Misplaced Pages

Roaming user profile: Difference between revisions

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Browse history interactively← Previous editContent deleted Content addedVisualWikitext
Revision as of 07:17, 22 September 2014 editCodename Lisa (talk | contribs)55,077 edits Limitations of redirection: Deleted entire section. It did not have a single source and is written by someone who was not aware of the Offline Files feature. A poor original research.← Previous edit Latest revision as of 04:46, 29 May 2024 edit undoDavidindia (talk | contribs)Autopatrolled, Extended confirmed users17,595 edits Adding local short description: "A file synchronization concept", overriding Wikidata description "MC doug mzani"Tag: Shortdesc helper 
(94 intermediate revisions by 58 users not shown)
Line 1: Line 1:
{{Short description|A file synchronization concept}}
{{multiple issues|
{{One source|date=January 2008}} {{Refimprove|date=December 2013}}
{{Howto|date=December 2013}}
}}


{| style="width:200px; float:right; border:1px solid #ccc; background:#f9f9f9; font-size:88%; line-height:1.5em; margin:5px;" {| style="width:200px; float:right; border:1px solid #ccc; background:#f9f9f9; font-size:88%; line-height:1.5em; margin:5px;"
|- |-
| colspan="1" | <!-- Table within a table, starts on next line --> || <!-- Table within a table, starts on next line -->
{| align="center" style="border:1px solid darkgray;" cellpadding="0" cellspacing="0" {| style="margin:auto; border:1px solid darkgrey;" cellpadding="0" cellspacing="0"
|- |-
|] |]
Line 57: Line 55:
|} |}
|- |-
| colspan="3"| Folder layout of typical Windows 2000/XP user profile. Normally everything except the items within "Local Settings" are stored on the file server as part of a roaming profile. | colspan="3"| Folder layout of typical Windows 2000/XP user profile. Normally everything except the items within "Local Settings" is stored on the file server as part of a roaming profile.
|} |}


A '''roaming user profile''' is a concept in the ] ] family of ]s that allows users with a ] joined to a ] to log on to any computer on the same network and access their documents and have a consistent desktop experience, such as applications remembering toolbar positions and preferences, or the desktop appearance staying the same. A '''roaming user profile''' is a ] concept in the ] family of ]s that allows users with a ] joined to a ] to log on to any computer on the same domain and access their documents and have a consistent desktop experience, such as applications remembering toolbar positions and preferences, or the desktop appearance staying the same, while keeping all related files stored locally, to not continuously depend on a fast and reliable network connection to a ].


==Method of operation== ==Method of operation==
All Windows operating systems since Windows NT 3.1 are designed from the start to be able to support roaming profiles. Normally, a standalone computer stores the user's documents, desktop items, application preferences, and desktop appearance on the local computer in two divided sections, consisting of the portion that could roam plus an additional temporary portion containing items such as the web browser cache. The ] is similarly divided to support roaming; there are System and Local Machine hives that stay on the local computer, plus a separate User hive (]) designed to be able to roam with the user profile. All Windows operating systems since ] are designed to support roaming profiles. Normally, a standalone computer stores the user's documents, desktop items, application preferences, and desktop appearance on the local computer in two divided sections, consisting of the portion that could roam plus an additional temporary portion containing items such as the web browser cache. The ] is similarly divided to support roaming; there are System and Local Machine hives that stay on the local computer, plus a separate User hive (HKEY_CURRENT_USER) designed to be able to roam with the user profile.


When a roaming user is created, the user's profile information is instead stored on a centralized file server accessible from any network-joined desktop computer. The login prompt on the local computer checks to see if the user exists in the domain rather than on the local computer; no pre-existing account is required on the local computer. If the domain login is successful, the roaming profile is copied from the central file server to the desktop computer, and a local account is created for the user. When a roaming user is created, the user's profile information is instead stored on a centralized file server accessible from any network-joined desktop computer. The login prompt on the local computer checks to see if the user exists in the domain rather than on the local computer; no pre-existing account is required on the local computer. If the domain login is successful, the roaming profile is copied from the central file server to the desktop computer, and a local account is created for the user.
Line 73: Line 71:
When the user returns to the first desktop computer and logs in, the roaming profile is merged with the previous profile information, replacing it. If profile caching is enabled, the server is capable of merging only the newest files to the local computer, reusing the existing local files that have not changed since the last login, and thereby speeding up the login process. When the user returns to the first desktop computer and logs in, the roaming profile is merged with the previous profile information, replacing it. If profile caching is enabled, the server is capable of merging only the newest files to the local computer, reusing the existing local files that have not changed since the last login, and thereby speeding up the login process.


== Limitations ==
===Profile copying limitations===


=== Performance ===
====Roaming reduces network performance====
] ]
Due to the profile copying at login and logout, a roaming profile set up using the default configuration can be extremely slow and waste considerable amounts of time for users with large amounts of data in their account. Due to the profile copying at login and logout, a roaming profile set up using the default configuration can be extremely slow and waste considerable amounts of time for users with large amounts of data in their account.


When Microsoft designed ], the programmers made an explicit decision to store cookies and favorites as tiny individual files less than a kilobyte each, rather than storing this data as a single large consolidated file. Microsoft also stores ] files in the ''Recent'' profile folder, linking to recently opened files and folders. When ] designed ], the programmers made an explicit decision to store cookies and favorites as tiny individual files less than a kilobyte each, rather than storing this data as a single large consolidated file. Microsoft also stores ] files in the ''Recent'' profile folder, linking to recently opened files and folders.


File servers tend to only transfer large files several megabytes in size at the fastest possible network speed. Hundreds of very small files only a kilobyte per file can reduce network performance by 90%. As a profile ages and accumulates hundreds to thousands of cookies, favorites, and Recent items, the login and logout times become progressively slower, even though these files occupy only a few megabytes of profile data. File servers tend to only transfer large files several megabytes in size at the fastest possible network speed. Hundreds of very small files only a kilobyte per file can reduce network performance by 90%. As a profile ages and accumulates hundreds to thousands of cookies, favorites, and Recent items, the login and logout times become progressively slower, even though these files occupy only a few megabytes of profile data.
Line 85: Line 83:
Local caching of the user profile on a desktop computer hard drive can reduce and improve login and logout times, but at the penalty of cluttering up the hard drive with profile data from every cached user who logs in. Local caching is more suitable where people tend to use the same computer every day. Local profile caching is not useful where hundreds to thousands of students need to be able to use any computer across a school or university campus—the cumulative cached data from so many different profiles can consume all available lab computer disk space. Local caching of the user profile on a desktop computer hard drive can reduce and improve login and logout times, but at the penalty of cluttering up the hard drive with profile data from every cached user who logs in. Local caching is more suitable where people tend to use the same computer every day. Local profile caching is not useful where hundreds to thousands of students need to be able to use any computer across a school or university campus—the cumulative cached data from so many different profiles can consume all available lab computer disk space.


