I'm working on converting my users from local machine based profiles to network profiles stored on a centralized fileserver.
The majority of my users are "local", in that they work in the office 75% of the time. I think I will get some resistance from them, but I can minimize the pain using the folder redirection technique.
The real problem is going to be my salespeople, who are in the office 25% of the time, and who really need access to their files. But of course, they really want their files backed up. And of course, they're the most likely to require a loaner machine. Really, I think salespeople might be my problem in general, but that's an entirely different issue.
Anyway, here's the deal. Since my salespeople roam away from the network, they frequently log in using cached credentials, then gain access to network resources via an SSL VPN connection. This seems problematic if I switch them to network-based profiles. They won't have access to many of the profile contents until they connect to the VPN, but they'll probably need something on their network shares (i.e. the contents of their start menu, or desktop?) to do it.
It seems like a catch-22. I know that the profiles attempt to sync at user logoff. If the user is away from the network at logoff, does everything remained cached? When they come back in to the office, will things magically resync and cause a 20 minute login?
What do you do keep your truly roaming users tied into the domain?
Best Answer
We've had great luck with using Offline Files to provide access to redirected "My Documents" folders in just the scenario you describe.
Getting synchronization of those files when the user is connected to the VPN is a bit of a pain (such that a backup can hit those files) because the user will need to be sure that such a synchronization is occurring. Any type of "background" synchronization functionality has proven to be problematic, at best, for us. (Users complain that connectvity is slow, syncs don't happen when they should, etc.) We've resorted to having the users manually initiate Offline Files synchronizations when they are on the VPN.
When the users come back into the office and reconnect to the LAN logon will not be substantially affected unless they haven't been synchronizing their Offline Files while connected to the VPN (and even then, it shouldn't be too bad-- how much data are they making?).
Offline Files in Windows XP gets very "pear shaped" when the user's "My Documents" directory grows over 2GB. Offline Files in Windows Vista and Windows 7 is a lot better for this.
You'll also want to encrypt the Offline Files cache, so read up on using EFS and, specifically, on getting recovery agent keys removed from the client computers.
An aside: The "Desktop" folder is a BIG problem. Users love to save gigs and gigs of crap onto the desktop folder. If you redirect it and use Offline Files all the desktop icons disappear when an Offline Files sync runs under Windows XP. The user has to right-click / Refresh (or press F5 with the desktop window active) to get the icons back. It's a dumb misfeature that's been in every release of Windows XP and it'll probably never be fixed. On one hand, I think that a redirected "Desktop" is the "right thing" because it protects the user's data, but on the other hand it works poorly. You need to decide what's right for you.