What data "roams" with roaming profiles that doesn't roam with folder redirection? Thanks for any insight. Improve this question. Community Bot 1. Add a comment. Active Oldest Votes. Improve this answer.
Rex Rex 7, 3 3 gold badges 27 27 silver badges 44 44 bronze badges. Sign up or log in Sign up using Google. Sign up using Facebook. Sign up using Email and Password. Post as a guest Name. Email Required, but never shown. The Overflow Blog. The obvious disadvantage of doing this is that when a user cannot access the redirected folders e.
However this restriction is also mitigated by ensuring that the user has a cached copy of these redirected folders.
Before you begin I would also recommend that you read the following articles from Microsoft about User State Virtualization. Below I will show you how to setup folder redirection for you users profiles. When setting up the file server you need to be sure that the permission on the folder are setup so that a user can create a new folder however you also need to ensure that they can only see their own files if they start to snoop about.
Below I will go though the setup of a folder to be used for folder redirection and the roaming profiles. Combining a users redirected folders and roaming profile path to the one spot on the network is far easier to manage as it consolidates all the users information in one locations. Otherwise you will need to create a separate share for roaming profiles with offline caching disabled for Windows XP systems.
Step 1. Create a folder to be used as a root folder for all the users information e. Step 2. Open the properties of the folder and then go to the Security tab and then click on the Advanced button. Explanation: We have now setup a folder with no inheritable file permissions from the parent. We do this so we can remove the Read permission from Users for all subfolders and files in a later step.
Step 8. Step 9. Step This is not necessary but it is good practice to help stop nosey users. If you are still using Windows XP then I would recommend configuring the roaming profile folder is the same as the Users folder for the redirected folders except that you need to disable file caching. This is optional however as it simple stops your snooping users from seeing who else is in the organisation. This last part is for the former Novell Admins out there.
Yes, you could use Access Based Enumeration ABE on these new shares; however if there is going to a lot of user folders on any one of these shares you could experience degradation of performance.
Enabling ABE on a share does come at a price of performance. Tip: You can also also enable a File Screen using the File Server Resource Manager to prevent your users from saving files type of a certain extension e.
Another option this gives you is the ability to apply an Auto Apply Quota to the users folders and have then get warning email messages whenever they consumer a lot of disk space.
Before we begin, take the time to watch part 2 video that shows an example of how Roaming Profiles can be used to give your users a better experience. This video also demonstrates some of the pit falls with just implementing a roaming profile for a user without Folder Redirection enabled. You have always been able to configured a users roaming profile patch by configuring the Profile Path on the users account see image below. This method allows you to granularly configure a users roaming profile path location however it is a lot more laborious process to ensure that they are consistent with the folder redirection policy that is also applied to the users.
Windows 8 and 8. As of the November Windows 8. You will see how this works later on in this post. Once feature that was introduced in new version of Active Directory Users and Computer in Windows Server was the ability to update user attributes with multiple users in one action see image below. This made the whole process of configuring the users profile patch much easier especially when dealing with many users accounts.
Before Windows Vista the only way you could configure the roaming profiles path for a users was by configuring it on the users account via Active Directory Users and Computers. Warning: The biggest problem with the Per Computer roaming profile configuration is that there is no way to exclude you administrator accounts from also getting this policy as it is a per computer policy. This means if any administrator logs on to a workstation with this policy applied they will be configured to use a roaming profile.
If you are still running Windows XP this policy works very well if you have used a geographical OU structure see Best Practice: Active Directory Structure Guidelines — Part 1 for your workstations as you will be able to send the users roaming profile path for each user to a local file server. However as Windows Vista and Windows 7 now uploads the profile asynchronously loading the profile via a higher latency lower bandwidth link is not so noticeable unless the users has never logged on to that computer before.
Amazingly I am not going to recommend the per computer Group Policy method as there is no way you can get around not having a roaming profile if you logon as an administrator.