====Roaming profiles and WAN links==== ====WAN links====
Users with a roaming profile can encounter crippling logon delays when logging in over a ]. If connected to the domain from a remote site, after authentication, Windows will attempt to pull the user's profile from the location specified in ]. If the location happens to be across a WAN link it can potentially slow the WAN down to a crawl and cause the logon to fail (after a very lengthy delay). Users with a roaming profile can encounter crippling logon delays when logging in over a ]. If connected to the domain from a remote site, after authentication, Windows will attempt to pull the user's profile from the location specified in ]. If the location happens to be across a WAN link it can potentially slow the WAN down to a crawl and cause the logon to fail (after a very lengthy delay).


Users with a roaming profile working from a remote site should login to the machine ''before'' connecting to the network, (so that the machine uses its cached local copy) and connect to the network after logon has completed. Another option is to remove the roaming profile path from Active Directory prior to their departure. This must be done in enough time that the change is replicated to the relevant ] at the remote site. {{clarify|reason=Please explain why (and how)|text=Users with a roaming profile working from a remote site should login to the machine ''before'' connecting to the network, (so that the machine uses its cached local copy) and connect to the network after logon has completed. Another option is to remove the roaming profile path from Active Directory prior to their departure. |date=December 2015}} This must be done in enough time that the change is replicated to the relevant ] at the remote site.


=== Profile size ===
====Not compatible with gigabytes of user files====
Working with large files, such as editing ], can cause excessive login and logout times, as Windows will copy files in the roaming profile to the computer on login and back to the server on logout.
] video editing in a roaming profile generally results in unacceptably slow login times because the video file segments are also copied back and forth from server to desktop. A one-hour 15 gigabyte DV file takes 20 minutes to copy over a 100 megabit LAN connection. If this were present in a roaming profile it would take at least 20 minutes for the user to log in and 20 minutes to log out.


In environments where the large files are not mission-critical and do not absolutely need to be backed up to a server on a per-login basis, the applications requiring such excessively large amounts of user data are instead usually run on a stand-alone local account that does not roam, to bypass these network storage and retrieval problems.
Even for small DV editing projects consisting of several short source clips, each clip still uses 250 megabytes per minute, and typically the source clips are retained when creating the final DV movie project. A small project consisting of four 5 minute clips to generate one 10 minute movie, totals 7.5 gigabytes of DV data, and requires at least 10 minutes to transfer over a 100 megabit network connection before the user's desktop appears and they can begin to do any work.


]) storing temporary files and software updates in the roaming profile. The bloated roaming profile increases login and logout times. The stored updates shown are unnecessary after installation, yet they are not deleted.]]
In a school environment where such editing projects are not mission-critical and do not absolutely need to be backed up on an expensive tape archive system every night, the applications requiring such excessively large amounts of user data are instead usually run on a stand-alone local account that does not roam, to bypass these network storage and retrieval problems.


=== Network congestion ===
]) storing temporary files and software updates in the roaming profile. The bloated roaming profile increases login and logout times. The stored updates shown are unnecessary after installation, yet they are not deleted.]]
In a school environment, roaming can result in severe network congestion and slowness when an entire classroom of students log off computers at the same time, and then within minutes are attempting to log in somewhere else. Inconsistency in account data can result if the students begin to log into the second location before the profile uploading and log out from the first location has finished.


=== Misbehaving programs don't exit ===
====Mass-user logins/logouts cause congestion====
Some programs installed on desktop computers do not properly release control of the User registry during logoff, and can result in corrupted profiles because the User registry copying never successfully completes. To deal with this, Microsoft created a utility known as the ''User Profile Hive Cleanup Service'' which will forcibly remap the ] for these misbehaving programs so that the profile copying can finish successfully and the account logoff is successful.<ref>{{Cite web |url=http://www.microsoft.com/downloads/details.aspx?FamilyId=1B286E6D-8912-4E18-B570-42470E2F3582 |title=User Profile Hive Cleanup Service |website=] |access-date=2010-02-22 |archive-url=https://web.archive.org/web/20060308072005/http://www.microsoft.com/downloads/details.aspx?FamilyId=1B286E6D-8912-4E18-B570-42470E2F3582 |archive-date=2006-03-08 |url-status=dead }}</ref> However, the hung program may remain on the local computer still holding the local cached copy of the User registry in a busy state, until the computer is rebooted.
In a school environment, roaming can result in severe network congestion and slowness when an entire lab of students log off computers at the same time, and then within minutes are attempting to log in somewhere else. Inconsistency in account data can result if the students begin to log in to the second location before the profile uploading and log out from the first location has finished.


=== Synchronization at logoff ===
====Misbehaving third-party programs don't exit====
Some programs installed on desktop computers do not properly release control of the User registry during logoff, and can result in corrupted profiles because the User registry copying never successfully completes. To deal with this, Microsoft created a utility known as the ''User Profile Hive Cleanup Service'' which will forcefully remap the ] for these misbehaving programs so that the profile copying can finish successfully and the account logoff is successful.<ref></ref> However, the hung program may remain on the local computer still holding the local cached copy of the User registry in a busy state, until the computer is rebooted.

====Roaming accounts don't backup until logoff====
The most recent version of a file in a roaming profile without redirection is stored only on the local computer, and stays there until the user logs off, whereupon it transfers to the server. If nightly server backups are done, and a roaming user does not log off for days at a time, their roaming account documents are not being included in the nightly backup. The most recent version of a file in a roaming profile without redirection is stored only on the local computer, and stays there until the user logs off, whereupon it transfers to the server. If nightly server backups are done, and a roaming user does not log off for days at a time, their roaming account documents are not being included in the nightly backup.


Further, if a roaming user uses standby or hibernation to turn off the computer at night, their profile is still not copied to the network. In this manner it is possible for a roaming account's documents to not be backed up for days to weeks at a time, and there is the potential for considerable data loss if the local hard drive suffers a catastrophic failure during these long periods of not logging off the roaming account from the local computer. Further, if a roaming user uses standby or hibernation to turn off the computer at night, their profile is still not copied to the network. In this manner it is possible for a roaming account's documents to not be backed up for days to weeks at a time, and there is the potential for considerable data loss if the local hard drive suffers a catastrophic failure during these long periods of not logging off the roaming account from the local computer.


=== Access conflict ===
====Multiple logins can overwrite each other====
Due to the underlying file copying mechanism from server to desktop, roaming assumes the user account is logged on to only a single computer at a time. Documents in a roaming profile copied down to the local machine have no network awareness of each other, and it is not possible to use ] to alert the user that the file is already open. Due to the underlying file copying mechanism from server to desktop, roaming assumes the user account is logged on to only a single computer at a time. Documents in a roaming profile copied down to the local machine have no network awareness of each other, and it is not possible to use ] to alert the user that the file is already open.


Line 117: Line 113:
* When the second computer logs off, the different document version overwrites the previously saved changes during profile logout. * When the second computer logs off, the different document version overwrites the previously saved changes during profile logout.


