Roaming Profiles and Folder Redirection

G

Guest

I'm beginning to implement roaming profiles as well as redirecting the My
Documents, Desktop, and Application Data folders and have been experiencing
some unexpected results.

First, when my test user logs in, his desktop icons are never in the same
place that he has placed them. A minor inconvenience I know, but it's driving
him crazy.

Second, when he logs in sometimes he gets an error that files are are in use
during synchronization (at this point I'm unsure of the exact message, but I
can get it). When this happens, he doesn't get any of his custom desktop
shortcuts. It seemed to me like there was a timing issue involved between
loading the profile information and synchronizing the folders. Would it be
better to not sync the Desktop and Application Data folders and just let the
roaming profile take care of that information?

I'm waiting to get all of the kinks worked out before deploying on a larger
scale, so any help would be greatly appreciated.
 
L

Lanwench [MVP - Exchange]

JE said:
I'm beginning to implement roaming profiles as well as redirecting
the My Documents, Desktop, and Application Data folders and have been
experiencing some unexpected results.

Note that you might post future questions such as this in a server, AD or GP
group for more expert help.
First, when my test user logs in, his desktop icons are never in the
same place that he has placed them. A minor inconvenience I know, but
it's driving him crazy.

Is it set to "autoarrange"?

He might check out the "Desktop Icons - Lock" section here:
http://www.kellys-korner-xp.com/xp_d.htm

Frankly, I usually set up users' initial profiles with "auto arrange" and
make anything else their problem, and tell them I don't want to hear about
it if they want to arrange 200 shortcuts in a ziggurat design. Oh, and I
also force Windows Classic, and the Classic Start menu via GPO, because it's
so much easier to find everything....and business users really don't need
the Fisher Price interface.
Second, when he logs in sometimes he gets an error that files are are
in use during synchronization (at this point I'm unsure of the exact
message, but I can get it).

Do you actually *need* offline files on your desktops? I don't see the
point - I'd disable them via group policy or on the share properties. But
read on....
When this happens, he doesn't get any of
his custom desktop shortcuts. It seemed to me like there was a timing
issue involved between loading the profile information and
synchronizing the folders.

Possibly - one thing you might want to set via GPO is "always wait for
network...."

Computer Configuration / Administrative Templates / System / Logon.
Double-click Always wait for the network at computer startup and logon and
Enable this policy.
Would it be better to not sync the Desktop
and Application Data folders and just let the roaming profile take
care of that information?

Yes. Use folder redirection for My Documents and Desktop (or do what I do,
which is to tell users not to put anything but shortcuts on their desktops -
no files, or I'll holler at 'em). I only redirect My Documents. Application
Data can usually roam.
I'm waiting to get all of the kinks worked out before deploying on a
larger scale, so any help would be greatly appreciated.

the following is my boilerplate on roaming profiles -

General tips:

1. Set up a share on the server. For example - d:\profiles, shared as
profiles$ to make it hidden from browsing. Make sure this share is not set
to allow offline files/caching!
2. Make sure the share permissions on profiles$ indicate everyone=full
control. Set the NTFS security to administrators, system, and users=full
control.
3. In the users' ADUC properties, specify \\server\profiles$\%username% in
the profiles field
4. Have each user log into the domain once from their usual workstation
(where their existing profile lives) and log out. The profile is now
roaming.
5. If you want the administrators group to automatically have permissions to
the profiles folders, you'll need to make the appropriate change in group
policy. Look in computer configuration/administrative templates/system/user
profiles - there's an option to add administrators group to the roaming
profiles permissions.

Notes:

* Make sure users understand that they should never log into multiple
computers at the same time when they have roaming profiles (unless you make
the profiles mandatory by renaming ntuser.dat to ntuser.man so they can't
change them). Explain that the
last one out
wins, when it comes to uploading the final, changed copy of the profile.

* Keep your profiles TINY. Redirect My Documents; usually best done to the
user's home directory on the server - either via
group policy (folder redirection) or manually (far less advisable). If you
aren't going to also redirect the desktop using policies, tell users that
they are not to store any files on the desktop or you will beat them with a
stick. Big profile=slow login/logout, and possible profile corruption.

* Note that user profiles are not compatible between different OS versions,
even between W2k/XP. Keep all your computers. Keep your workstations as
identical as possible - meaning, OS version is the same, SP level is the
same, app load is (as much as possible) the same.

* Do not let people store any data locally - all data belongs on the server.

* The User Profile Hive Cleanup Utility should be running on all your
computers. You can download it here:
http://www.microsoft.com/downloads/...6D-8912-4E18-B570-42470E2F3582&displaylang=en
 
G

Guest

Thanks for the quick response.