Therefore I recommend the per user roaming profile configuration method, which is made much easier to do with the multiple user attribute update option you get with the newer version of Active Directory Users and Computers. In this section I will go through in no particular order the Group Policy settings I recommend you configure for setting up roaming profiles.
Windows Vista provides little information about the status of loading or unloading roaming profiles during user logon and logoff.
This lack of information is misleading and may give a user the impression Windows Vista is unresponsive. Also reduces logon issues caused by incorrectly set permissions on the folders. Vista still respects this policy setting; however, no longer prevents the user from logging off the computer. Handy to exclude applications that incorrectly write very large caches from the users Application Data folder if you do not have folder redirection enabled. Tip: To avoid having to enter in the name of every file server in your organisation simple added the Domain name portion of the server name so that all servers will be Intranet Zone e.
See my other blog post How to use Group Policy to configure Internet Explorer security zone sites on how to do this…. Error Message you will get if you do not add you file servers into the Intranet Zone. Even if your users are in the habit of logging off at the end of the day this is a setting you should consider turning on to ensure that the users settings are always being backed up as failures can happen at any time. Now lets take a look at how to set up folder redirection for a user so that the files stored in their personal folders e.
By default all folders that are redirected are automatically made available offline which is done so that users can still access their personal files if they are disconnected from the file server.
Now we are going to set up folder redirections for the Documents a. My Documents folder as this is the most commonly redirected folder however you will need to repeat the same instructions for each of the other folders if required.
Step 3. This option is useful if you want to distribute the load across multiple server but it can start to get complicated as the users roaming profile may then be stored in a different locations to their redirected folders.
Also be careful with the order you apply these advanced settings as if the users is a member of multiple groups it will pick up the top entry in the list and there is no way to reorder the list after the entries are created. Step 4. This will lockout even administrators to the files which makes administration of these folders very difficult. If an administrator did need to access these files they will need to take ownership which in turn removes access from the users to their files.
The admin will then need to ensure that they need to re-setup the permission on the folder to ensure that they users can still access the files…..
This allows Administrators to enter the users redirected folder locations without taking ownership of the folder and files. Note: If this is also one of the support folder redirection types in Windows XP you will have the option to also apply this policy to Windows XP computers. Windows XP supported setting. What this means is that if a users is not longer subject to that Group Policy setting the contents of the redirected folder are moved back to the local computer.
This sounds good until this actually happens to a users and then it takes them about 2 hours to copy all their file down to the local computers. I recommend that you leave this at the default setting.
Step 6. However I have found that selecting this option can cause the Video and Music libraries in Windows 7 to disappear so i recommend that you do n so that they will automatically inherit the Documents settings.
Warning Pre Windows 7 : When enabling folder redirection for existing users for the first time expect the logon to be very slow. This means that it is highly likely that your file server will be the bottle neck.
To mitigate this you might want to security filter the policy and only enable it for a few users at a time working you way up to all your users. One of the new feature with Windows 7 is called Fast First Logon which allows users to logon to their computer without having to wait for the folder to be moved first. This means if your are enabling folder redirection for users already running Windows 7 the performance impact will be greatly reduced. After the files are moved, the user logs on and is free to perform other tasks while Windows synchronizes the locally cached data over the network as a background task.
As all redirected folder are also made available offline it allows users to work on their files when in offline mode but still have them periodically sync in the background when connected via a low link. This is very useful for roaming users connected via a VPN or even when the file server might be experiencing heavy load. When the network connection is slow or unavailable, Offline Files routes requests for the user folders that are stored on the server to the local computer cache.
Users read and write from their local cache. Offline Files synchronizes new and changed files and folders from the local computer cache to the server when the network becomes available or in the background when the connection is slow.
One of the most confusing aspect of folder redirection is all the type of Application Data folders there are and what they do. Below is my attempt at trying to explain the difference between the Applications Data folders and how they will affect your computers. The most commonly saved files in this path would be very large cache files that would be impractical to constantly send and receive across the network.
