Folder redirection and roaming profiles best practices

By using our site, you acknowledge that you have read and understand our Cookie PolicyPrivacy Policyand our Terms of Service. Server Fault is a question and answer site for system and network administrators. It only takes a minute to sign up. I want to setup roaming profiles for about 50 users. What is the best way to go about doing this?

folder redirection and roaming profiles best practices

What are the best practices. How big is too big? We have a few users who keep a lot of media on their machine to listen to throughout the day. I would imagine they have a few gigs of MP3's in their My Documents folder. How do you deal with this? Using Folder Redirection to get the "My Documents", "Desktop", and potentially "Application Data" folders out of the user's roaming user profile will help matters tremendously.

It's dauntingly in-depth, but it's filled with very good information. Some people only use Folder Redirection and don't use roaming user profiles.

I tend to disagree with that strategy because, to me, the user's profile is user datatoo, and needs to be backed-up with the same degree of stewardship as their "overtly" data items. Roaming user profiles makes moving the user to a new PC a lot easier, too.

Whether you use "Offline Files" to cache data client-side is dependent on your environment. Windows Vista and Windows 7 have a much-improved caching engine and do a better job. To my mind, if the user's computer isn't portable there isn't a "win" in using "Offline Files". Others' views may vary. Finally, I tend not to use the default security paradigm that Microsoft "recommends". I change the default settings in "Folder Redirection" to prevent granting the user "exclusive access" which really means "mess up my folder permission hierarchy and turn off inheritance".

I also set the group policy setting to "Do not check for ownership of Roaming Profile Folders" to enabled to allow me to set the security on my roaming profile folders the same as above.

Microsoft's defaults "break" the permission inheritance hierarchy on my filesystem, and I find that both irritating and an obstacle that I'll invariably have to fight with at some point in the future. Secondly, the "Microsoft way" invovles setting the share-root folder to allow users to create subfolders. At best, this is just lax security.Recently, we were asked to scale up a Citrix deployment, shall we say, rather heavily, and indeed, rather rapidly.

First port of call was Citrix infrastructure, which all looked good.

folder redirection and roaming profiles best practices

Next we looked at network capacity — again, plenty of headroom for the expected increase. And then we came to storage — and oh boy, the numbers looked heavy. The main thought was — how big do we possibly expect the profile to get for each user?

There are of course maintenance routines to consider — shrinking, compacting, pruning, and dare I say it? In this environment, nothing had yet been put into place for maintenance purposes, so we had to have a look at existing users and try and take an educated guess at how much storage we potentially required for each user.

Most profiles were in the GB mark Teams, it would appear, throws out 4. Looking at OneDrive usage gave us an average of around GB — so being cautious, we anticipated looking at GB per user.

There were cloud services we could have leaned towards to accommodate this, but they had not yet been cleared for usage within the environment, and were unlikely to anytime soon. The natural response to this problem is usually to front some DFS onto multiple shares, but several reasons prevented this — a I hate DFS, b there were authentication issues between the various domains in use and DFS would have exacerbated this, and c directing users to DFS file shares seemed no more intelligent than simply directing them to a list of Windows file shares.

The main problem we had was — what would happen when the first file share filled up? How would we direct users to the next one instead? Ryan had experienced a similar problem, and his response was simply to use a PowerShell startup script to iterate through a list of file servers and order them by their free disk space.

Essentially, as long as the script was run often enough for the volume of new user onboarding, the profiles would be load balanced across the file shares.

If it finds one, fine. For our environment, we were potentially onboarding thousands of users a day, so we had to run this as a Scheduled Task rather than a Startup Script. Permissions-wise, you need to make sure that you give Domain Computers or at the very least the Citrix worker computer accounts RX access to the root of the share so that you can determine free space. If running as a Scheduled Task, obviously this also needs to include the user the task is configured to run as.

Big kudos to Ryan for his hard work on this! We have been running it every hour, as we are seeing up to two thousand users per day being onboarded and our Citrix workers are never rebooted anyway. The script also writes a handy extra value to the Registry key called scriptDebug which shows the disk space of all the target file shares last time it was run — really handy. So with this being run, our users are directed to any one of in this particular case twelve file shares of 16TB each.

This can simply be added to by provisioning additional file servers and volumes and adding them to the list in the script, so their new capacity will be instantly utilized. There was no requirement here to provide resiliency, merely the capacity to absorb an unprecedented and exceptional uplift of user numbers.

There is resiliency in terms of absorbing the loss of an Availability Zone, but only in terms of users being able to log on — the users in the AZ or on that server, or file share will still lose their profiles and have a new one created elsewhere. If you do need resiliency for the profiles themselves then there are lots of options here will hopefully cover some of them off in my upcoming blog post about FSLogix best practices.Asked by Marc Johnson. When using Citrix Profile Management what is the best practice as far as enabling folder redirection?

Will using the Microsoft settings in conjunction with Profile Management cause any conflicts or other issues as long as redirection is not enabled in both places? This here is by far the best article I know. But as far as where folder redirection is implemented, in XenApp 7.

Does using one way over the other make any difference? If anyone is interested, I have logged a bug with Chrome. Your environment may vary. Let me know if that doesn't make sense. This is working very well for us now.

You will be able to leave a comment after signing in. Jump to content XenApp 7.

Profile Management best practice

Ask question. Upvote if you also have this question or find it interesting. Learn more. Follow, to receive updates on this topic. Profile management and folder redirection best practices? Marc Johnson Marc Johnson Enthusiast 12 Members 19 posts. Posted August 31, Thanks for the input. Share this post Link to post. Recommended Posts. Mark this reply as best answer, if it answered your question. Upvote if you found this answer helpful or interesting.

Christoph Wegener 2, Christoph Wegener Virtuoso 2, Members 3, posts. I don't think that the Citrix Policy extensions include Folder Redirection. I normally use this template as a starting point. Marco Hofmann Posted September 1, Posted September 3, Those are all good documents. Posted March 4, Adam Shattuck Adam Shattuck Aficionado Members posts.

Posted November 9, The article is not quite accurate on the Google Chrome topic.

Deploy Folder Redirection in Windows Server 2019

Please sign in to comment You will be able to leave a comment after signing in Sign In Now.Plus you may have to manually configure redirected folder structures for new users rather than letting the system take care of it automatically. Now I generally do not recommend breaking inheritance unless it is absolutely necessary. I prefer to create all the permissions you need on root-level shares and grant access based on that level to those resources directly, when possible.

User profiles are a perfect example of this.

folder redirection and roaming profiles best practices

So you will need to break inheritance in this case. Second, as promised, here is an explanation of why these entries are all necessary. That is, unless you are missing this permission—then they may not be able to create or take ownership of the new sub-directories.

This should be intuitive, but you want the system to retain access to everything on itself. Backup agents that rely on SYSTEM permission also need to be able to leverage this in order to take successful backups. But in most cases, it makes sense. The proper way to limit administrative access is to limit this level of superuser access to the people and the times it is required. They can have a separate account that is leveraged only in those cases when it is required.

Furthermore they must be able to create new folders namely, their own folders. That is the long-winded version of it. More information than most of us need, perhaps, but I hope that it helps someone out there do this better, and avoid the unnecessary problems that I am too often being paid exorbitant amounts of money to correct.

Your email address will not be published. Notify me of follow-up comments by email.

folder redirection and roaming profiles best practices

Notify me of new posts by email. This site uses Akismet to reduce spam. Learn how your comment data is processed. July Technical 0. Like this: Like Loading Leave a Reply Cancel reply Your email address will not be published. Previous Previous post: What is Technology?

Subscribe to RSS

Search Anything Search for:.Now theoretically User State Virtualization can be totally done with just a Roaming Profile, however this quickly becomes impractical as users often store a LOT of data which can make users profile impossibly large.

To get around this Microsoft users folder redirection to essentially redirect parts of a users profile to a file share on a server where it is centrally access whenever they logon to a computer.

In case you still wondering what User State Virtualization is then check out the overview video from Microsoft below:. Folder Redirection provides a way for administrators to divide user data from profile data.

This division of user data decreases user logon times, and Windows downloads less data. Windows redirects the local folder to a central location, giving the user immediate access to their data when they save it, regardless of the computer they are using. This immediate access removes the need to update the user profile. By redirecting these folders to a server they are only access when needed and therefore very large files do not slow down the profile update process.

