Windows Server 2008 R2 Thread, Mandatory profile vs. Fully loaded GPO/GPP... FIGHT! in Technical; local profiles here. All important stuff is redirected.
Not caused any problems....
4th March 2014, 01:53 PM #16
local profiles here. All important stuff is redirected.
Not caused any problems.
4th March 2014, 02:49 PM #17
Logon times seemingly identical (816kb profile has to go over then network on mandatory).
Originally Posted by zag
profiles on the machine are 50% of the size when mandatory (it's all trivial though as it's 51mb vs 101mb).
Mandatory profiles instantly unload on logoff, presumably there's a way of doing this for local profiles too though but it's not obvious to me at the moment.
Overall i prefer mandatory profiles for the above small advantages, and knowing that they're forced into conformity via the profile, so even if some rogue technician deletes a GP things will still be set to a point.
Prior to the existence of GPPs it was also the only easy way of solving a particular issue where a program wouldn't load without an empty folder in the user profile that students couldn't create(started with a dot), nowadays that's removed and GPP does it on logon though in the specific area that folder is required, but still my point is that it used to be a solution to a problem even if it isn't one anymore. Changing to local from mandatory is such a trivial change that it's not even worth it.
The other reason i use mandatory profiles, is that you know the profile is that way and will forever be that way, and you won't run into issues like this: http://social.technet.microsoft.com/...w7itprogeneral
Last edited by mrbios; 4th March 2014 at 03:11 PM.
4th March 2014, 03:32 PM #18
- Rep Power
Ideally it would be a full image that you are using in production.. in reality you're probably going to want at *least* your core applications (esp. office).
How much configuring do I have to do before I pull the profile from it? I mean should I do all 168 Windows updates? Install AV? Office?
No, don't put any shortcuts/favourites etc into the profile. It should be purely things that can't be easily controlled via GP or will affect first logon. You can push start menu shortcuts down using GPP - the targeting options mean you can configure it to only create a shortcut if that particular piece of software is installed on the computer. I have seen cases where creating shortcuts via GPP can cause slowdown however, mainly because Anti-Virus wants to scan the target of your shortcut (which can be quite bad if it's a network location that you haven't excepted from scanning). An alternative is to use folder redirection (or use GPP to just *copy* a folder full of pre-configured shortcuts).
The last time I needed to change something on our old XP profile, I just browsed to it on the server and dropped the 'web shortcut' and a 'favourite' into the required folders and they appeared... How do you get a shortcut to appear when you tell it you want it to go to c:\Program Files\Office while you are on the server and it tells you that shortcut is invalid because you don't have Office installed on the server...?
Do I put stuff on the Start Menu now? Favourites? Desktop Icons? Or control all of that later via GPO/GPP
Last edited by karlr; 4th March 2014 at 03:36 PM.
5th March 2014, 11:41 AM #19
On with the updates, AV and office install then...
Shame they are not going to release a Service Pack 2 for 7....
6th March 2014, 01:06 PM #20
- Rep Power
This thread's very interesting to me as profiles are a bane of my life. Everyone at the moment has roaming profiles. Perhaps half a dozen times a day I get students that either get almost logged in before before being thrown back out, or whose redirection policy is permanently failing to apply. These faults are both fixed by deleting the profile. In addition we sometimes get very slow logins. haven't got to the bottom of it but profiles may be part of the problem.
We have a very comprehensive set of policies. I suspect too comprehensive, but there's no shortage of nailing down and redirecting going on.
So, I reckon that we need either mandatory policies or none. Now I have to admit that I hadn't heard of the latter - how's that work? If we go for mandatory, given that we have everything in policy, what would you put in that profile? What would be better placed in the profile rather than set by GP?
Setup here is all Win 7 / Server 2008R2.
6th March 2014, 01:20 PM #21
The way I did mine on Windows 7 was to make my base image as a virtual machine then snapshot it just before running sysprep. Then after the image was captured to SCCM I reverted the snapshot to work on the profile. That way you'll be working on a machine that matches the base state of how all your other workstations will be. Personally I'd say do it without AV as the scanning increases the likelihood of problems.
Originally Posted by Koldov
Once done replace the original sysprep file with the basic "copyprofile" one and run sysprep to generate the supported profile. At this point I deviate from the Microsoft guide as they say click the Copy To button and provide a UNC path. With my machine being on virtual (and thus not part of a domain) I found it easier to do the copy to a local folder on the VM then extract it manually (e.g. via the C$ admin share).
Finally copy it to a suitable place on the network and test, worked perfectly for me with Windows 7 and about 220 machines. Boot time from powered off state to working desktop was 1 minute 30 seconds
6th March 2014, 04:47 PM #22
- Rep Power
Do you have "Move the contents of Documents to the new location" enabled for your redirection policies? I have seen cases where this will fail when copying for example "My Music", with an error about security descriptors
Originally Posted by birchanger
Anything that is going to affect their first logon experience should be baked into a mandatory profile. You will still be relying on GP for the vast majority of things however. I'm wondering if "User Experience Virtualization" (UE-V) is any good. Roaming profiles may be bad, but not having personal/app settings synced for roaming users also isn't great..
So, I reckon that we need either mandatory policies or none. Now I have to admit that I hadn't heard of the latter - how's that work? If we go for mandatory, given that we have everything in policy, what would you put in that profile? What would be better placed in the profile rather than set by GP
13th March 2014, 04:31 PM #23
- Rep Power
Mandatory here as well. We started with roaming and it was causing few issues, mainly with logging in - the profile grew and it than took longer to load it. Or sometime it just got corrupted - really annoying. Switched to mandatory and never looked back. Ours in not tiny, around 30MB but lots of software settings embedded in it, like office, serif apps etc.
By jdell in forum Windows Server 2008 R2
Last Post: 20th September 2013, 09:54 AM
By burgemaster in forum Windows Server 2000/2003
Last Post: 18th November 2010, 12:09 PM
By joe90bass in forum Thin Client and Virtual Machines
Last Post: 17th September 2009, 12:18 PM
By maniac in forum Windows
Last Post: 6th October 2007, 04:27 PM
By windy in forum Wireless Networks
Last Post: 7th April 2006, 11:17 AM
Users Browsing this Thread
There are currently 2 users browsing this thread. (0 members and 2 guests)