=== Compatibility ===
===Folder redirection to improve performance===
Different versions of Windows may employ different incompatible user profile layouts. As such, a user that roams between computers with different operating systems needs separate roaming profiles for each operating system. ] and ] add ".v2" suffix to the user profile folder to isolate it from the user profiles of ] and earlier. Even so, ] advises users not roam between computers running Windows Vista/] and Windows 7/]. User profiles in ]/] and ]/] are also not entirely backward-compatible, although they initially used ".v2" suffix as well. Microsoft later released ]<nowiki/>es and instructions to enable these operating systems to append ".v3" and ".v4" suffixes respectively, segregating them from cross-OS access.<ref>{{cite web|title=Deploy Roaming User Profiles|url=https://technet.microsoft.com/en-us/library/jj649079.aspx|website=]|publisher=]|access-date=22 September 2014|date=19 March 2014}}</ref><ref>{{cite web|title=Incompatibility between Windows 8 roaming user profiles and roaming profiles in other versions of Windows|url=http://support.microsoft.com/kb/2887239|website=Support|publisher=Microsoft|access-date=22 September 2014|date=26 January 2014|edition=3.0}}</ref><ref>{{cite web|title=Incompatibility between Windows 8.1 roaming user profiles and those in earlier versions of Windows|url=http://support.microsoft.com/kb/2890783|website=Support|publisher=]|access-date=22 September 2014|date=18 December 2013|edition=3.0}}</ref><ref>{{cite web|title=Roaming Profile Compatibility - The Windows 7 to Windows 8 Challenge|url=http://blogs.technet.com/b/askds/archive/2013/07/31/roaming-profile-compatibility-the-windows-7-to-windows-8-challenge.aspx|website=Ask the Directory Services Team|publisher=]|access-date=22 September 2014|date=31 July 2013|first=David|last=Beach}}</ref>
To deal with these profile copying problems, it is possible to override the default operation of roaming, and set up user accounts so that certain parts of the profile are accessed by the local computer directly on a central file server rather than copying to the local computer first.<ref>Microsoft TechNet, Windows Server 2008, Group Policy Management, User Folder Redirection, Folder Redirection Overview </ref> This requires that the central server and network are extremely reliable and always available, because if the server is down, users can not access their files from a local cached copy.

== Folder redirection ==
{{Further|Folder redirection}}

To deal with these profile copying problems, it is possible to override the default operation of roaming, and set up user accounts so that certain parts of the profile are accessed by the local computer directly on a central file server rather than copying to the local computer first.<ref>Microsoft TechNet, Windows Server 2008, Group Policy Management, User Folder Redirection, Folder Redirection Overview </ref> If the server goes down, users can still access some files with .


To the end-user, folder redirection generally does not appear to function any differently from using a normal standalone computer. Redirecting the user's My Documents and Desktop to be accessed directly on a file server are the first two big steps for speeding up roaming profiles. However, as 3rd party software have begun to store more and more data in the ''Application Data'' portion of the roaming profile, it has also become useful to redirect that to also be accessed directly on the server. To the end-user, folder redirection generally does not appear to function any differently from using a normal standalone computer. Redirecting the user's My Documents and Desktop to be accessed directly on a file server are the first two big steps for speeding up roaming profiles. However, as 3rd party software have begun to store more and more data in the ''Application Data'' portion of the roaming profile, it has also become useful to redirect that to also be accessed directly on the server.
Line 124: Line 125:
The question may be raised as to why the entire roaming profile can not be accessed directly on the server, and no copying needs to be done at all. The reasoning for this appears to be that certain Microsoft programs running all the time on the client computer can not tolerate the sudden loss of their data folders if the server goes down or the network is disconnected. Some portions must still be copied back and forth before the desktop appears so that these folders are available if the network-redirected folders go down. The question may be raised as to why the entire roaming profile can not be accessed directly on the server, and no copying needs to be done at all. The reasoning for this appears to be that certain Microsoft programs running all the time on the client computer can not tolerate the sudden loss of their data folders if the server goes down or the network is disconnected. Some portions must still be copied back and forth before the desktop appears so that these folders are available if the network-redirected folders go down.


=== Caveats ===
====Redirection limitations of UNC paths====

Some programs do not work properly with redirected profile folders that refer to a UNC file path on a server share: ''\\server\share\username\Application Data'' Some programs do not work properly with redirected profile folders that refer to a UNC file path on a server share: ''\\server\share\username\Application Data''


* Windows Command prompt cannot have a UNC working directory, so ] usually fail. * Unless the registry entry "DisableUNCCheck"=dword:1 is set, Windows' Command Processor cannot have a UNC working directory, so ] usually fail.
* It is not possible to install Microsoft Office ] add ins on a UNC path. (AppData can be a natural place for users to install addins without administration privileges.) * It is not possible to install Microsoft Office ] add-ins on a UNC path. (AppData can be a natural place for users to install addins without administration privileges.)
* ] has been incompatible with Application Data located on a UNC file path since at least version 9.0, which would crash with a runtime error.<ref>Adobe knowledge-base: Runtime error | Roaming Profile workflows | Acrobat, Reader 9 http://kb2.adobe.com/cps/404/kb404597.html</ref> Adobe Reader X (10.0) is partially compatible but will not run in document protection mode on a UNC path. * ] has been incompatible with Application Data located on a UNC file path since at least version 9.0, which would crash with a runtime error.<ref>Adobe knowledge-base: Runtime error | Roaming Profile workflows | Acrobat, Reader 9 http://kb2.adobe.com/cps/404/kb404597.html{{dead link|date=April 2018 |bot=InternetArchiveBot |fix-attempted=yes }}</ref> Adobe Reader X (10.0) is partially compatible but will not run in document protection mode on a UNC path.
* ] 3.3 is similarly incompatible with Application Data on a UNC path, and the software crashes on startup.<ref>bug report, Open Office 3.3 incompatible with redirected Application Data http://openoffice.org/bugzilla/show_bug.cgi?id=115778</ref> A fix has been developed and will be available in an upcoming release. * ] 3.3 is similarly incompatible with Application Data on a UNC path, and the software crashes on startup.<ref>bug report, Open Office 3.3 incompatible with redirected Application Data http://openoffice.org/bugzilla/show_bug.cgi?id=115778</ref> A fix has been developed and will be available in an upcoming release.
* Roaming Profiles and redirection are not supported by ]<ref>https://twitter.com/GuamDon/status/375682900013772801</ref> 2013. * Roaming Profiles and redirection are not supported by ]<ref>{{cite tweet|user=GuamDon|author=Alex Numann|number=375682900013772801|date=5 September 2013|title=@AutoCAD Do I really need to pay for a subscription to get some tech support? Your product doesn't work with network users? Very surprising}}</ref> 2013.


These problems with UNC paths can usually be fixed by having the folders redirected to a drive mapping for the UNC share: These problems with UNC paths can usually be fixed by having the folders redirected to a drive mapping for the UNC share:
Line 137: Line 139:
* AppDir folder redirection to user home directory:N:\Application Data * AppDir folder redirection to user home directory:N:\Application Data
However, use of drive mappings is generally deprecated by Microsoft, and UNC-only redirection paths are the preferred implementation. However, use of drive mappings is generally deprecated by Microsoft, and UNC-only redirection paths are the preferred implementation.
* Application software versions on various machines used with the same profile may need to be kept in sync, with the same options installed, otherwise software configuration files may refer to dynamic libraries or extensions or other resources that are not available on another machine, causing system crash or limited features or corruption of the configuration.
* Installing software under one account may cause software to be only partially functional for other accounts due to the resources being unavailable to other users depending on their access rights to the installer's personal folders.


==Mandatory profiles== ==Mandatory profiles==
{{Expand section|date = September 2014}}

===Folder redirection with mandatory profiles=== ===Folder redirection with mandatory profiles===
Folder redirection may be used with mandatory profiles, and is useful in situations where it is desirable to "lock down" the general desktop appearance but still allow users to save documents to the network. For example, this can be used as a generic account for anyone to use without a password for temporary use. Folder redirection may be used with mandatory profiles, and is useful in situations where it is desirable to "lock down" the general desktop appearance but still allow users to save documents to the network. For example, this can be used as a generic account for anyone to use without a password for temporary use.


Redirecting My ''Documents'' and the ''Desktop'' in a mandatory profile will allow documents to be saved, but at logoff, any changes to the desktop appearance such as the desktop picture, Internet Explorer cookies, Favorites, and the Recent documents opened list are reverted to the original state.<ref>Microsoft MSDN, 2012-06-06, "Mandatory User Profiles", Quote: " a user can modify his or her desktop, but the changes are not saved when the user logs off.", http://msdn.microsoft.com/en-us/library/windows/desktop/bb776895(v=vs.85).aspx</ref> Redirecting My ''Documents'' and the ''Desktop'' in a mandatory profile will allow documents to be saved, but at logoff, any changes to the desktop appearance such as the desktop picture, Internet Explorer cookies, Favorites, and the Recent documents opened list are reverted to the original state.<ref>Microsoft MSDN, 2012-06-06, "Mandatory User Profiles", Quote: " a user can modify his or her desktop, but the changes are not saved when the user logs off.", http://msdn.microsoft.com/en-us/library/windows/desktop/bb776895(v=vs.85).aspx</ref>

Folder redirection with mandatory profiles is accomplished by denying write access to the central copy of the profile. When users log off, they may expect to regularly receive an error that the profile could not successfully be copied back to the server. A user should also be aware that storing data in certain locations may cause their data to be lost. For example, if the desktop is reset every time a user logs on with the mandatory profile's desktop, then although it seems fine to save files on the desktop, when the user logs off, the profile does not get copied to the server, and when the user logs back on, any work saved on the desktop is permanently lost without any advance notice other than the error on logout that the profile could not be copied.


==Setup methods== ==Setup methods==


===Active Directory=== ===Active Directory===
A roaming user profile must first be set up on the ] to which client computers are joined. In ] and later versions, this is set using the ''] Users and Computers'' snap-in. ] and earlier used the ''User Manager for Domains'' program. A user profile location is set on the server and can be customized, as required. When a user logs onto a domain, the roaming user profile is downloaded from the server onto the local computer and applied. When the user logs off, the changes made to the roaming profile are transferred back to the domain controller.


When user <var>U</var> logs into a Windows computer <var>C</var> joined to a domain, then <var>C</var> will consult the following locations to determine if the user has a roaming profile path configured:
Although a roaming user profile may be stored in any shared folder of a computer available inside a local Microsoft Windows network, using the domain controller is recommended because the profile data should be available at any workstation the user tries to log on to. Should the server not be available, the user will still be able to log on using a cached copy of the profile on his workstation, unless the profile is super-mandatory.


# the “Set path for Remote Desktop Services Roaming User Profile” ] for <var>C</var>, if the login is to a terminal server
Enabling roaming profiles for a workstation running Windows NT 4.0, Windows 2000, Windows XP Professional, Windows Vista Business or Ultimate is done by specifying a location on the server where the users' profiles are located; this is done under ''User Manager for Domains'' in Windows NT 4.0 Server and ''Active Directory Users and Computers'' in Windows 2000 and later. Workstations running ] can also have roaming profiles, roaming profiles become available in Windows 9x when a home directory on the network is specified for the user and multiple desktop settings have been enabled under the ''Passwords'' box in the Windows Control Panel.
# the attribute of <var>U</var>'s ] object, if the login is to a terminal server
# the “Set roaming profile path for all users logging onto this computer” group policy for <var>C</var>
# the attribute of <var>U</var>'s ] object


The first of these configuration settings that has a value overrides any later ones. LDAP attributes can be set by a domain administrator, or anyone else who has write access to the respective LDAP user object according to its ]. The value configured as the profile path is typically given as a ] to folder on an ] file server, and the path typically contains the variable “%USERNAME%” to make it specific to the user. The roaming profile for ] users is specified under the "Remote Desktop Services Profile" tab.
Roaming profiles on Windows 95, 98 and Me are all compatible with each other so if a network has mixture of Windows 95 and Windows 98 workstations the same user profile may be used for each workstation. This is also the case with Roaming profiles between Windows NT 4.0, Windows 2000, Windows XP but there may be some compatibility issues due to differences in each version of Windows. Roaming profiles in Windows Vista and Windows 7 are compatible with each other but these versions are not compatible with earlier versions of Windows. A separate profile folder with the extension .V2 will be created when using Roaming profiles with Windows Vista or 7. The easiest solution is to have all workstations running the same version of Windows. (see Compatibility section)


In ] and later versions, a GUI interface for setting the profilePath attribute is available in the ''] Users and Computers'' snap-in. ] and earlier used the ''User Manager for Domains'' program. From many other operating systems, such LDAP attributes can be accessed e.g. with ] command-line tools ldapsearch and ldapmodify (after ]/] authentication).
===Novell eDirectory===
For roaming to work with ] servers, the Novell product "] Desktop Management" needs to be installed on the server, and its associated workstation management package installed on each of the client computers. Within the directory, a ''User Package'' object is created, which enables roaming, specifies where the roaming profile is stored, and also stores any associated group policies for each version of Windows where users will login. The User Package also enables ''Dynamic Local User'', which functions similar to Active Directory, allowing an account created in eDirectory to log in on any desktop computer even if no local account exists in advance, and assigns local account privileges such as User, Power User, or Administrator to the newly created local user account.


When a user logs into a computer joined to a domain, the ] will check the above-mentioned LDAP attributes and group policy files to determine the roaming user profile path. It then calls the function. Microsoft has not documented the precise ] algorithm that this function implements, but it involves comparing for each file found in both the local and the roaming profile the timestamps, to then replace any older file found on the computer. When the user logs off, the Windows shell calls , which applies a similar file synchronization algorithm in the opposite direction, to allow changes made to the roaming profile to migrate back to the location where the user's roaming profile is stored. In addition, since Windows 7, it has possible to specify a group policy “Background upload of a roaming user profile's registry file while user is logged on” to apply this synchronization process to the NTuser.dat file at regular intervals (default is 12 hours). Logging into Windows via OpenSSH for Windows does not load a roaming profile.
The User Package can be associated with a specific user account in the directory, or is associated with an ] that then applies to all user accounts within that OU. The User Package also enables additional ZENworks Desktop Management functions, such as remote view and remote control of the desktop computer, network printers that follow the user from one desktop to the next, and the scheduling of events that are to be run wherever the user is logged in.