1 - No, desktop is not set to auto arrange
2 - I set up offline folders for the desktop so if they do save something
there while roaming it would be available anywhere they logged in. All of
the redirections that I set up are set for offline access.
3 - I've tried the GPO for always wait for network, I'll try it again and
test though.
4 - You can tell users not to save things to their desktop, but they still
will. It's inevitable. Some of these guys couldn't find anything if a
shortcut hadn't been created on their desktop.

According to MS propaganda, roaming profiles ARE compatible between Op
Systems, but that's really not an issue here and I know that sometimes things
just don't work the way they're supposed to. And they erecoomend NOT
redirecting to the home directory (if I remember correctly).

Thanks!
 
L

Lanwench [MVP - Exchange]

JE said:
Thanks for the quick response.

1 - No, desktop is not set to auto arrange
2 - I set up offline folders for the desktop so if they do save
something there while roaming it would be available anywhere they
logged in.

Well, since they should only log in to one computer at a time, and your
network/server should always be available, I wouldn't do that.
All of the redirections that I set up are set for offline
access.
I wouldn't do that, either. I have seen far too many problems w/offline
files in the gazillion years I've been working with Windows, to ever want
them on my networks again ....but I might make exceptions for laptops.
Never, ever for desktops.

3 - I've tried the GPO for always wait for network, I'll try
it again and test though.
4 - You can tell users not to save things to their desktop, but they
still will. It's inevitable. Some of these guys couldn't find
anything if a shortcut hadn't been created on their desktop.

This is true. Hence, you can redirect Desktop. But that don't make offline
files a good thing. Roaming profiles said:
According to MS propaganda, roaming profiles ARE compatible between Op
Systems,

Hmmm. Got a link for that? I know for a fact that it causes problems, but
it'd be interesting to see something official that states the contrary.
but that's really not an issue here and I know that
sometimes things just don't work the way they're supposed to. And
they erecoomend NOT redirecting to the home directory (if I remember
correctly).

Yes, some articles say that - but I've been doing it that way forever, and
it always works. You don't have to have home directories at all, of course.
 
K

Ken Zhao [MSFT]

Hello,

Thank you for using newsgroup!

Thanks our MVP Lanwench for his kindly help.

Thanks & Regards,

Ken Zhao

Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.





