Roaming user profile
Encyclopedia
e align="center" style="border:1px solid darkgray;" cellpadding="0" cellspacing="0"> | |||
C:\Documents and Settings\{username} | |||
Application Data | |||
Cookies | |||
Desktop | |||
Favorites | |||
Local Settings | |||
Application Data | |||
History | |||
Temp | |||
Temporary Internet Files | |||
My Documents | |||
My Music | |||
My Pictures | |||
My Videos | |||
Recent | |||
NetHood | |||
PrintHood | |||
SendTo | |||
Start Menu | |||
Templates | |||
NTUSER.DAT | |||
ntuser.dat.LOG | |||
ntuser.ini |
A roaming user profile is a concept in the Microsoft
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
Windows NT
Windows NT
Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. It was a powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix. It was intended to complement...
family of operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s (and now adopted by Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s such as Ubuntu
Ubuntu (operating system)
Ubuntu is a computer operating system based on the Debian Linux distribution and distributed as free and open source software. It is named after the Southern African philosophy of Ubuntu...
) that allows a user with a computer
Computer
A computer is a programmable machine designed to sequentially and automatically carry out a sequence of arithmetic or logical operations. The particular sequence of operations can be changed readily, allowing the computer to solve more than one kind of problem...
joined to a Windows Server domain
Windows Server domain
A Windows domain is a collection of security principals that share a central directory database. This central database contains the user accounts and security information for...
to log on to any computer on the same network and access their documents and have a consistent desktop experience, such as applications remembering toolbar positions and preferences, or the desktop appearance staying the same.
Method of operation
All Windows operating systems since Windows 2000 are designed from the start to be able to support roaming profiles. Normally, a standalone computer stores the user's documents, desktop items, application preferences, and desktop appearance on the local computer in two divided sections, consisting of the portion that could roam plus an additional temporary portion containing items such as the web browser cache. The Windows registryWindows registry
The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as the applications running on the platform: the kernel, device drivers, services, SAM, user...
is similarly divided to support roaming; there are System and Local Machine hives that stay on the local computer, plus a separate User hive (HKEY CURRENT USER) designed to be able to roam with the user profile.
When a roaming user is created, the user's profile information is instead stored on a centralized file server accessible from any network-joined desktop computer. The login prompt on the local computer checks to see if the user exists in the domain rather than on the local computer; no pre-existing account is required on the local computer. If the domain login is successful, the roaming profile is copied from the central file server to the desktop computer, and a local account is created for the user.
When the user logs off from the desktop computer, the user's roaming profile is copied from the local computer back to the central file server, not including the temporary local profile items. Because this is a copy and not a move/delete, the user's profile information remains on the local computer in addition to being copied to the network.
When the user logs in again on a different desktop computer, this process repeats, copying the roaming profile from the server to the second desktop computer, and then copying back from the desktop to the server when the user logs off.
When the user goes back to the first computer where they had previously logged in, when they login the roaming profile is copied over the previous profile information, replacing it. If profile caching is enabled, the server is capable of only copying the newest files to the local computer, reusing the existing local files that have not changed since the last login, and thereby speeding up the login process.
Additionally, Microsoft includes a feature known as "slow link" detection, which if the network connection is below a certain threshold, the roaming profile is not copied and the user is logged into the local cached copy directly. Though this leaves the user accessing an older copy of their documents, and so may be unproductive for the user.
Roaming reduces network performance
Due to the profile copying at login and logout, a roaming profile set up using the default configuration can be extremely slow and waste considerable amounts of time for users with large amounts of data in their account.When Microsoft designed Internet Explorer
Internet Explorer
Windows Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year...
, the programmers made an explicit decision to store cookies and favorites as tiny individual files less than a kilobyte each, rather than storing this data as a single large consolidated file, such as the bookmark.html file used by Mozilla Firefox
Mozilla Firefox
Mozilla Firefox is a free and open source web browser descended from the Mozilla Application Suite and managed by Mozilla Corporation. , Firefox is the second most widely used browser, with approximately 25% of worldwide usage share of web browsers...
