Some of my users are very frustrated, because their login/logout times are reaching into the minute ranges. We have a few shift workers using the same machine, and invariably, the second shift has to sit around for literally 5-10 minutes while the previous user logs out, and the new user can log in. There is high network traffic at this time, so I assume its copying the user's profile back to the server and vice versa. This time wait goes away if I disable roaming profiles for the user, but then their stuff isn't being backed up because we don't back up each machine.
To solve this, I figured I'd just use a network share instead of a roaming profile. Simple right? In this question: Auto-mapping network drive when a user logs in, it looks like I found a solution, but no dice. Probably because I'm using Windows 7 on the desktop and Windows Server 2008 as the AD server.
Here's the case:
- a) In AD, under the "profile" tab for the user, I've set the profile to load from a network share (e.g. \\nfs\profiles\david)
- b) Also in the "profile" tab, I've set the "Home Folder" to "Connect:", and mapped drive H: to \\nfs\homes\david
- c) I log in to the desktop, and drive H: is correctly mapped, but the user's home folder (and thus desktop, documents, etc.) is still stored on the local machine and copied with every login/logout.
What am I still missing?
Best Answer
The feature you're looking for is folder redirection. This feature, on it's own or in combination with roaming user profiles (I recommend using both) will allow you to keep the largest folders of the user's profiles on the server and speed up logon times.
I also recommend creating the folders and setting the permissions yourself on the destination folders. The OS default method seems buggy brain-damaged to me.
Edit:
My issue with the built-in functionality that allows clients to create the folders is that I stronly prefer not to have a world-writable folder for such a critical purpose (redirected user folders) on my server computers. I'm not sure that Microsoft has ever cleaned up the idiotic "feature" where the client blocks NTFS permission inheritance when it creates the user's folder and applies permission to it, either. I want to be in control of my filesystem permissions, I want inheritance turned on throughout the entire folder hierarchy, and I don't want a world-writable folder laying around on my servers.
I generally redirect "My Documents", "Desktop", and "Application Data". I always disable the idiotic "Grant the user exclusive access..." functionality (since it screws up my NTFS permission inheritance hierarchy). I may do redirection based on group membership if I have multiple destination file server computers and want all my redirection handled in a single GPO... that's more of a GPO design concern than a Folder Redirection configuration issue.
"AppData" redirection has been somewhat problematic. I've had issues with Adobe Reader 9.0 versions and the current Apple iTunes 9.2 versions not working properly when the user has a redirected AppData folders. Still, with the huge proliferation of small files that get created there, leaving "AppData" in the user's roaming user profile isn't an option if you want short logon / logoff times.
Generally I wouldn't exclude any "normal" users from Folder Redirection. Administrative and service account context users would be excluded, typically by being located elsewhere in the OU hierarchy such that the GPO applying Folder Redirection settings doesn't apply. WMI filters aren't useful because Folder Redirection is a user setting, and WMI filters only apply to computers.
Slow links and disconnected computers are good candidates for Offline Files. If a user isn't ever going to be connected to the LAN with high speed I might be apt not to use Folder Redirection at all, but I don't have any situations where that's the case in my current Customer base so I haven't really thought about it. Offline Files works very well in Windows 7 and Windows Vista. It works acceptably in Windows XP if the user's redirected folders are under 2GB in size. Anything more than 2GB and it starts working poorly because of a frustrating signed 32-bit integer size limit on the amount of data that will be automatically cached by Offline Files.