--------------------
| From: "Lanwench [MVP - Exchange]"
<[email protected]>
| References: <[email protected]>
<[email protected]>
<[email protected]>
| Subject: Re: Roaming Profiles and Folder Redirection
| Date: Fri, 8 Jun 2007 08:58:35 -0400
| Lines: 157
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.3028
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
| Message-ID: <#NBU#[email protected]>
| Newsgroups: microsoft.public.windowsxp.general
| NNTP-Posting-Host: cpe-24-193-56-181.nyc.res.rr.com 24.193.56.181
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP05.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windowsxp.general:88558
| X-Tomcat-NG: microsoft.public.windowsxp.general
|
| > Thanks for the quick response.
| >
| > 1 - No, desktop is not set to auto arrange
| > 2 - I set up offline folders for the desktop so if they do save
| > something there while roaming it would be available anywhere they
| > logged in.
|
| Well, since they should only log in to one computer at a time, and your
| network/server should always be available, I wouldn't do that.
|
| > All of the redirections that I set up are set for offline
| > access.
| I wouldn't do that, either. I have seen far too many problems w/offline
| files in the gazillion years I've been working with Windows, to ever want
| them on my networks again ....but I might make exceptions for laptops.
| Never, ever for desktops.
|
|
| > 3 - I've tried the GPO for always wait for network, I'll try
| > it again and test though.
| > 4 - You can tell users not to save things to their desktop, but they
| > still will. It's inevitable. Some of these guys couldn't find
| > anything if a shortcut hadn't been created on their desktop.
|
| This is true. Hence, you can redirect Desktop. But that don't make
offline
| files a good thing. Roaming profiles <> offline files.
| >
| > According to MS propaganda, roaming profiles ARE compatible between Op
| > Systems,
|
| Hmmm. Got a link for that? I know for a fact that it causes problems, but
| it'd be interesting to see something official that states the contrary.
|
| > but that's really not an issue here and I know that
| > sometimes things just don't work the way they're supposed to. And
| > they erecoomend NOT redirecting to the home directory (if I remember
| > correctly).
|
| Yes, some articles say that - but I've been doing it that way forever,
and
| it always works. You don't have to have home directories at all, of
course.
| >
| > Thanks!
| >
| >>> I'm beginning to implement roaming profiles as well as redirecting
| >>> the My Documents, Desktop, and Application Data folders and have
| >>> been experiencing some unexpected results.
| >>
| >> Note that you might post future questions such as this in a server,
| >> AD or GP group for more expert help.
| >>>
| >>> First, when my test user logs in, his desktop icons are never in the
| >>> same place that he has placed them. A minor inconvenience I know,
| >>> but it's driving him crazy.
| >>
| >> Is it set to "autoarrange"?
| >>
| >> He might check out the "Desktop Icons - Lock" section here:
| >> http://www.kellys-korner-xp.com/xp_d.htm
| >>
| >> Frankly, I usually set up users' initial profiles with "auto
| >> arrange" and make anything else their problem, and tell them I don't
| >> want to hear about it if they want to arrange 200 shortcuts in a
| >> ziggurat design. Oh, and I also force Windows Classic, and the
| >> Classic Start menu via GPO, because it's so much easier to find
| >> everything....and business users really don't need the Fisher Price
| >> interface.
| >>
| >>>
| >>> Second, when he logs in sometimes he gets an error that files are
| >>> are in use during synchronization (at this point I'm unsure of the
| >>> exact message, but I can get it).
| >>
| >> Do you actually *need* offline files on your desktops? I don't see
| >> the point - I'd disable them via group policy or on the share
| >> properties. But read on....
| >>
| >>> When this happens, he doesn't get any of
| >>> his custom desktop shortcuts. It seemed to me like there was a
| >>> timing issue involved between loading the profile information and
| >>> synchronizing the folders.
| >>
| >> Possibly - one thing you might want to set via GPO is "always wait
| >> for network...."
| >>
| >> Computer Configuration / Administrative Templates / System / Logon.
| >> Double-click Always wait for the network at computer startup and
| >> logon and Enable this policy.
| >>
| >>> Would it be better to not sync the Desktop
| >>> and Application Data folders and just let the roaming profile take
| >>> care of that information?
| >>
| >> Yes. Use folder redirection for My Documents and Desktop (or do what
| >> I do, which is to tell users not to put anything but shortcuts on
| >> their desktops - no files, or I'll holler at 'em). I only redirect
| >> My Documents. Application Data can usually roam.
| >>>
| >>> I'm waiting to get all of the kinks worked out before deploying on a
| >>> larger scale, so any help would be greatly appreciated.
| >>
| >> the following is my boilerplate on roaming profiles -
| >>
| >> General tips:
| >>
| >> 1. Set up a share on the server. For example - d:\profiles, shared as
| >> profiles$ to make it hidden from browsing. Make sure this share is
| >> not set to allow offline files/caching!
| >> 2. Make sure the share permissions on profiles$ indicate
| >> everyone=full control. Set the NTFS security to administrators,
| >> system, and users=full control.
| >> 3. In the users' ADUC properties, specify
| >> \\server\profiles$\%username% in the profiles field
| >> 4. Have each user log into the domain once from their usual
| >> workstation (where their existing profile lives) and log out. The
| >> profile is now roaming.
| >> 5. If you want the administrators group to automatically have
| >> permissions to the profiles folders, you'll need to make the
| >> appropriate change in group policy. Look in computer
| >> configuration/administrative templates/system/user profiles -
| >> there's an option to add administrators group to the roaming
| >> profiles permissions.
| >>
| >> Notes:
| >>
| >> * Make sure users understand that they should never log into multiple
| >> computers at the same time when they have roaming profiles (unless
| >> you make the profiles mandatory by renaming ntuser.dat to ntuser.man
| >> so they can't change them). Explain that the
| >> last one out
| >> wins, when it comes to uploading the final, changed copy of the
| >> profile.
| >>
| >> * Keep your profiles TINY. Redirect My Documents; usually best done
| >> to the user's home directory on the server - either via
| >> group policy (folder redirection) or manually (far less advisable).
| >> If you aren't going to also redirect the desktop using policies,
| >> tell users that they are not to store any files on the desktop or
| >> you will beat them with a stick. Big profile=slow login/logout, and
| >> possible profile corruption.
| >>
| >> * Note that user profiles are not compatible between different OS
| >> versions, even between W2k/XP. Keep all your computers. Keep your
| >> workstations as identical as possible - meaning, OS version is the
| >> same, SP level is the same, app load is (as much as possible) the
| >> same.
| >>
| >> * Do not let people store any data locally - all data belongs on the
| >> server.
| >>
| >> * The User Profile Hive Cleanup Utility should be running on all your
| >> computers. You can download it here:
| >>
http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-
B570-42470E2F3582&displaylang=en
|
|
|
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top