Thursday, March 22, 2018

windows - roaming profile vs folder redirection




I can't seem to find a consensus on what the differences are between the two. Roaming Profiles, Folder redirection or... both is one example. The top answer doesn't answer the question as to what data isn't shared if not using roaming profiles.




  • What is the difference between roaming profile and folder redirection?


  • What data "roams" with roaming profiles that doesn't roam with folder redirection?


  • Why is it a bad idea to redirect AppData? What are the consequences of not redirecting this folder should a user log onto the domain with a different machine?




Thanks for any insight.


Answer





What is the difference between roaming profile and folder redirection?




At the most basic level, a Windows user profile is the entirety of the directories and files within the directories that contain user-specific data (a very basic way to look at it is the profile is anything and everything contained within the c:\users\username directory) as well as the various registry entries that contain user specific settings within the HKCU registry hive.



A pure roaming profiles implementation will COPY the data from the entire user profile from a fileshare to a system on user logon and copy data for the entire user profile back to the fileshare on logoff. In cases where a user who has roaming profiles enabled logins to multiple systems and makes conflicting changes to the same file in their profile, the last logoff/write will win. As users start saving things to their my documents folder, saving pictures off their camera, uploading their iTunes libraries (these things never happen in an enterprise environment, right? :), the size of the user profile data being copied back and forth can start to cause long delays and increase the time it takes during both user login and user logoff.




What data "roams" with roaming profiles that doesn't roam with folder redirection?





Folder redirection provides a mechanism to point specific folders (My Docs/AppData/Pictures/etc) within the user profile to a fileshare. If a user logins into multiple systems and has folder redirection applied on all systems, his My documents on all systems would point back to the same fileshare location regardless of which machine he logs into. Note that the use of badly written applications that hard code a path (as opposed to reading the registry or querying windows for the proper location) into their application may NOT work correctly with folder redirection.



Data that "roams" with roaming profiles would include such things like Outlook profile Settings, Desktop wallpaper settings, screen saver settings, explorer view settings, installed/default printers, etc..). Folder redirection would not account for these things as it does not account for any data contained in folders that cannot be redirected (appdata\local, etc), or account for any settings contained in the HKCU registry hive.




Why is it a bad idea to redirect AppData? What are the consequences of not redirecting this folder should a user log onto the domain with a different machine?





First, a note, that only the Appdata\Roaming folder is redirected. The Appdata\Local and Appdata\LocalLow folders are not redirected.



Redirecting the AppData folder is a mixed bag and the user experience depends largely on the applications being used. In a redirected folder solution, all the I/O to the Appdata\Roaming folder can cause performance issues (impacting file servers, network, and the system being used) with folder redirection as it would need to read/write that data over the network to the fileshare. In addition, if an application is being used on multiple systems and require a file lock to the same file, folder redirection may not work as there is only a single copy on the file server that can be accessed and locked. All that being said, you start with application profiling and unless there is some serious indications of possible performance issues, I usually would recommend starting with redirecting AppData and watch for performance issues. There are some tools (Citrix Profile Manager and other profile management tools) that provide methods to be more granular in the folders being copied vs redirected within AppData.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...