=== Windows 95, 98 or Me ===

Workstations running ] can also have roaming profiles, however the users roaming profile files in Windows 9x are stored in the users Home directory even if a separate location for roaming is specified. In order to use roaming profiles in Windows 9x each workstation needs to be set up to have separate profile settings for each user that logs into the local workstation enabled. Enabling separate desktop settings in Windows 9x is enabled under ''Passwords'' in the Windows Control Panel.

Roaming profiles on Windows 95, 98 and Me are all compatible with each other so if a network has mixture of Windows 95 and Windows 98 workstations the same user profile may be used for each workstation. This is also the case with Roaming profiles between Windows NT 4.0, Windows 2000, Windows XP but there may be some compatibility issues due to differences in each version of Windows. Roaming profiles in Windows Vista and Windows 7 are compatible with each other but these versions are not compatible with earlier versions of Windows. A separate profile folder with the extension {{not a typo|.V2}} will be created when using Roaming profiles with Windows Vista or 7. The easiest solution is to have all workstations running the same version of Windows. (see Compatibility section)

===Novell eDirectory/Netware===
For roaming to work with ] servers, the Novell product "] Desktop Management" needs to be installed on the server, and its associated workstation management package installed on each of the client computers. Within the directory, a ''User Package'' object is created, which enables roaming, specifies where the roaming profile is stored, and also stores any associated group policies for each version of Windows where users will login. The User Package also enables ''Dynamic Local User'', which functions similar to Active Directory, allowing an account created in eDirectory to log in on any desktop computer even if no local account exists in advance, and assigns local account privileges such as User, Power User, or Administrator to the newly created local user account. For Windows NT the user profile files are stored in the users home directory under a subfolder for each version of Windows, for example in Windows NT 4.0 the folder will be called "Windows NT 4.0 Workstation Profile" and in Windows XP the folder will be called "Windows NT 5.1 Workstation Profile"

The User Package can be associated with a specific user account in the directory, or is associated with an ] that then applies to all user accounts within that OU. The User Package also enables additional ZENworks Desktop Management functions, such as remote view and remote control of the desktop computer, network printers that follow the user from one desktop to the next, and the scheduling of events that are to be run wherever the user is logged in.


===Windows 3.x=== ===Windows 3.x===
While Windows 3.x does not contain user profiles it was possible for users to have their own personalised desktop in a business environment. Windows 3.x had an administrative setup option which network administrators could use by typing setup.exe /a Windows could then be installed to a network share. Windows setup was then run from each local machine to install a few local files making Windows 3.1 capable of being run over a network. The local files could be saved to a user's home directory on a Novell or Windows NT Domain network allowing the user to have his or her settings roam between machines, the local machine in this scenario did not require a hard drive and could have been booted from a floppy or network card. While Windows 3.x does not contain user profiles it was possible for users to have their own personalised desktop in a business environment. Windows 3.x had an administrative setup option which network administrators could use by typing setup.exe /a Windows could then be installed to a network share. Windows setup was then run from each local machine to install a few local files making Windows 3.1 capable of being run over a network. The local files could be saved to a user's home directory on a Novell or Windows NT Domain network allowing the user to have his or her settings roam between machines, the local machine in this scenario did not require a hard drive and could have been booted from a floppy or network card.


==Resetting a profile==
==Advantages of roaming user profiles==
Occasionally a users profile may need to be reset if the profile becomes corrupt or to resolve an issue with an application, a reset would normally be performed by a systems administrator or helpdesk staff. To perform a reset the affected user needs to log out of the system and then the folder where the users roaming profile is stored on the server is then renamed, the user profile must also be deleted from the local workstation the user logs into otherwise the user will take the locally stored profile on next login. When the profile has been cleared from the local machine when the user logs in a new profile will be generated using the default profile stored on the workstation, when the user logs out the profile will be copied back to the location where the users roaming profile was stored.

==Advantages==
* Enforcement of administrative control by using mandatory user profiles which helps to protect the user's environment from being damaged by the user himself/herself. * Enforcement of administrative control by using mandatory user profiles which helps to protect the user's environment from being damaged by the user himself/herself.
* Users can access their data anywhere in the network with more reliability * Users can access their data anywhere in the network with more reliability
* Easier backup as most data is in one location on the server * Easier backup as most data is in one location on the server


==Disadvantages of roaming user profiles== ==Disadvantages==
*

Each time a user logs into a workstation, all of the files and settings are transferred over the network; the result is that the login process takes longer than if the user were to use a local profile. This is particularly the case if the profile is large in size. The login time may be reduced if the profile is cached as some files can be loaded from the local workstation and by using folder redirection to redirect folders that can grow to a large size, like ], to a network share. Each time a user logs into a workstation, all of the files and settings are transferred over the network; the result is that the login process takes longer than if the user were to use a local profile. This is particularly the case if the profile is large in size. The login time may be reduced if the profile is cached as some files can be loaded from the local workstation and by using folder redirection to redirect folders that can grow to a large size, like ], to a network share.


However, this limitation has been addressed in Windows Server 2008 Active Directory by allowing ] of virtually all folders that were previously stored in a user's profile (including My Music, Favorites, and others) to a centralized and secured network share. This means that a user's roaming profile can easily be reduced to size smaller than 20MB, thus eliminating the long login times that were experienced with previous versions of AD. When using folder redirection and automatic caching of ], all of a user's files and preferences are available offline and synced in a much more efficient manner than previously possible when the computer is reconnected to the network using ] (RDC). However, this limitation has been addressed in Windows Server 2008 Active Directory by allowing ] of almost all folders that were previously stored in a user's profile (including My Music, Favorites, and others) to a centralized and secured network share. This means that a user's roaming profile can easily be reduced to size smaller than 20MB, thus eliminating the long login times that were experienced with previous versions of AD. When using folder redirection and automatic caching of ], all of a user's files and preferences are available offline and synced in a much more efficient manner than previously possible when the computer is reconnected to the network using ] (RDC).


Another problem is related to different set of applications installed on machines, applications stores information into Local Settings and some into the registry, but only the registry is transferred across. It can corrupt application functionality under roaming profile. Another problem is related to different set of applications installed on machines, applications stores information into Local Settings and some into the registry, but only the registry is transferred across. It can corrupt application functionality under roaming profile.

==Incompatibility across Windows releases==
While Windows XP and Windows 2000 profiles are basically similar, Windows Vista and its successor Windows 7 use an entirely different profile structure. Windows 8 again uses a different upgraded format.<ref name="Incompatible"></ref> Thus, a user who switches-desk between any combinations of these systems cannot have personal data transferred automatically, as would normally happen with roaming profiles. Instead, two distinct server-side profiles are created for this user in case of XP vs Vista/7 and unpredictable behavior occurs between Windows Vista/7 and Windows 8, since the latter changes the format.<ref name="Incompatible"/>

This is an important consideration for any site intending to introduce Vista, Windows 7 or Windows 8 computers into an existing Windows 2000/XP or Windows 7 only roaming-profile network. If possible it should be planned that users will not have to migrate regularly between the two classes of OS.

