All the users configuration ends up in his profile. Whenever a user logs in or out on a machine the whole profile directory gets copied back and forth between the server. This is nice for disconnected operation. But since we run our desktops on a network this has no real advantages except making things SLLLLLOOOOOOW.
Fortunately windows allows you to redirect most things which are located in the profile to other places. This is called Folder Redirection. In the GPO editor you even find a plug-in where you can define the location for (only) 4 folders. Well there are many more in the users profile directory, just have a look. In the registry we find:
HKEY_CURRENT_USER
\Software\Microsoft\Windows
\CurrentVersion\Explorer
\User Shell Folders
This key contains a long list of folders which can be redirected. By default all these entries point to folder in:
%USERPROFILE%\...
as expected. Logon time can be improved massively by moving as much material as possible out of the profile into a directory which gets shared from the server. In our setup we keep these folders a special subdirectory in the users home share called Windows Config. So we change the Folder Redirection settings to:
%LOGONSERVER%\home\%USERNAME%\Windows Config\...
Note: If you have a setup with several LOGONSERVERs, this approach will not do as the users home directories will not be on all servers. You may want to assign a drive letter to the users home in the account settings (not in the logon script) and then redirect to this drive letter.
Only the Local Settings and Temp directories should remain in the profile. By default these folders do not get roamed. They stay local on each machine and are therefor no problem for us. They can even be removed if space is tight and will get recreated when the user logs in again. The folders that do not get roamed are controlled by:
HKEY_CURRENT_USER
\Software\Microsoft\Windows NT
\CurrentVersion\Winlogon
"ExcludeProfileDirs" =
"Local Settings;Temporary Internet Files;History;Temp"
The only thing that remains in the users profile is the registry database: ntuser.dat.
We have defined a home directory for each user in his active directory account and have set the profile path to
%LOGONSERVER%\home\%USERNAME%\profile
Now we have a second directory in every users home:
%LOGONSERVER%\home\%USERNAME%\Windows Config
Note, that we have chosen to redirect My Documents to
%LOGONSERVER%\home\%USERNAME%\data
To make sure it stays separate from the application configuration data.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment