when a user logs in, their roaming profile is copied to the local drive and modified/updated locally. Only upon logout is the profile returned to the server. By default, Windows will leave the existing profile behind. This can be useful in the case of a notebook user, but extremely troublesome in a lab environment where thousands of profiles may end up on a machine, filling the disk with redundant information.
2. The permissions listed above do not necessarily grant an administrator (any administrator) full rights to every file and every folder in a user's profile when a profile is automatically created. It would probably be a good idea to add this permission automatically, as I'm sure that no one wants to manually create profiles and set permissions for each and every user.
The machines you wish to apply Group Policies to should already be in an OU in AD, either your own root level OU or some level down.
1. Create a policy for that OU. (One time hint: OU - Properties - Group Policies - New)
2. Give a suitable like name OU Roaming Profile Setup. Adding your OU to the name is absolutely essential; inappropriately named GPOs cannot be tolerated.
3. Edit the GPO.
Under
Computer Configuration
Administrative Templates
System
User Profiles
Enable one or both of
Delete cached copies of roaming profiles
Add the Administrators security group to roaming user profiles
3a. If you enable "Delete cached copies ...", there is a chance that some software installed via an MSI will whine and insist upon being reinstalled each and every time a user logs in. Microsoft says this behaviour is by design. I think they messed up. Thankfully, there is a backhanded fix for it. See Q298960 for more information, but follow the steps below (not the steps in Q298960) to make it work in the SFU environment.