Roaming Profile woes
How do you guys handle roaming profiles?
Here staff have roaming profiles (they've always been mandatory at my last three schools) and the level of misuse is shocking. We have profiles of hundreds of MB, one is over 2.5GB! :eek:
They store files on the desktop and in the My Documents folder, meaning they have their work squirrelled away in so many areas (these two locations, their H drive, the faculty areas and so on).
I'm trying to enlighten them to saving to the H drive only but then there's the issue of accessing work from home (we have no remote connection to the school). I'm getting around that by using SYNCTOY from Microsoft, it seems to do the trick.
I was going to make them use Mandatory profiles but many staff use Outlook and I assume that it's in the profile where it points to the location of the mail folders (now on their H drives).
Aside from a couple of Group Policy tweaks to remove the My Documents folders, can anyone else offer any advice on the best way to keep the profiles roaming yet small?
Group Policy tweaks are definately the way to go. You can easily redirect the desktop folder for a start, so that it appears in the user's My Documents folder. So for example, on our system, N: is mapped to the user's home folder on the network. We have a policy that redirects My Documents to N:\ and a policy that redirects the desktop to N:\My Desktop. Then it doesn't matter where the user saves their files - they all end up in their network home folder.
You should redirect AppData as well as that tends to get quite big. On our system, we have this redirected to N:\My Settings.
Don't forget the policy to exclude folders from the roaming profile - Local Settings contains the user's Temp folder and Temporary Internet Files, so you'll want to exclude that from the roaming profile if it's not already.
Also the cookies folder is a good one to exclude if you don't need it to roam around with the users. It doesn't use alot of disk space, but it does contain large numbers of files and slows down the log on/off as they are copied from/to the server.
Roaming Profiles work quite well for us on the whole. The trick is to control them using the folder redirection policies.
The Outlook pst can be moved into the Home Directory... we've done it here and it does help to keep the profile smaller. The other killer can be a build up of cookies... a logoff script can clear those out.
Having a large Home Directory isn't in itself a problem as long as there is room for it on your server. Get busy with Server 2003 Release 2 rules!
This is a common problem in schools, teachers for some reason fall in love with their desktops and store anything and everything there! Also if you have a quota system on your home drives, they pretty easily work out it's a way of circumnavigating them!
As said above, folder re-direction is the way forwards, We re-directed Desktop to H:\desktop, my documents to H:\ and Application data to H:\userdata and it worked a treat. The folders are automatically created when the policy is applied, and if you tick the right box everything is copied over automatically when the user first logs on under the new policy (although it takes a while if the profile is big!) It speeded up logons no end for us, and also means all the important stuff is in one location, so less chance of losing data.
Here we redirect documents to their network drive and use folder redirection to provide a central desktop and start menu, they can't save any work to their desktop.
They used to be able to but after a couple of disasters we moved away from that. Other than that we also redirect appdata to the server and stoped using roaming profiles altogether, we now have very few profile issues which is a big improvement from when we used roaming profiles.
I've done some, but not all of this.
Originally Posted by maniac
Any chance of an "Idiot's Guide"... perhaps it could go on the wiki (which appears to say that it can be done, but not how!)
Give me a few minutes to just test it out in my Virtual network, and I'll post something up. It's cruical you tick the right boxes, else you could end up isolating people from their old desktops, which isn't good!
It'd be much appreciated here too... About to be finishing off here with stuff like this so it's would be very useful
Originally Posted by maniac
OK, here are the basics. I was going to do something with screen pics in, but I'm too knackered to write that tonight. If there's sufficient interest, I'll put together a better guide for the wiki.
Firstly Create a new Group policy. You could put the settings in an existing one, but I usually use seperate policies for key settings like this. it's a personal preference kinda thing. This is a User policy, and must be applied to the container where the users reside that you want to re-direct folders for.