. Microsoft also stores shortcut
Computer shortcut
A file shortcut in Microsoft Windows is a small file containing a target URI or GUID to an object, or the name of a target program file that the shortcut represents. The shortcut might additionally specify parameters to be passed to the target program when it is run. Each shortcut can have its own...
files in the Recent profile folder, linking to recently opened files and folders.
File servers tend to only transfer large files several megabytes in size at the fastest possible network speed. Hundreds of very small files only a kilobyte per file can reduce network performance by 90%. As a profile ages and accumulates hundreds to thousands of cookies, favorites, and Recent items, the login and logout times become progressively slower, even though these files occupy only a few megabytes of profile data.
Local caching of the user profile on a desktop computer hard drive can reduce and improve login and logout times, but at the penalty of cluttering up the hard drive with profile data from every cached user who logs in. Local caching is more suitable where people tend to use the same computer every day. Local profile caching is not useful where hundreds to thousands of students need to be able to use any computer across a school or university campus—the cumulative cached data from so many different profiles can consume all available lab computer disk space.
Roaming profiles and WAN links
Users with a roaming profile can encounter crippling logon delays when logging in over a WANWAN
WAN may refer to:* Wide area network * World Association of Newspapers* Wanborough railway station in England, which has the station code WAN...
. If connected to the domain from a remote site, after authentication, Windows will attempt to pull the user's profile from the location specified in Active Directory
Active Directory
Active Directory is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems. Server computers on which Active Directory is running are called domain controllers....
. If the location happens to be across a WAN link it can potentially slow the WAN down to a crawl and cause the logon to fail (after a very lengthy delay).
Users with a roaming profile working from a remote site should login to the machine before connecting to the network, (so that the machine uses its cached local copy) and connect to the network after logon has completed. Another option is to remove the roaming profile path from Active Directory prior to their departure. This must be done in enough time that the change is replicated to the relevant Domain Controller
Domain controller
On Windows Server Systems, a domain controller is a server that responds to security authentication requests within the Windows Server domain...
at the remote site.
Not compatible with gigabytes of user files
DVDV
DV is a format for the digital recording and playing back of digital video. The DV codec was launched in 1995 with joint efforts of leading producers of video camcorders....
video editing in a roaming profile generally results in unacceptably slow login times because the video file segments are also copied back and forth from server to desktop. A one-hour 15 gigabyte DV file takes 20 minutes to copy over a 100 megabit LAN connection. If this were present in a roaming profile it would take at least 20 minutes for the user to login and 20 minutes to logout.
Even for small DV editing projects consisting of several short source clips, each clip still uses 250 megabytes per minute, and typically the source clips are retained when creating the final DV movie project. A small project consisting of four 5 minute clips to generate one 10 minute movie, totals 7.5 gigabytes of DV data, and requires at least 10 minutes to transfer over a 100 megabit network connection before the user's desktop appears and they can begin to do any work.
In a school environment where such editing projects are not mission-critical and do not absolutely need to be backed up on an expensive tape archive system every night, the applications requiring such excessively large amounts of user data are instead usually run on a stand-alone local account that does not roam, to bypass these network storage and retrieval problems.
Third-party companies don't use it correctly
Many third-party companies do not understand the difference between the roaming part of the profile and the non-roaming temporary section, and so will store their temporary files in the roaming portion, adding megabytes of unnecessary data to the profile and increasing the roaming login and logout times. Some go as far as intentionally storing data in the wrong location, as a method of encouraging the purchase of more expensive "enterprise" versions of their software.Mass-user logins/logouts cause congestion
In a school environment, roaming can result in severe network congestion and slowness when an entire lab of students log off of computers at the same time, and then within minutes are attempting to login in somewhere else. Account data inconsistency problems can result if the students begin to login in the second location before the profile uploading and logout from the first location has finished.Misbehaving third-party programs don't exit
Some programs installed on desktop computers do not properly release control of the User registry during logoff, and can result in corrupted profiles because the User registry copying never successfully completes. To deal with this, Microsoft created a utility known as the User Profile Hive Cleanup Service which will forcefully remap the file handles for these misbehaving programs so that the profile copying can finish successfully and the account logoff is successful. However, the hung program may remain on the local computer still holding the local cached copy of the User registry in a busy state, until the computer is rebooted.Roaming accounts don't backup until logoff
The most recent version of a file in a roaming profile without redirection is stored only on the local computer, and stays there until the user logs off, whereupon it transfers to the server. If nightly server backups are done, but a roaming user does not log off for days at a time, their roaming account documents are not being included in the nightly backup.Further, if a roaming user uses standby or hibernation to turn off the computer at night, their profile is still not copied to the network. In this manner it is possible for a roaming account's documents to not be backed up for days to weeks at a time, and there is the potential for considerable data loss if the local hard drive suffers a catastrophic failure during these long periods of not logging off the roaming account from the local computer.
Multiple logins can overwrite each other
Due to the underlying file copying mechanism from server to desktop, roaming assumes the user account is logged on to only a single computer at a time. Documents in a roaming profile copied down to the local machine have no network awareness of each other, and it is not possible to use file lockingFile locking
File locking is a mechanism that restricts access to a computer file by allowing only one user or process access at any specific time. Systems implement locking to prevent the classic interceding update scenario ....
to alert the user that the file is already open.
Logging onto multiple computers with one account, and opening the same document multiple times on each computer can result in inconsistencies and loss of saved changes if the file is modified on two different computers at the same time:
- When the first computer with the modified document logs off, the changes are written to the network copy of the profile.
- When the second computer logs off, the different document version overwrites the previously saved changes during profile logout.
Folder redirection to improve performance
To deal with these profile copying problems, it is possible to override the default operation of roaming, and set up user accounts so that certain parts of the profile are accessed by the local computer directly on a central file server rather than copying to the local computer first. This requires that the central server and network be extremely reliable and always available, because if the server is down, users can not access their files from a local cached copy.To the end-user, folder redirection generally does not appear to function any differently from using a normal standalone computer. Redirecting the user's My Documents and Desktop to be accessed directly on a file server are the first two big steps for speeding up roaming profiles. However, as 3rd party software have begun to store more and more data in the Application Data portion of the roaming profile, it has also become useful to redirect that to also be accessed directly on the server.
The question may be raised as to why the entire roaming profile can not be accessed directly on the server, and no copying needs to be done at all. The reasoning for this appears to be that certain Microsoft programs running all the time on the client computer can not tolerate the sudden loss of their data folders if the server goes down or the network is disconnected. Some portions must still be copied back and forth before the desktop appears so that these folders are available if the network-redirected folders go down.
Limitations of redirection
Roaming folder redirection is not compatible with laptop users who take their computer home with them. Normally the entire local cached copy of the profile would be available when the laptop is used away from the building network, but with redirection the most important portions are not stored locally and so are unavailable when used away from the network. Microsoft Direct Access system allows users to connect to the building network over a WAN link transparently.Redirecting Application Data and logging on multiple times running the same program on each computer can result in corruption of the application settings, due to multiple programs trying to access the same settings files on the server. Some programs such as OpenOffice.org
OpenOffice.org
OpenOffice.org, commonly known as OOo or OpenOffice, is an open-source application suite whose main components are for word processing, spreadsheets, presentations, graphics, and databases. OpenOffice is available for a number of different computer operating systems, is distributed as free software...
will detect if the preferences are in use somewhere else and alert the user.
Redirection limitations of UNC paths
Some programs do not work properly with redirected profile folders that refer to a UNC file path on a server share: \\server\share\username\Application Data- Adobe Reader has been incompatible with Application Data located on a UNC file path since at least version 9.0, which would crash with a runtime error. Adobe Reader X (10.0) is partially compatible but will not run in document protection mode on a UNC path.