Windows Vista and 7 will get their profile stored on the server with .V2 added (example: \\server\profiles\username.V2). By default Windows 8 and Windows 8.1 will also use the same format as Windows Vista and 7 unless the individual machine has been configured to use a distinct Windows 8 or Windows 8.1 profile.<ref>http://support.microsoft.com/kb/2890783</ref> A distinct Windows 8 profile will use a .V3 extension and Windows 8.1 will use a .V4 extension.


=== Redirected folder sharing === === Redirected folder sharing ===
Line 197: Line 209:


==References== ==References==
{{Reflist}}
<references/>


==External links== ==External links==
* *
* *
* *


{{Windows Components}} {{Windows Components}}

Latest revision as of 04:46, 29 May 2024

A file synchronization concept
This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "Roaming user profile" – news · newspapers · books · scholar · JSTOR (December 2013) (Learn how and when to remove this message)
C:\Documents and Settings\{username}
  Application Data
  Cookies
  Desktop
  Favorites
  Local Settings
    Application Data
    History
    Temp
    Temporary Internet Files
  My Documents
    My Music
    My Pictures
    My Videos
  Recent
  NetHood
  PrintHood
  SendTo
  Start Menu
  Templates
  NTUSER.DAT
  ntuser.dat.LOG
  ntuser.ini
Folder layout of typical Windows 2000/XP user profile. Normally everything except the items within "Local Settings" is stored on the file server as part of a roaming profile.

A roaming user profile is a file synchronization concept in the Windows NT family of operating systems that allows users with a computer joined to a Windows domain to log on to any computer on the same domain and access their documents and have a consistent desktop experience, such as applications remembering toolbar positions and preferences, or the desktop appearance staying the same, while keeping all related files stored locally, to not continuously depend on a fast and reliable network connection to a file server.

Method of operation

All Windows operating systems since Windows NT 3.1 are designed to support roaming profiles. Normally, a standalone computer stores the user's documents, desktop items, application preferences, and desktop appearance on the local computer in two divided sections, consisting of the portion that could roam plus an additional temporary portion containing items such as the web browser cache. The Windows Registry is similarly divided to support roaming; there are System and Local Machine hives that stay on the local computer, plus a separate User hive (HKEY_CURRENT_USER) designed to be able to roam with the user profile.

When a roaming user is created, the user's profile information is instead stored on a centralized file server accessible from any network-joined desktop computer. The login prompt on the local computer checks to see if the user exists in the domain rather than on the local computer; no pre-existing account is required on the local computer. If the domain login is successful, the roaming profile is copied from the central file server to the desktop computer, and a local account is created for the user.

When the user logs off from the desktop computer, the user's roaming profile is merged from the local computer back to the central file server, not including the temporary local profile items. Because this is a merge and not a move/delete, the user's profile information remains on the local computer in addition to being merged to the network.

When the user logs in on a second desktop computer, this process repeats, merging the roaming profile from the server to the second desktop computer, and then merging back from the desktop to the server when the user logs off.

When the user returns to the first desktop computer and logs in, the roaming profile is merged with the previous profile information, replacing it. If profile caching is enabled, the server is capable of merging only the newest files to the local computer, reusing the existing local files that have not changed since the last login, and thereby speeding up the login process.

Limitations

Performance

A roaming profile that is several years old can contain tens of thousands of cookies, which make network login and logout extremely slow, and contribute to file system fragmentation.

Due to the profile copying at login and logout, a roaming profile set up using the default configuration can be extremely slow and waste considerable amounts of time for users with large amounts of data in their account.

When Microsoft designed Internet Explorer, the programmers made an explicit decision to store cookies and favorites as tiny individual files less than a kilobyte each, rather than storing this data as a single large consolidated file. Microsoft also stores shortcut files in the Recent profile folder, linking to recently opened files and folders.

File servers tend to only transfer large files several megabytes in size at the fastest possible network speed. Hundreds of very small files only a kilobyte per file can reduce network performance by 90%. As a profile ages and accumulates hundreds to thousands of cookies, favorites, and Recent items, the login and logout times become progressively slower, even though these files occupy only a few megabytes of profile data.

Local caching of the user profile on a desktop computer hard drive can reduce and improve login and logout times, but at the penalty of cluttering up the hard drive with profile data from every cached user who logs in. Local caching is more suitable where people tend to use the same computer every day. Local profile caching is not useful where hundreds to thousands of students need to be able to use any computer across a school or university campus—the cumulative cached data from so many different profiles can consume all available lab computer disk space.

WAN links

Users with a roaming profile can encounter crippling logon delays when logging in over a WAN. If connected to the domain from a remote site, after authentication, Windows will attempt to pull the user's profile from the location specified in Active Directory. If the location happens to be across a WAN link it can potentially slow the WAN down to a crawl and cause the logon to fail (after a very lengthy delay).

Users with a roaming profile working from a remote site should login to the machine before connecting to the network, (so that the machine uses its cached local copy) and connect to the network after logon has completed. Another option is to remove the roaming profile path from Active Directory prior to their departure. This must be done in enough time that the change is replicated to the relevant Domain Controller at the remote site.

Profile size

Working with large files, such as editing raw videos, can cause excessive login and logout times, as Windows will copy files in the roaming profile to the computer on login and back to the server on logout.

In environments where the large files are not mission-critical and do not absolutely need to be backed up to a server on a per-login basis, the applications requiring such excessively large amounts of user data are instead usually run on a stand-alone local account that does not roam, to bypass these network storage and retrieval problems.

Example of third-party software (Sun Microsystems Java) storing temporary files and software updates in the roaming profile. The bloated roaming profile increases login and logout times. The stored updates shown are unnecessary after installation, yet they are not deleted.

Network congestion

In a school environment, roaming can result in severe network congestion and slowness when an entire classroom of students log off computers at the same time, and then within minutes are attempting to log in somewhere else. Inconsistency in account data can result if the students begin to log into the second location before the profile uploading and log out from the first location has finished.

Misbehaving programs don't exit

Some programs installed on desktop computers do not properly release control of the User registry during logoff, and can result in corrupted profiles because the User registry copying never successfully completes. To deal with this, Microsoft created a utility known as the User Profile Hive Cleanup Service which will forcibly remap the file handles for these misbehaving programs so that the profile copying can finish successfully and the account logoff is successful. However, the hung program may remain on the local computer still holding the local cached copy of the User registry in a busy state, until the computer is rebooted.

Synchronization at logoff

The most recent version of a file in a roaming profile without redirection is stored only on the local computer, and stays there until the user logs off, whereupon it transfers to the server. If nightly server backups are done, and a roaming user does not log off for days at a time, their roaming account documents are not being included in the nightly backup.

Further, if a roaming user uses standby or hibernation to turn off the computer at night, their profile is still not copied to the network. In this manner it is possible for a roaming account's documents to not be backed up for days to weeks at a time, and there is the potential for considerable data loss if the local hard drive suffers a catastrophic failure during these long periods of not logging off the roaming account from the local computer.