A good example of this is the TEMP and TMP path variable that is configured where most applications are configured to save temporary files. Warning: If you are running Windows XP and the users is connected via a slow link then the affect of having this folder redirected could be devastating to the users performance.
It also appears that this folder is neither redirected nor part of the roaming profile therefore all information stored into this folder is local to the computer and will not roaming with the user. Should AppData Local be redirected? In Windows XP days a users would either have their AppData folder online or offline and not matter how slow your connection was to the server so long as your still got a response you would stay online thus bringing your entire computer to a grinding halt.
But if the Administrator did not enable folder redirection for the users this normally resulted in them having a MASSIVE roaming profile that would take forever to sync during the logon and logoff process.
The work around to this was to exclude the entire AppData folder from the roaming profile but this meant you risked losing some of the users personal data. As Aaron mentioned in the comments the decision to enable Application Data folder redirection is one that should not be taken lightly and can have real negative consequences for the performance of your users. As I mentioned above having AppData folder redirection enabled to a location that is performing slow will have very noticeable performance impact for your users especially if you are running Windows XP.
However now with Windows 7 and to a lesser extent Vista the decision to enable folder redirection for Local AppData is tricky at best. The new Windows 7 features called Transparent Caching and Background Sync for offline files the issues with redirecting the Local AppData folder are now largely mitigated as the users will automatically work on the local copy of the file whenever network performance is poor.
Thus making it far more practical to enable Local AppData folder redirection while still not something that you really should do…. Any well written application for Windows Vista or later should be aware of the Roaming Application Data folder and should use this folder to save persistent information.
A good example of something that should be saved to this location is a users custom dictionary or a browsers internet cookies. So let me give you here some advice on how to best set them up in UCS and employ them , because I love to help you optimizing your IT infrastructure and providing your users with a smooth experience. When you log in to your Windows account, you know for sure that your icons are always in the same place and your background picture is the same as the last time you logged out.
These settings are the core of your Windows profile. In-depth, they are all made up of hidden files and folders deep located within your home directory, namely the app data folder. It is only when using roaming profiles that you can synchronize a userprofile between a client and the server. While this is often seen as handy for small environments, this feature is indeed more of a concession to manufacturers of Windows Software who follow the Windows 9x-based ideas of saving settings inside the documents folder instead of the proper ones.
The downside of this practice is that by definition the profile has to be copied entirely before a user can complete the login or logout. Thus, if you download large files or work on large documents, roaming profiles alone will make your login and logout painful. Folder redirection maps a local folder or a drive letter on your computer to a network share.
This mapping ensures that the client stores all data on the server, where it is available for backups and could be shared with co-workers. Folder redirection is not limited to your home folder, but you can use it for many other folders.
Folder redirection comes in two flavors. On the one hand, you can use it to synchronize a directory between server and client. On the other hand, you can map the folder and only keep the data on the server. Folder redirection can copy data in the background, while the user is already working. It also provides the option to compress the data while moving it between the server and a client.
The administrator can control the behavior for each share using group policies. In contrast to the general folder redirection options, the use case for the home directory stands out, because of the defaults that Windows clients use if no settings are configured.
The default folder redirection maps the folder and uses no other options. When used on the home directory, the directory is synchronized between the client and server in the background, and the data is compressed when in transfer. Thus, folder redirection can mitigate the login speed issues which arise from roaming profiles. When a user logs on to a station the information is copied to the local client and then accessed from the client.
When you log off it updates anything you've changed to the server. A redirection is just saying - when user clicks on My Documents take them to a different directory not their profiles one.
Profiles are set on actual user under - you just set where the profile should be stored ie. To a degree yes. Redirection is slightly slower in use as you are talking to the server rather than the workstations copy.
Thanks again Ash. Things are beginning to clear up for me. Thanks for this ash I have been pondering this for some time. All the best John.. One more quick question For those following this thread or looking at it: To answer my own question: Can folder redirection and roaming profiles be done using windows 98 workstations and a windows server?
0コメント