- Open OfficeOpen officeOpen office may refer to:* OpenOffice.org, a free and open source suite of office productivity programs .* OpenOffice.org XML, a deprecated international file format used by earlier versions of OpenOffice.org....
3.3 is similarly incompatible with Application Data on a UNC path, and the software crashes on startup. A fix has been developed and will be available in an upcoming release.
These problems with UNC paths can usually be fixed by having the folders redirected to a drive mapping for the UNC share:
- Drive N: is mapped to \\server\share\userhomedir
- AppDir folder redirection to user home directory:N:\Application Data
However, use of drive mappings is generally deprecated by Microsoft, and UNC-only redirection paths are the preferred implementation.
Folder redirection with mandatory profiles
Folder redirection may be used with mandatory profiles, and is useful in situations where it is desirable to "lock down" the general desktop appearance but still allow users to save documents to the network. For example, this can be used as a generic account for anyone to use without a password for temporary use.Redirecting My Documents and the Desktop in a mandatory profile will allow documents to be saved, but at logoff, any changes to the desktop appearance such as the desktop picture, Internet Explorer cookies, Favorites, and the Recent documents opened list are reverted to the original state.
Active Directory
A roaming user profile must first be set up on the domain controllerDomain controller
On Windows Server Systems, a domain controller is a server that responds to security authentication requests within the Windows Server domain...
to which client computers are joined. In Windows 2000
Windows 2000
Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the...
and later versions, this is set using the Active Directory
Active Directory
Active Directory is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems. Server computers on which Active Directory is running are called domain controllers....
Users and Computers snap-in. Windows NT 4.0
Windows NT 4.0
Windows NT 4.0 is a preemptive, graphical and business-oriented operating system designed to work with either uniprocessor or symmetric multi-processor computers. It was the next release of Microsoft's Windows NT line of operating systems and was released to manufacturing on 31 July 1996...
and earlier used the User Manager for Domains program. A user profile location is set on the server and can be customized, as required. When a user logs onto a domain, the roaming user profile is downloaded from the server onto the local computer and applied. When the user logs off, the changes made to the roaming profile are transferred back to the domain controller.
Although a roaming user profile may be stored in any shared folder of a computer available inside a local Microsoft Windows network, using the domain controller is recommended because the profile data should be available at any workstation the user tries to log on to. Should the server not be available, the user will still be able to log on using a cached copy of the profile on his workstation, unless the profile is super-mandatory.
Enabling roaming profiles for a workstation running Windows NT 4.0, Windows 2000, Windows XP Professional, Windows Vista Business or Ultimate is done by specifying a location on the server where the users' profiles are located; this is done under User Manager for Domains in Windows NT 4.0 Server and Active Directory Users and Computers in Windows 2000 and later. Workstations running Windows 95, 98 or Me
Windows 9x
Windows 9x is a generic term referring to a series of Microsoft Windows computer operating systems produced since 1995, which were based on the original and later modified Windows 95 kernel...
can also have roaming profiles, roaming profiles become available in Windows 9x when a home directory on the network is specified for the user and multiple desktop settings have been enabled under the Passwords box in the Windows Control Panel.
Roaming profiles on Windows 95, 98 and Me are all compatible with each other so if a network has mixture of Windows 95 and Windows 98 workstations the same user profile may be used for each workstation. This is also the case with Roaming profiles between Windows NT 4.0, Windows 2000, Windows XP but there may be some compatibility issues due to differences in each version of Windows. Roaming profiles in Windows Vista and Windows 7 are compatible with each other but these versions are not compatible with earlier versions of Windows. A separate profile folder with the extension .V2 will be created when using Roaming profiles with Windows Vista or 7. The easiest solution is to have all workstations running the same version of Windows. (see Compatibility section)
Novell eDirectory
For roaming to work with NovellNovell
Novell, Inc. is a multinational software and services company. It is a wholly owned subsidiary of The Attachmate Group. It specializes in network operating systems, such as Novell NetWare; systems management solutions, such as Novell ZENworks; and collaboration solutions, such as Novell Groupwise...
servers, the Novell product "ZENworks Desktop Management" needs to be installed on the server, and its associated workstation management package installed on each of the client computers. Within the directory, a User Package object is created, which enables roaming, specifies where the roaming profile is stored, and also stores any associated group policies for each version of Windows where users will login. The User Package also enables Dynamic Local User, which functions similar to Active Directory, allowing an account created in eDirectory to login on any desktop computer even if no local account exists in advance, and assigns local account privileges such as User, Power User, or Administrator to the newly created local user account.