Access conflict

Due to the underlying file copying mechanism from server to desktop, roaming assumes the user account is logged on to only a single computer at a time. Documents in a roaming profile copied down to the local machine have no network awareness of each other, and it is not possible to use file locking to alert the user that the file is already open.

Logging onto multiple computers with one account, and opening the same document multiple times on each computer can result in inconsistencies and loss of saved changes if the file is modified on two different computers at the same time:

  • When the first computer with the modified document logs off, the changes are written to the network copy of the profile.
  • When the second computer logs off, the different document version overwrites the previously saved changes during profile logout.

Compatibility

Different versions of Windows may employ different incompatible user profile layouts. As such, a user that roams between computers with different operating systems needs separate roaming profiles for each operating system. Windows Vista and Windows 7 add ".v2" suffix to the user profile folder to isolate it from the user profiles of Windows XP and earlier. Even so, Microsoft TechNet advises users not roam between computers running Windows Vista/Windows Server 2008 and Windows 7/Windows Server 2008 R2. User profiles in Windows 8/Windows Server 2012 and Windows 8.1/Windows Server 2012 R2 are also not entirely backward-compatible, although they initially used ".v2" suffix as well. Microsoft later released hotfixes and instructions to enable these operating systems to append ".v3" and ".v4" suffixes respectively, segregating them from cross-OS access.

Folder redirection

Further information: Folder redirection

To deal with these profile copying problems, it is possible to override the default operation of roaming, and set up user accounts so that certain parts of the profile are accessed by the local computer directly on a central file server rather than copying to the local computer first. If the server goes down, users can still access some files with Offline Files Enhancements.

To the end-user, folder redirection generally does not appear to function any differently from using a normal standalone computer. Redirecting the user's My Documents and Desktop to be accessed directly on a file server are the first two big steps for speeding up roaming profiles. However, as 3rd party software have begun to store more and more data in the Application Data portion of the roaming profile, it has also become useful to redirect that to also be accessed directly on the server.

The question may be raised as to why the entire roaming profile can not be accessed directly on the server, and no copying needs to be done at all. The reasoning for this appears to be that certain Microsoft programs running all the time on the client computer can not tolerate the sudden loss of their data folders if the server goes down or the network is disconnected. Some portions must still be copied back and forth before the desktop appears so that these folders are available if the network-redirected folders go down.

Caveats

Some programs do not work properly with redirected profile folders that refer to a UNC file path on a server share: \\server\share\username\Application Data

  • Unless the registry entry "DisableUNCCheck"=dword:1 is set, Windows' Command Processor cannot have a UNC working directory, so batch files usually fail.
  • It is not possible to install Microsoft Office VSTO add-ins on a UNC path. (AppData can be a natural place for users to install addins without administration privileges.)
  • Adobe Reader has been incompatible with Application Data located on a UNC file path since at least version 9.0, which would crash with a runtime error. Adobe Reader X (10.0) is partially compatible but will not run in document protection mode on a UNC path.
  • OpenOffice.org 3.3 is similarly incompatible with Application Data on a UNC path, and the software crashes on startup. A fix has been developed and will be available in an upcoming release.
  • Roaming Profiles and redirection are not supported by AutoCAD 2013.

These problems with UNC paths can usually be fixed by having the folders redirected to a drive mapping for the UNC share:

  • Drive N: (say) is mapped to \\server\share\userhomedir
  • AppDir folder redirection to user home directory:N:\Application Data

However, use of drive mappings is generally deprecated by Microsoft, and UNC-only redirection paths are the preferred implementation.

  • Application software versions on various machines used with the same profile may need to be kept in sync, with the same options installed, otherwise software configuration files may refer to dynamic libraries or extensions or other resources that are not available on another machine, causing system crash or limited features or corruption of the configuration.
  • Installing software under one account may cause software to be only partially functional for other accounts due to the resources being unavailable to other users depending on their access rights to the installer's personal folders.

Mandatory profiles

This section needs expansion. You can help by adding to it. (September 2014)

Folder redirection with mandatory profiles

Folder redirection may be used with mandatory profiles, and is useful in situations where it is desirable to "lock down" the general desktop appearance but still allow users to save documents to the network. For example, this can be used as a generic account for anyone to use without a password for temporary use.

Redirecting My Documents and the Desktop in a mandatory profile will allow documents to be saved, but at logoff, any changes to the desktop appearance such as the desktop picture, Internet Explorer cookies, Favorites, and the Recent documents opened list are reverted to the original state.

Folder redirection with mandatory profiles is accomplished by denying write access to the central copy of the profile. When users log off, they may expect to regularly receive an error that the profile could not successfully be copied back to the server. A user should also be aware that storing data in certain locations may cause their data to be lost. For example, if the desktop is reset every time a user logs on with the mandatory profile's desktop, then although it seems fine to save files on the desktop, when the user logs off, the profile does not get copied to the server, and when the user logs back on, any work saved on the desktop is permanently lost without any advance notice other than the error on logout that the profile could not be copied.

Setup methods

Active Directory

When user U logs into a Windows computer C joined to a domain, then C will consult the following locations to determine if the user has a roaming profile path configured:

  1. the “Set path for Remote Desktop Services Roaming User Profile” group policy for C, if the login is to a terminal server
  2. the msTSProfilePath attribute of U's LDAP object, if the login is to a terminal server
  3. the “Set roaming profile path for all users logging onto this computer” group policy for C
  4. the profilePath attribute of U's LDAP object

The first of these configuration settings that has a value overrides any later ones. LDAP attributes can be set by a domain administrator, or anyone else who has write access to the respective LDAP user object according to its access-control list. The value configured as the profile path is typically given as a UNC path to folder on an SMB file server, and the path typically contains the variable “%USERNAME%” to make it specific to the user. The roaming profile for Remote Desktop Server users is specified under the "Remote Desktop Services Profile" tab.

In Windows 2000 and later versions, a GUI interface for setting the profilePath attribute is available in the Active Directory Users and Computers snap-in. Windows NT 4.0 and earlier used the User Manager for Domains program. From many other operating systems, such LDAP attributes can be accessed e.g. with OpenLDAP command-line tools ldapsearch and ldapmodify (after SASL/GSSAPI authentication).

When a user logs into a computer joined to a domain, the Windows shell will check the above-mentioned LDAP attributes and group policy files to determine the roaming user profile path. It then calls the LoadUserProfile function. Microsoft has not documented the precise file synchronization algorithm that this function implements, but it involves comparing for each file found in both the local and the roaming profile the timestamps, to then replace any older file found on the computer. When the user logs off, the Windows shell calls UnloadUserProfile, which applies a similar file synchronization algorithm in the opposite direction, to allow changes made to the roaming profile to migrate back to the location where the user's roaming profile is stored. In addition, since Windows 7, it has possible to specify a group policy “Background upload of a roaming user profile's registry file while user is logged on” to apply this synchronization process to the NTuser.dat file at regular intervals (default is 12 hours). Logging into Windows via OpenSSH for Windows does not load a roaming profile.

