Talk:Roaming user profile

Latest comment: 4 years ago by Markus Kuhn in topic Alternatives?

Offline Folders and Redirection

edit

I notice that this statement "When using folder redirection and automatic caching of offline files, all of a user's files and preferences are available offline and synced ... " is the first mention of the 'offline folder' concept, and it is introduced only in the 'disadvantages' section. If in fact Offline Folders can be combined with Folder Redirection, I believe that deserves a mention in the main body of the article since it is stated that Folder Redirection is incompatible with Laptop users, etc. Steerpike58 (talk) 02:10, 18 November 2010 (UTC)Reply

Agreed. The use of Offline Files makes Folder Redirection fully compatible with laptop users. The article should be updated accordingly. -- Dave Braunschweig (talk) 19:23, 5 June 2013 (UTC)Reply

Alternatives?

edit

Are there alternatives not using Microsoft software? --Bensin (talk) 13:38, 3 August 2008 (UTC)Reply

Oh yes. On networked Unix/Linux workstations, it has been customary and practical since the mid 1980s to have the user's home directory stored on an NFS file server. This way, users are not temped to keep any documents stored on their local disk, which therefore may not even need backup. Advantages of this approach include that login and logout are very fast and there is less likely to be any risk to the data if the user is logged into multiple workstations at the same time. Note that this is much more practical with NFS than with Microsoft's SMB protocol, as NFS is a state-less protocol, i.e. it is possible to reboot NFS servers without forcing any users to log out. The fact that all of a user's files are commonly stored on a network server in distributed Unix/Linux environments makes it far easier there to quickly remotely log into another machine (e.g., via ssh) and find exactly the same working environment there ready. (This is probably one of the reasons why Unix/Linux environments dominate cloud computing, where clumsy workarounds such as roaming user profiles really don't scale well.) Markus Kuhn (talk) 11:48, 15 January 2020 (UTC)Reply

Folder redirection for 2k/xp on Netware / ZENworks 7

edit

While basic roaming works with Novell's ZENWorks Desktop Management 7.x, the group policy files included with Windows XP do not directly include support for folder redirection. These are the *.ADM files located in C:\Windows\Inf\

To work around this limitation, I hacked profile folder redirection into my Novell network by writing my own Group Policy ADM. I am putting this discussion on the article talk page because this is effectively "original research" but it has been thoroughly tested on my Novell Netware 6.5 network running Windows 2000 and XP, from about 2004 to 2010 without any major problems.

ADM writing is an extremely obscure topic and not well documented. Most of this comes from examining Microsoft's own ADMs included with Windows 2000 and XP. (In my descriptions that appear in the Group Policy editor, my newlines (\n) are not handled correctly like Microsoft's newline codes, and I never did find a reason for it. But that part is just a formatting issue and not really important.)

Redirect any folder in a profile

edit

This ADM I wrote allows redirection of everything, if you are so daring to experiment and find out exactly why it is Microsoft doesn't allow all profile folders to redirect. For my own purposes, I've stuck with only using the safe redirections for my network accounts.

This ADM is split into three sections:

  • The four folders Microsoft officially supports for redirection
  • Folders related to Internet Explorer, unsafe for redirection
  • Other folders that are unsafe for direction

Basically, you can redirect whatever you want in the roaming profile, including directories Microsoft has not declared as "safe" to redirect, though such redirections could cause unknown network weirdness and need to be thoroughly tested.

It is interesting to note that folders like "\Cookies\" are not safe to redirect. Why is that? When Windows logs in, you're not running Internet Explorer so what is the problem? It appears to have to do with Microsoft's deep integration of their web browser into the user interface. I tend to believe that the Cookies and History folders are in use sitting at the login prompt, even before the desktop appears.

Custom-written group policy file

edit

Filename: redirect anything 2k-xp.adm

; Redirect any folder in a roaming profile using
; Novell ZENworks Desktop Management 7.x,
; for Windows 2000 and Windows XP
;
; Created by Dale Mahalko, September 3rd, 2007
; Email: dmahalko@gmail.com
; Network Administrator / IT Manager
; Cornell Public School District, Cornell, WI 
; Lake Holcombe Public School District, Holcombe, WI
; 
; +++++++++++++++++++++++++++++++++++++++++++++++
; The following are various resources used in the
; creation of this Group Policy ADM.
; +++++++++++++++++++++++++++++++++++++++++++++++
;
; == Information about this registry location ==
;
; Software\Microsoft\Windows\CurrentVersion\Explorer\
;   Shell Folders
;
; Windows 2000 does not use this subkey. The subkey remains
; in the registry to support programs designed for Windows
; NT 4.0 or earlier.
;
; Windows Server 2003 does not use this subkey. The subkey
; remains in the registry to support programs designed for
; Windows NT 4.0 or earlier.
;
; Do not delete this subkey or its entries from the registry,
; and do not change the values in the entries. These changes
; can cause serious, unexpected results.
;
; References / Windows 2000 Resource Kit:
;   http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/36276.mspx?mfr=true
;
; References / Windows 2003 Resource Kit:
;   http://technet2.microsoft.com/windowsserver/en/library/06eb01d7-ea0f-4f5c-a0f6-2317a9c4b4fa1033.mspx?mfr=true
;
;----------------------------------------
;
; == Information about this registry location ==
;
; Software\Microsoft\Windows\CurrentVersion\Explorer\
;   User Shell Folders
;
; The User Shell Folders subkey stores the paths to Windows
; Explorer folders for the current user of the computer.
;
; The entries in this subkey can appear in both the Shell
; Folders subkey and the User Shell Folders and in both
; HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER. The entries that
; appear in user User Shell Folders take precedence over
; those in Shell Folders. The entries that appear in
; HKEY_CURRENT_USER take precedence over those in
; HKEY_LOCAL_MACHINE.
;
; References / Windows 2000 Resource Kit:
;   http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/36276.mspx?mfr=true
;
; References / FOR WINDOWS 2003 and XP:
;   http://technet2.microsoft.com/windowsserver/en/library/06eb01d7-ea0f-4f5c-a0f6-2317a9c4b4fa1033.mspx?mfr=true
;
;----------------------------------------
; 
; == Usage of ADM keyword "REQUIRED" ==
;
; The following example generates an error if the user does
; not enter a value when required.
;
; PART!!MyVariable    EDITTEXT REQUIRED 
;   VALUENAME ValueToBeChanged 
; END PART
;
;
; == Usage of ADM keyword "EXPANDABLETEXT" ==
;
; Policy keys should include the keyword "EXPANDABLETEXT"
; which causes the data to be stored in a "REG_EXPAND_SZ"
; key.
;
; An expandable data string that is text containing a
; variable to be replaced when called by an application.
; For example, for the following value, the string
; "%SystemRoot%" will replaced by the actual location
; of the directory containing the Windows NT system
; files.    File : REG_EXPAND_SZ : %SystemRoot%\file.exe
;
;
; References / Using Administrative Template Files with Registry-Based
; Group Policy
;   http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/management/gp/admtgp.mspx
;
; References / Definition of Registry Value Types:
;   http://support.microsoft.com/kb/101230
;
;----------------------------------------------
;
; == Version numbers in ADMs and what they mean ==
; 
; #if version >= 4 
;   SUPPORTED !!SUPPORTED_Win2k 
; #endif 
;
; 1.0 - System Policy - Windows 95   
; 2.0 - System Policy - Windows NT 3.x and 4.x 
; 3.0 - Group Policy  - Windows Server 2000 
; 4.0 - Group Policy  - Windows Server 2003 and Windows XP 
; 5.0 - Group Policy  - Windows XP SP2
;
; Using Administrative Template Files with Registry-Based
; Group Policy
;   http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/management/gp/admtgp.mspx
;
;----------------------------------------------- 
;
; == How to redirect user shell folders to a ==
; == specified path by using Profile Maker   ==
;
; http://support.microsoft.com/kb/931087
;
;----------------------------------------------- 
; 

CLASS USER

#if version >= 3   ; for Windows 2000 and newer

CATEGORY "Roaming and Folder Redirection"
POLICY "Safe to redirect"

EXPLAIN "These have been generally approved by Microsoft as safe to redirect and should not cause any problems when redirected.\nIf you make an editing mistake and save your changes, to reset all text fields to default values:\n1. Select Disabled\n2. click Apply\n3. Select Enabled again to edit the fields."
KEYNAME "Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"

PART "Set 'Application Data' folder location to:" EDITTEXT REQUIRED EXPANDABLETEXT
VALUENAME "AppData"
DEFAULT "%USERPROFILE%\Application Data"
END PART

PART "Set 'Windows Explorer Desktop' folder location to:" EDITTEXT REQUIRED EXPANDABLETEXT
DEFAULT "%USERPROFILE%\Desktop"
VALUENAME "Desktop"
END PART

PART "Set 'My Pictures' folder location to:" EDITTEXT REQUIRED EXPANDABLETEXT
DEFAULT "%USERPROFILE%\My Documents\My Pictures"
VALUENAME "My Pictures"
END PART

PART "Set 'My Documents' folder location to:" EDITTEXT REQUIRED EXPANDABLETEXT
DEFAULT "%USERPROFILE%\My Documents"
VALUENAME "Personal"
END PART

END POLICY

POLICY "Possibly Unsafe Internet Explorer redirection"

EXPLAIN "Microsoft doesn't appear to have ever said if these are safe to redirect. As I discovered with Windows 98, redirecting IE doesn't work since IE seems to always be running in the background. Perhaps the situation changed with 2000 and XP but it's not documented as safe anywhere.\nIf you make an editing mistake and save your changes, to reset all text fields to default values:\n1. Select Disabled\n2. click Apply\n3. Select Enabled again to edit the fields."
KEYNAME "Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"

PART "Set 'Internet Explorer Favorites' folder location to:" EDITTEXT REQUIRED EXPANDABLETEXT
DEFAULT "%USERPROFILE%\Favorites"
VALUENAME "Favorites"
END PART

PART "Set 'Internet Explorer Cookies' folder location to:" EDITTEXT REQUIRED EXPANDABLETEXT
DEFAULT "%USERPROFILE%\Cookies"
VALUENAME "Cookies"
END PART

PART "Set 'Internet Explorer Cache' folder location to:" EDITTEXT REQUIRED EXPANDABLETEXT
DEFAULT "%USERPROFILE%\Local Settings\Temporary Internet Files"
VALUENAME "Cache"
END PART

PART "Set 'Internet Explorer History' folder location to:" EDITTEXT REQUIRED EXPANDABLETEXT
DEFAULT "%USERPROFILE%\Local Settings\History"
VALUENAME "History"
END PART

END POLICY

POLICY "Other unknown, possibly unsafe redirections"

EXPLAIN "Microsoft doesn't appear to have ever said if these are safe to redirect. The original programmers may have went overboard in the customization support but may not have followed through completely on the back end to fully support it. Redirect these at your own risk and THOROUGHLY test before subjecting users to your experimentation.\nIf you make an editing mistake and save your changes, to reset all text fields to default values:\n1. Select Disabled\n2. click Apply\n3. Select Enabled again to edit the fields."
KEYNAME "Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"

PART "Set 'Local Application Data' (not stored on network) folder location to:" EDITTEXT REQUIRED EXPANDABLETEXT
DEFAULT "%USERPROFILE%\Local Settings\Application Data"
VALUENAME "Local AppData"
END PART

PART "Set 'Local Settings' (not stored on network) folder location to:" EDITTEXT REQUIRED EXPANDABLETEXT
DEFAULT "%USERPROFILE%\Local Settings"
VALUENAME "Local Settings"
END PART

PART "Set 'Network Neighborhood' folder location to:" EDITTEXT REQUIRED EXPANDABLETEXT
DEFAULT "%USERPROFILE%\NetHood"
VALUENAME "NetHood"
END PART

PART "Set 'PrintHood' folder location to:" EDITTEXT REQUIRED EXPANDABLETEXT
DEFAULT "%USERPROFILE%\PrintHood"
VALUENAME "PrintHood"
END PART

PART "Set 'User's Personal Start Menu - toplevel' folder location to:" EDITTEXT REQUIRED EXPANDABLETEXT
DEFAULT "%USERPROFILE%\Start Menu"
VALUENAME "Start Menu"
END PART

PART "Set 'User's Personal Start Menu - Programs' folder location to:" EDITTEXT REQUIRED EXPANDABLETEXT
DEFAULT "%USERPROFILE%\Start Menu\Programs"
VALUENAME "Programs"
END PART

PART "Set 'User's Personal Program Startup' folder location to:" EDITTEXT REQUIRED EXPANDABLETEXT
DEFAULT "%USERPROFILE%\Start Menu\Programs\Startup"
VALUENAME "Startup"
END PART

PART "Set 'Recently Used Files' folder location to:" EDITTEXT REQUIRED EXPANDABLETEXT
DEFAULT "%USERPROFILE%\Recent"
VALUENAME "Recent"
END PART

PART "Set 'Send-To Shortcuts' folder location to:" EDITTEXT REQUIRED EXPANDABLETEXT
DEFAULT "%USERPROFILE%\SendTo"
VALUENAME "SendTo"
END PART

PART "Set 'Document Templates' folder location to:" EDITTEXT REQUIRED EXPANDABLETEXT
DEFAULT "%USERPROFILE%\Templates"
VALUENAME "Templates"
END PART

END POLICY
END CATEGORY

#endif 

How to install / use

edit

Novell ZENworks Desktop Management 7 uses the Group Policy MMC (Microsoft Management Console) within Windows 2000 or Windows XP to make group policy changes.