The obvious disadvantage of doing this is that when a user cannot access the redirected folders e. However this restriction is also mitigated by ensuring that the user has a cached copy of these redirected folders. Before you begin I would also recommend that you read the following articles from Microsoft about User State Virtualization.

Below I will show you how to setup folder redirection for you users profiles. When setting up the file server you need to be sure that the permission on the folder are setup so that a user can create a new folder however you also need to ensure that they can only see their own files if they start to snoop about.

Below I will go though the setup of a folder to be used for folder redirection and the roaming profiles.

Spreading users over multiple file shares with FSLogix Profile Containers

Combining a users redirected folders and roaming profile path to the one spot on the network is far easier to manage as it consolidates all the users information in one locations. Otherwise you will need to create a separate share for roaming profiles with offline caching disabled for Windows XP systems. Step 1. Create a folder to be used as a root folder for all the users information e.

Step 2. Open the properties of the folder and then go to the Security tab and then click on the Advanced button. Step 8. Step 9. Step This is not necessary but it is good practice to help stop nosey users. If you are still using Windows XP then I would recommend configuring the roaming profile folder is the same as the Users folder for the redirected folders except that you need to disable file caching.

This is optional however as it simple stops your snooping users from seeing who else is in the organisation. This last part is for the former Novell Admins out there. Enabling ABE on a share does come at a price of performance.Profile Management Current Release. Profile Management What's new. Fixed issues.

Known issues. System requirements. Quick start guide. How Profile Management works. About profiles. Assign profiles. Profile Management architecture. Profile Management use cases. Access multiple resources. Logon diagram. Logoff diagram. Plan your deployment. Decide on a configuration.

Migrate profiles? New profiles? Which applications? Review, test, and activate Profile Management. Plan for multiple platforms. Share Citrix user profiles on multiple file servers.

Administer profiles within and across OUs. Domain and forest support in Profile Management. High availability and disaster recovery with Profile Management. Scenario 1 - Basic setup of geographically adjacent user stores and failover clusters. Scenario 2 - Multiple folder targets and replication. Scenario 3 - Disaster recovery. Scenario 4 - The traveling user. Scenario 5 - Load-balancing user stores. Plan folder redirection with Profile Management.

Third-party directory, authentication, and file services. Frequently asked questions about profiles on multiple platforms and Profile Management migration. Install and set up. Files included in the download.

Setting up Folder Redirection & Roaming User Profiles in a Windows 2012 R2 Domain, Step-by-Step

Create the user store. Upgrade and migrate. Upgrade Profile Management.My corporate client uses Windows R2 servers in an Active Directory domain that supports about 50 users and 35 workstations and laptops running Windows 10 Pro. Problem was, we had more staff than computers, and a limited computer budget. However, many of the primary staff were often off-site working at remote field projects, so their vacated office computers could - in theory - be used by other staff working locally on-site.

Well, unfortunately, all these computers were inconveniently inaccessible at deadline times and led to unsynchronized user documents, creating a lot of re-work and frustration — and coffee drinking. Instead, we needed a more strategic and tactical process to ensure integrity and consistency of user data, Outlook emails, and calendar events across multiple shared computers.

When the user signs out of the computer, the local copy of their profile, including any changes, is merged with the server copy of the profile. Note: Be sure that the Windows R2 has the latest updates.

In this domain, we will select two computers to be shared by two roaming users, as shown in Figure 1. These computers should have the same Windows 10 Version e. They would be set up as regular users, with usernames and passwords.

See Figure 2. When the original users return, they log on as they usually do — there is no impact from sharing their computers with Roaming Users. To start this procedure, we first need to create a Security Group to control access permissions for roaming users and their profiles.

Repeat this process again to add the BBBB computer. See Figure 5. So when roaming user Andy logs on to a designated Primary Computer, all his files and folders will be available; after Andy signs off, then Bill can log on to the same computer, and all of Bill files will be available. By the way, if this particular Primary Computer also happens to be the main working computer of another user, nothing will change for that original user. See Figure 7. The Value for this computer looks like:. In our example, we will be using two Primary Computers, so the saved text file should look like:.

See Figure ORG - open File Explorer and create a new partition big enough to hold the profiles for all the roaming users.


thoughts on “Folder redirection and roaming profiles best practices

Leave a Reply

Your email address will not be published. Required fields are marked *