My personal recomendation if you are making this change is to create a new OU and apply the new policy to this, then move you users slowly a few each day say, else your network can get stressed when lots of people log on at the sametime, and lots of files start to get copied, particulalry if you have masses of files on desktops. You will probably get problems with some users in my experience, particularly if the user is wireless and the connection drops halfway through logging on, or the user gets impatient. It works most of the time, but ocassionally it will leave files behind in the profile which have to be move manually. It won't ever delete anything that's not been copied, so it's a fairly safe change. It may be worth warning your users that logons may be longer than expected as a one off, as sometimes it takes a very long time to copy the files, and to the un-trained user it can appear as if the logon has hung and they might be tempted to turn the machine off.
The change is actually fairly simple, but there's a few key elements that can stop you having problems. There's 3 key areas you can re-direct. Application Data, Desktop and My Documents (You can do the start menu as well, but this is not worthwhile in my experience and may as well stay in the profile)
So open up your new group policy in the editor, and find the area under user configuration-->Windows Settings-->Folder Redirection and you'll see the 4 elements described above listed.
To apply the redirection, Right hand click the one you want to re-direct, and select properties, and you'll see the options you can set. I recommend the following settings, as they worked for me with no hitches.
Basic - Redirect everyones folder to the same location
Redirect to the following location - enter the UNC path including %username% to signify the users home folder. e.g \\SERVER\SHARE\%username%\Application Data (Incidently this does only work if the persons home folder name is the same as their username, most networks are setup this way, so it shouldn't be too much of a problem.) I thought it could work by refering to the local drive e.g. H:\ but it doesn't.
Exclusive Rights - Unticked (Can tick if you like, but can cause problems with administrator accessing folder for copying at a later date) As the folder is within the users home foler, the same security settings as the home folder will apply to it anyway.
Move contents to new location - Ticked
Leave folder in new location when policy is removed - Selected
The Desktop folder and my documents can be re-directed using the same settings as above, but obviously changing the path accordingly. Desktop would be \\SERVER\SHARE\%username%\Desktop and my documents simply \\SERVER\SHARE\%username% I'm presuming your home folders are all contained in a root share, if they're individual shares, change the path accordingly.
I may have over simplified this, but you did say an idiots guide ;)
Thank you maniac... this "idiot" will read and digest in the morning :D
I'm sure there are other idiots who will appreciate tthis too!
Thanks Maniac, really useful. It's one of my to do jobs for the Summer, but with everything else I've got to do I hadn't even considered moving a few users at a time to prevent server maxout.
I'm sure that there are loads of us out here that really appreciate the work you've put into this, even more so if you can spare the time to produce a wiki version with screenschots!
It's one of the problems I ran into when I tried this in my last school, all the staff came in on the Monday after I made the change and logged on as usual, and the network ground to a near hault as the new policy applied, and all the files were moved from the profiles to the user areas. Luckily, of course, it only does this once! Some of our teacher profiles were rediculous, I think the final straw was when I discovered one teacher with around 10GB of data on his desktop!
Originally Posted by muppet
The other thing that can cause problems that I didn't mention above is if you use a quota system, it can pay dividends to turn it off while users data is being copied from profiles to user areas, as if it runs out of space while it's moving the files, it can cuase all sorts of problems. You can turn it on again afterwards, and address the issues of staff who are using too much space then.
Thanks for the thanks! I will see what I can do about an illustrated version.
I think you need to step back and ask what sort of service you're trying to provide. If the aim is to let staff keep work on a network then you need to ask "what's the proper way of doing this?"
I don't save stuff on my desktop - I prefer to put it in folders neatly arranged under a top level folder (at home it's c:\work) and this goes back to DOS days when there wasn't a desktop - but there's no real problem with putting it there.
As far as the user is concerned "desktop" is just a place to save stuff. It's up to IT staff to make sure that "desktop" works.
For many years it's been possible to re-direct the desktop (and other key folders) so that they're stored on a network and the whole folder doesn't then get copied across the network. If you're not doing that and you're seeing problems with profiles being slow, getting corrupted etc, then maybe you should be asking yourselves why you've not read the MS guidelines for setting up profiles, desktop redirection etc
There's a whole separate issue about how much data a user should be able to store but whether it's in n:\desktop, n:\work or any other folder on the network doesn't really come in to it!