The User Package can be associated with a specific user account in the directory, or is associated with an organizational unit
Organizational Unit
In computing, an Organizational Unit provides a way of classifying objects located in directories, or names in a digital certificate hierarchy, typically used either to differentiate between objects with the same name , or to parcel out authority to create and manage objects In computing, an...
that then applies to all user accounts within that OU. The User Package also enables additional ZENworks Desktop Management functions, such as remote view and remote control of the desktop computer, network printers that follow the user from one desktop to the next, and the scheduling of events that are to be run wherever the user is logged in.
Windows 3.x
While Windows 3.x does not contain user profiles it was possible for users to have their own personalised desktop in a business environment. Windows 3.x had an administrative setup option which network administrators could use by typing setup.exe /a Windows could then be installed to a network share. Windows setup was then run from each local machine to install a few local files making Windows 3.1 capable of being run over a network. The local files could be saved to a user's home directory on a Novell or Windows NT Domain network allowing the user to have his or her settings roam between machines, the local machine in this scenario did not require a hard drive and could have been booted from a floppy or network card.Advantages of roaming user profiles
- Enforcement of administrative control by using mandatory user profiles which helps to protect the user's environment from being damaged by the user himself/herself.
- Users can access their data anywhere in the network with more reliability
- Easier backup as most data is in one location on the server
Disadvantages of roaming user profiles
Each time a user logs into a workstation all of the files and settings are transferred over the network; the result is that the login process takes longer than if the user were to use a local profile, this is particularly the case if the profile is large in size. The login time may be reduced if the profile is cached as some files can be loaded from the local workstation and by using folder redirection to redirect folders that can grow to a large size, like My DocumentsMy Documents
On Microsoft Windows computer operating systems , My Documents is the name of a special folder on the computer's hard drive that the system commonly uses to store a user's documents, music, pictures, downloads, and other files.- Overview :Microsoft first introduced the "My Documents" folder in...
, to a network share.
However, this limitation has been addressed in Windows Server 2008 Active Directory by allowing folder redirection
Folder redirection
In computing, and specifically in the context of Microsoft Windows operating systems, Microsoft refers to Folder Redirection when automatically re-routing I/O to/from standard folders to use storage elsewhere on a network...
of virtually all folders that were previously stored in a user's profile (including My Music, Favorites, and others) to a centralized and secured network share. This means that a user's roaming profile can easily be reduced to size smaller than 20MB, thus eliminating the long login times that were experienced with previous versions of AD. When using folder redirection and automatic caching of offline files, all of a user's files and preferences are available offline and synced in a much more efficient manner than previously possible when the computer is reconnected to the network using Remote Differential Compression
Remote Differential Compression
Remote Differential Compression is a client–server synchronization algorithm that allows the contents of two files to be synchronized by communicating only the differences between them...
(RDC).
Another problem is related to different set of applications installed on machines, applications stores information into Local Settings and some into the registry, but only the registry is transferred across. It can corrupt application functionality under roaming profile.
2000/XP and Vista/Win7 compatibility
While Windows XP and Windows 2000 profiles are basically similar, Windows Vista and its successor Windows 7 use an entirely different profile structure. Thus, a user who switches-desk between the two classes of OS cannot have personal data transferred automatically, as would normally happen with roaming profiles. Instead, two distinct server-side profiles are created for this user.This is an important consideration for any site intending to introduce Vista or Windows 7 computers into an existing Windows 2000/XP roaming-profile network. If possible it should be planned that users will not have to migrate regularly between the two classes of OS.