1. Put the ADM file on the network in a public folder accessible by all users.

2. Edit the Novell user package, group policy for either Win 2000 or XP.

3. When the Group Policy editor opens, select Administrative Templates in the User Configuration section, go to the Action menu and choose Add/Remove templates, and select this ADM.

4. This is a non-standard ADM and so is hidden by Microsoft by default. Every time you edit the group policies, you need to go to the View menu, to Filtering... and uncheck the box at the bottom that says Only show policy settings that can be fully managed. for this policy section to appear:

  • User Configuration
    • Administrative Templates
      • Roaming and Folder Redirection
        • Safe to redirect
        • Possibly Unsafe Internet Explorer redirection
        • Other unknown, possibly unsafe redirections

5. Redirections in this ADM need to be included in the list of exceptions to stop the copying of the folder in the profile. This is included within Microsoft's group policies, and is found in:

  • User Configuration
    • Administrative Templates
      • System
        • User profiles
          • Exclude directories in roaming profile

This is entered by listing the explicit folder names excluded, with semicolons between entries. The beginning of the exclusions list should be:

Local Settings;Temporary Internet Files;History;Temp

If My Documents, Application Data, and the Desktop are redirected, this line should be extended to read:

Local Settings;Temporary Internet Files;History;Temp;my documents;application data;desktop

My Pictures does not need to be included since it is a subfolder of My Documents and that is already excluded.

6. For this to work properly, the user profile must wait for logon scripts to finish running, so that network share mappings are loaded before the desktop appears.

  • User Configuration
    • Administrative Templates
      • System
        • Scripts
          • Run logon scripts synchronously

7. The Novell user logon script maps the user's home directory to a drive letter, which is used by the folder redirection:

; ****** Do not allow individual user login scripts to run
NO_DEFAULT
; ****** Set the default drive mappings for everyone
MAP ROOT N:=%HOME_DIRECTORY

This is put into the Novell organizational unit logon script for accounts within that OU.

8. For each new user, before they logon for the first time, the redirected folders should be created in their home directory. These do not have to be located in the root of the home directory. To reduce clutter I put them in a folder of their own, in each user's home directory:

  • N:\Windows profile folders\Application Data 2k
  • N:\Windows profile folders\Application Data xp
  • N:\Windows profile folders\Desktop
  • N:\Windows profile folders\My Documents
  • N:\Windows profile folders\My Documents\My Pictures

9. Novell does not support profile ownership, so that checking needs to be disabled, and the profile should still load from the server, whether or not the network link is slow.

  • User Configuration
    • Administrative Templates
      • System
        • User profiles
          • Do not check for user ownership of Roaming Profile folders
          • Do not detect slow network connections

Vista / Win 7 method not determined

edit

I have not yet moved to Vista or Windows 7 using ZENworks Desktop Management 10, so support for doing that has not been explored.

Dale Mahalko -- DMahalko (talk) 04:10, 17 April 2010 (UTC)Reply

edit

One or more portions of this article duplicated other source(s). The material was copied from: http://msdn.microsoft.com/en-us/library/bb776895(VS.85).aspx and http://msdn.microsoft.com/en-us/library/bb776897.aspx. Infringing material has been rewritten or removed and must not be restored, unless it is duly released under a compatible license. (For more information, please see "using copyrighted works from others" if you are not the copyright holder of this material, or "donating copyrighted materials" if you are.) For legal reasons, we cannot accept copyrighted text or images borrowed from other web sites or published material; such additions will be deleted. Contributors may use copyrighted publications as a source of information, but not as a source of sentences or phrases. Accordingly, the material may be rewritten, but only if it does not infringe on the copyright of the original or plagiarize from that source. Please see our guideline on non-free text for how to properly implement limited quotations of copyrighted text. Wikipedia takes copyright violations very seriously, and persistent violators will be blocked from editing. While we appreciate contributions, we must require all contributors to understand and comply with these policies. Thank you. VernoWhitney (talk) 20:30, 19 November 2010 (UTC)Reply