For employees whose primary computing device is a desktop PC, moving to another computer often results in problems, such as applications that don’t work and files that can’t be found.
Windows stores user data and settings in user profiles, which consist of a folder namespace and registry hive. Every user account has an associated local or roaming profile. Roaming profiles, which are sometimes used on networked PCs, are stored on a server so that users’ settings and files follow them as they log on to different machines. Folder redirection makes it possible to change the location of files within a selected folder (such as Documents) in a user’s profile, from the local machine to a server.
Microsoft has made significant changes to the folder namespace for storing data in user profiles in Windows Vista. The new hierarchy clearly differentiates between machine-specific data and files that need to follow users, reducing the amount of space required to store roaming profiles. More folders can now be redirected using Group Policy, which may prove to be an effective alternative to — or may be used in combination with — roaming profiles.
Vista includes several new and/or renamed folders that reside under Users\username rather than Documents and Settings\username as in XP. Vista’s new AppData folder (Figure 1) consolidates several XP folders, such as Application Data, Local Settings\Application Data and Start Menu, among others. AppData is divided into three subfolders: Roaming, Local and LocalLow. The Roaming subfolder consolidates all data that needs to follow a user, and the other two contain machine-specific data. This separation of files allows more efficient folder redirection and profile roaming by reducing the quantity of data that needs to be copied to a server. For the purposes of application compatibility, Vista includes hidden junction points that redirect applications with hard-coded references to XP’s legacy file paths, so Documents and Settings\username will be transparently redirected to Users\username.
Vista’s user profiles are not backward-compatible with XP’s, so two different profiles will reside on the server if roaming is used in a mixed environment. Vista’s profiles are identified by a .V2 extension appended to the folder name. Roaming profiles are cached on computers that a user has logged on to, so if the network is unavailable, a local copy of the profile is accessible. It’s also possible to configure default network and local profiles so that, in the worst case, there is always a temporary profile available to let users log on successfully. Before you enable a roaming profile for a user, you need a network share to store the profile, with Authenticated Users granted Full Control on the share’s Access Control List (ACL). Log on to a Server 2008 domain controller as a domain administrator:
If we log on to a Vista workstation, a new folder will be created in the “roamingprofiles” share. In this example (Figure 3), a folder has been created called Accountant1.V2.
As opposed to roaming profiles, which transfer the entire profile to a server, folder redirection allows you to select only the data that needs to follow a user as they work on different machines. Folder redirection provides a lightweight alternative to roaming profiles, but it has one disadvantage: Folders must be used in conjunction with Vista’s Offline Files functionality or they won’t be available if the server is unreachable. But it’s likely that you will use Offline Files with notebook computers. Folder redirection is a simple affair with Vista and Windows Server 2008. Log on to a Server 2008 domain controller as a domain administrator:
Open Group Policy Management from Administrative Tools on the Start menu.
Enter the UNC path in Root Path for the share where redirected folders are stored on your network (Figure 5).
Now that we’ve created a GPO for Folder Redirection, we need to link the GPO to an OU in the domain that contains user accounts to which we want to apply the new settings. To test the new policy, log on to Vista using an account located in the OU where the new policy is linked, right-click Documents on the Start menu and select Properties. The network location of the folder should be shown on the General tab.
A new feature in Windows Vista — supermandatory profiles — ensures that users can log on only if the profile successfully loads from the server. A temporary or cached local profile will not be used. Before creating a supermandatory profile, prepare a new file share, with share permission of Full Control for Administrators and Read permission for Authenticated Users. To create a new supermandatory profile, log on to Vista as a domain administrator:
Right-click Computer on the Start menu and select Advanced system settings.
To test the new profile, log on to Vista with the user account we’ve just modified in ADUC, and change the desktop background. Log off and back on again, and you should find that the changed desktop background was not saved. If the supermandatory profile is not accessible on the network, you won’t be able to log on.
To further improve logon performance, you can use folder redirection to move the Documents and Desktop (and any other folders that contain large amounts of data) out of the roaming profile folder namespace. Folder redirection can be used in conjunction with Group Policy, Group Policy Preferences and other means of automated configuration to provide users with a consistent environment when moving between machines, the net result being similar to roaming profiles. To achieve some degree of interoperability between Vista and XP roaming profiles in mixed environments, you can redirect folders from Vista user profiles to XP roaming profiles on a server.