Profiles and Redirection

[Ken VdB]

Hi everyone,



I am a software developer. We have, over the years, migrated from a
mainframe platform to a Windows based line-of-business application. As a
result where we once had dumb terminals we now have a LAN that we built over
time.



I have a W2K domain with ~25 workstations all Pentium III or higher. They
are all running Windows XP Pro. I have two servers; one with W2K and the
other W2003. We currently have a couple of laptops and expect to have a few
more. We are using Exchange 2000 and Outlook.



I am primarily a developer, not a network administrator. I am also the only
IT guy who works here I am now rethinking how I should setup my
network. I have a few options as I see it.



Roaming profiles

Redirected folders (group policy)

Home Folder

a.. Local path
b.. map to network drive


What I would love to accomplish is to be able to have anyone logon anywhere
and have access to all their applications and settings, including email. Is
this possible? Or is this a pipe dream?



What is the difference between redirected folders and roaming profiles? Is
not a roaming profile simply a redirection to folder on the server that
contains the user's profile? How do "offline files" fit into this picture?
Also what do I do about profile size? My profile (which is local) can
quickly balloon to over 100 MB.



What is the "home folder" feature for (on the Profile tab in Active
Directory Users and Computers)? Should I provide a path or a path to a
network drive? How is this different from the profile path above it?



What about application distribution? Is there anything that actually works
besides cloning disks?



I know these are general questions but if I could get some pointers in the
right directions as well as your thoughts on best practices that would be
great.

 

[Herb Martin]

Hi everyone,
I am a software developer. We have, over the years, migrated from a
mainframe platform to a Windows based line-of-business application. As a
result where we once had dumb terminals we now have a LAN that we built over
time.

I have a W2K domain with ~25 workstations all Pentium III or higher. They
are all running Windows XP Pro. I have two servers; one with W2K and the
other W2003. We currently have a couple of laptops and expect to have a few
more. We are using Exchange 2000 and Outlook.
I am primarily a developer, not a network administrator. I am also the only
IT guy who works here I am now rethinking how I should setup my
network. I have a few options as I see it.

Roaming profiles

Redirected folders (group policy)

Home Folder

a.. Local path
b.. map to network drive


What I would love to accomplish is to be able to have anyone logon anywhere
and have access to all their applications and settings, including email. Is
this possible? Or is this a pipe dream?

Yes, and yes. It is both possible and something of a pipe dream since
it will never be perfect.

Roaming profiles pretty much solve the problem of "logon anywhere"
as far as "settings" go.

Using Exchange and an offline mail store does pretty well for Outlook.
(Keep most on the server and let Outlook-Exchange handle the replication
of a smaller subset of user mail based on rules that distribute incoming
mail to the correct folders/files.)

What is the difference between redirected folders and roaming profiles?

Is

Sure. The redirected folders are for data store, and the roaming profile is
specifically for the profile or settings information.

not a roaming profile simply a redirection to folder on the server that
contains the user's profile?

Yes.

Technically they work a lot alike (slightly different rules and effects)
but
are conceptual different (and practically somewhat different too) for the
two different categories.

How do "offline files" fit into this picture?

Peripherial (not directly) related. Once could use Offline file (caching)
or OFC for folders like "My Documents" or for any other folder the
user wishes to leave on the server AND take with them when disconnected.

Also, OFC can be managed down to the FILE level, and it offers SOME
ability to share files among multiple users.

Caveat: OFC is NOT suitable for "multi-mastered" files where more
than one person is will (likely) change the file -- it is suitable for
"single writer/multiple readers" cases.

Also what do I do about profile size? My profile (which is local) can
quickly balloon to over 100 MB.

Yes, and it can cause network problems (but you don't have many users)
or slow logon/logoff times if it gets big.

You are only likely with 25 users to be worried about the logon/logoff
problems.

What is the "home folder" feature for (on the Profile tab in Active
Directory Users and Computers)?

A legacy version of the "My Documents" idea -- with less granularity.

It is there to support both legacy systems like NT/9x and legacy programs
which defaulted to this location.

Programmers are now encouraged to use the "My Documents" concepts
for their applications. The benefit is that "My Documents" offer more
granularity (one can redirect all of it, or only certain folders to the
network
while leaving others local, or even directing them to a different server.)

Should I provide a path or a path to a
network drive?

Your choice.

1) On the server: Roaming and central backup are enabled.

2) On the client: disconnecting from the network and having access is
easier,
plus it puts less load on the network and logon/logoff times.

What about application distribution? Is there anything that actually works
besides cloning disks?

Yes, cloning disk images only works to START (initial installation of the
OS and the 'standard' apps) using things like RIS or SysPrep with Ghost.

MSI files distrubuted through a GPO work just fine as long as all machines
are AD-Clients which means Win2000 or above.

You can also use the GPO to 'publish' software (appears in Add Programs
dialog but not automatically installed) that users can select only if they
need that software.

GPO Software packages like this really work.
(and there is limited support [publish only] for legacy apps with no
MSI but only an older "setup..exe" or "install.exe" installation.)

I know these are general questions but if I could get some pointers in the
right directions as well as your thoughts on best practices that would be
great.

If you have no older clients, then prefer to use the My Documents and
other folder redirection over the "home directory" (but you can use both)
and use the GPOs to both deliver software and to provide Logon/Logoff
scripts over the logon script in the profile tab -- best not to mix the two
logon script types unless you really must..

Use the GPO to perform as much of the settings as you can (rather than
invididual profiles), especially things like the Folder Redirection if
you use that.

In your case, it sounds you will use Folder Redirection AND limited
offline file -- both postoffice files and OFC (two different things) to
make sure the laptop users can "take it with them" but most people
can use "any computer."

These are not difficult issues but they are incredibily tedious and
you will almost always find some 'imperfection' in the solution.

Group Policy (including Software installs), Folder Redirection, and
OFC make much of it easy and almost all of it doable.

I am not personally a fan of OFC (the multiple writer problem is the
biggest reason) but it can work if you understand the limitations and
educate your users.