Windows Vista and 7 will get their profile stored on the server with .V2 added (example: \\server\profiles\username.V2)
Redirected folder sharing
Redirected network folders are able to override the separation between 2000/XP and Vista/Win7. For example, both types of profiles can be redirected to use a single Documents folder, and a single Desktop folder, so that the user's account documents are consistent between the two profiles, even if all other account settings will be different.Redirected sharing of folders such as Application Data may lead to data corruption, since Microsoft did not intend this for their application data to be shared between the different OS versions.
Alternatives
Mylogon - Allows any-user logon to a client computer whilst maintaining the same local settings. May be preferable to Roaming Profiles for small-site networks, data-entry stations and the like.http://www.appsense.com/AppSense
AppSense
AppSense is a privately-held company providing user virtualization technology. AppSense has a US headquarters in New York City and a UK headquarters in Manchester, England. The company also has offices in London, Munich, Melbourne, Amsterdam, Paris and Oslo, and a technology center in Santa Clara,...
User Virtualization
User virtualization
User Virtualization refers to the independent management of all aspects of the user on the desktop. User virtualization solutions provide consistent and seamless working environments across a range of application delivery mechanisms....
] - Solution Description from official AppSense
AppSense
AppSense is a privately-held company providing user virtualization technology. AppSense has a US headquarters in New York City and a UK headquarters in Manchester, England. The company also has offices in London, Munich, Melbourne, Amsterdam, Paris and Oslo, and a technology center in Santa Clara,...
product overview document: "User Virtualization
User virtualization
User Virtualization refers to the independent management of all aspects of the user on the desktop. User virtualization solutions provide consistent and seamless working environments across a range of application delivery mechanisms....
is recognized as the most effective and scalable approach to managing the user component of the desktop.
User Virtualization
User virtualization
User Virtualization refers to the independent management of all aspects of the user on the desktop. User virtualization solutions provide consistent and seamless working environments across a range of application delivery mechanisms....
is an infrastructure technology solution that virtualizes, centralizes, manages and applies the user environment on to a desktop as required. User Virtualization
User virtualization
User Virtualization refers to the independent management of all aspects of the user on the desktop. User virtualization solutions provide consistent and seamless working environments across a range of application delivery mechanisms....
spans all desktops across multiple OS platforms, desktop and application delivery mechanisms, devices and locations.
By separating the user from the desktop and managing it as a separate component, organizations can adopt multi-platform/delivery mechanism desktop environments. AppSense
AppSense
AppSense is a privately-held company providing user virtualization technology. AppSense has a US headquarters in New York City and a UK headquarters in Manchester, England. The company also has offices in London, Munich, Melbourne, Amsterdam, Paris and Oslo, and a technology center in Santa Clara,...
simplifies desktop management overhead, reduces operational costs, improves end user experience and ensure that user settings and corporate policy is applied to set up, configure and personalize a desktop, no matter how that desktop is delivered or where it is hosted."
Liquidware Labs' User Virtualization Management Solution, ProfileUnity - Solution description from official document - "ProfileUnity is a lightweight yet powerful user virtualization management solution. ProfileUnity runs without any software to install on end-point PCs or virtual machines. At logon a managed profile is synched with the local user session in Windows own native format. No databases or additional servers are relied upon, thus keeping cost and complexity low. The solution is scalable to hundreds of thousands of users in a single organization due to its lightweight approach of compressing the user profile, registry, and settings while in storage yet fully uncompressing it in native format on the end-point. Because ProfileUnity uses Windows native format, organizations can use the solution for migration only or leave it installed for heterogeneous Windows desktops to exist."
RES Workspace Manager - Excerpt from the official product description: "With RES Software, your IT team can offer users a work environment that is location and time independent. You can even make the desktop user independent—or better yet, make the user desktop-independent. By separating users from their physical desktop, you can manage changes more easily and give them an optimal experience anytime, anywhere.
RES Workspace Manager lets you pick the level of management and control you want for your organization, today. You can always upgrade as your organization grows or needs new features."