Windows 95, 98 or Me

Workstations running Windows 95, 98 or Me can also have roaming profiles, however the users roaming profile files in Windows 9x are stored in the users Home directory even if a separate location for roaming is specified. In order to use roaming profiles in Windows 9x each workstation needs to be set up to have separate profile settings for each user that logs into the local workstation enabled. Enabling separate desktop settings in Windows 9x is enabled under Passwords in the Windows Control Panel.

Roaming profiles on Windows 95, 98 and Me are all compatible with each other so if a network has mixture of Windows 95 and Windows 98 workstations the same user profile may be used for each workstation. This is also the case with Roaming profiles between Windows NT 4.0, Windows 2000, Windows XP but there may be some compatibility issues due to differences in each version of Windows. Roaming profiles in Windows Vista and Windows 7 are compatible with each other but these versions are not compatible with earlier versions of Windows. A separate profile folder with the extension .V2 will be created when using Roaming profiles with Windows Vista or 7. The easiest solution is to have all workstations running the same version of Windows. (see Compatibility section)

Novell eDirectory/Netware

For roaming to work with Novell servers, the Novell product "ZENworks Desktop Management" needs to be installed on the server, and its associated workstation management package installed on each of the client computers. Within the directory, a User Package object is created, which enables roaming, specifies where the roaming profile is stored, and also stores any associated group policies for each version of Windows where users will login. The User Package also enables Dynamic Local User, which functions similar to Active Directory, allowing an account created in eDirectory to log in on any desktop computer even if no local account exists in advance, and assigns local account privileges such as User, Power User, or Administrator to the newly created local user account. For Windows NT the user profile files are stored in the users home directory under a subfolder for each version of Windows, for example in Windows NT 4.0 the folder will be called "Windows NT 4.0 Workstation Profile" and in Windows XP the folder will be called "Windows NT 5.1 Workstation Profile"

The User Package can be associated with a specific user account in the directory, or is associated with an organizational unit that then applies to all user accounts within that OU. The User Package also enables additional ZENworks Desktop Management functions, such as remote view and remote control of the desktop computer, network printers that follow the user from one desktop to the next, and the scheduling of events that are to be run wherever the user is logged in.

Windows 3.x

While Windows 3.x does not contain user profiles it was possible for users to have their own personalised desktop in a business environment. Windows 3.x had an administrative setup option which network administrators could use by typing setup.exe /a Windows could then be installed to a network share. Windows setup was then run from each local machine to install a few local files making Windows 3.1 capable of being run over a network. The local files could be saved to a user's home directory on a Novell or Windows NT Domain network allowing the user to have his or her settings roam between machines, the local machine in this scenario did not require a hard drive and could have been booted from a floppy or network card.

Resetting a profile

Occasionally a users profile may need to be reset if the profile becomes corrupt or to resolve an issue with an application, a reset would normally be performed by a systems administrator or helpdesk staff. To perform a reset the affected user needs to log out of the system and then the folder where the users roaming profile is stored on the server is then renamed, the user profile must also be deleted from the local workstation the user logs into otherwise the user will take the locally stored profile on next login. When the profile has been cleared from the local machine when the user logs in a new profile will be generated using the default profile stored on the workstation, when the user logs out the profile will be copied back to the location where the users roaming profile was stored.

Advantages

  • Enforcement of administrative control by using mandatory user profiles which helps to protect the user's environment from being damaged by the user himself/herself.
  • Users can access their data anywhere in the network with more reliability
  • Easier backup as most data is in one location on the server

Disadvantages

Each time a user logs into a workstation, all of the files and settings are transferred over the network; the result is that the login process takes longer than if the user were to use a local profile. This is particularly the case if the profile is large in size. The login time may be reduced if the profile is cached as some files can be loaded from the local workstation and by using folder redirection to redirect folders that can grow to a large size, like My Documents, to a network share.

However, this limitation has been addressed in Windows Server 2008 Active Directory by allowing folder redirection of almost all folders that were previously stored in a user's profile (including My Music, Favorites, and others) to a centralized and secured network share. This means that a user's roaming profile can easily be reduced to size smaller than 20MB, thus eliminating the long login times that were experienced with previous versions of AD. When using folder redirection and automatic caching of offline files, all of a user's files and preferences are available offline and synced in a much more efficient manner than previously possible when the computer is reconnected to the network using Remote Differential Compression (RDC).

Another problem is related to different set of applications installed on machines, applications stores information into Local Settings and some into the registry, but only the registry is transferred across. It can corrupt application functionality under roaming profile.

Redirected folder sharing

Redirected network folders are able to override the separation between 2000/XP and Vista/Win7. For example, both types of profiles can be redirected to use a single Documents folder, and a single Desktop folder, so that the user's account documents are consistent between the two profiles, even if all other account settings will be different.

Redirected sharing of folders such as Application Data may lead to data corruption, since Microsoft did not intend this for their application data to be shared between the different OS versions.

Alternatives

User virtualization programs (such as AppSense) manage user profiles, settings, and data, storing them in a network share or the cloud.

See also

References

  1. "User Profile Hive Cleanup Service". Microsoft. Archived from the original on 2006-03-08. Retrieved 2010-02-22.
  2. "Deploy Roaming User Profiles". TechNet. Microsoft. 19 March 2014. Retrieved 22 September 2014.
  3. "Incompatibility between Windows 8 roaming user profiles and roaming profiles in other versions of Windows". Support (3.0 ed.). Microsoft. 26 January 2014. Retrieved 22 September 2014.
  4. "Incompatibility between Windows 8.1 roaming user profiles and those in earlier versions of Windows". Support (3.0 ed.). Microsoft. 18 December 2013. Retrieved 22 September 2014.
  5. Beach, David (31 July 2013). "Roaming Profile Compatibility - The Windows 7 to Windows 8 Challenge". Ask the Directory Services Team. Microsoft. Retrieved 22 September 2014.
  6. Microsoft TechNet, Windows Server 2008, Group Policy Management, User Folder Redirection, Folder Redirection Overview
  7. Adobe knowledge-base: Runtime error | Roaming Profile workflows | Acrobat, Reader 9 http://kb2.adobe.com/cps/404/kb404597.html
  8. bug report, Open Office 3.3 incompatible with redirected Application Data http://openoffice.org/bugzilla/show_bug.cgi?id=115778
  9. Alex Numann (5 September 2013). "@AutoCAD Do I really need to pay for a subscription to get some tech support? Your product doesn't work with network users? Very surprising" (Tweet) – via Twitter.
  10. Microsoft MSDN, 2012-06-06, "Mandatory User Profiles", Quote: " a user can modify his or her desktop, but the changes are not saved when the user logs off.", http://msdn.microsoft.com/en-us/library/windows/desktop/bb776895(v=vs.85).aspx

External links

Microsoft Windows components
Management
tools
Apps
Shell
Services
File systems
Server
Architecture
Security
Compatibility
API
Games
Discontinued
Games
Apps
Others
Spun off to
Microsoft Store
Categories: