Roaming Profile Best Practices

<< "Enumerate target servers failed" when attempting to modify or delete maintenance plan | Home | Roaming Profile Best Practices >>

Roaming Profile Best Practices

Why in the world are you using roaming profiles? It's generally a bad idea, so don't do it unless you have to. Why? Because the database which is your user hive (HKeyCurrentUser in the registry) is saved up to the network and then down to your hard drive on each logoff and logon event, respectively. If anything goes wrong during the file transfer operation, the database (ntuser.dat) gets corrupt, and you need to either restore from backup or start from scratch.

Ok, that said, of course a lot of people use it, including me. There are good business reasons to do it in many situations, including ours. I wanted to give you some tips you won't easily find at Microsoft.

(e.g. http://technet2.microsoft.com/windowsserver/en/library/ede493f2-0327-4e65-879c-c952427578821033.mspx; http://technet.microsoft.com/en-us/library/bb490855.aspx)

Also, most of the documentation assumes you have full access to modify GPO settings willy-nilly. The documentation also usually assumes you're an idiot. Not Microsoft's fault - they have to write for everyone; I'm only addressing the geeks among us who actually have to make this crazy idea work.

The special pain you'll be dealing with in addition to the ntuser.dat corruption error (no way around it unless you use mandatory profile) is the fact that by default, all the contents of C:\Documents and Settings\<username> are copied to the network at every logoff event, then the directory on the hard drive is deleted. At logon, the directory is copied back to the user's hard drive. These directories can get pretty full of data, which makes logon times increase quite a bit.

You should be able to find on the white papers information about folder redirection. I'm sure this works great with a GPO, but I can't use that to do it. What you can do instead is to compile a registry update for your clients which forces redirection on most folders.

Please be aware that you can't redirect all the folders. Specifically, you can't redirect either root\Application Data nor root\Local Settings\Application Data. I'll address what to do with those in a moment.

You need to set up a different server to hold the redirected folders. This will be the user's personal drive space - I suggest using the "Home Folder" option within Active Directory. We'll call it the P: drive, for Personal.

It's easy enough to redirect My Documents; Right-Click My Documents --> Properties --> Target --> Move. That will save you plenty.

*Obligatory warning here - Modifying your registry can cause catastrophic data loss. Don't do this on a system you can't afford to lose, and don't mess with settings you don't yet fully understand.

The other settings you can set by modifying the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

There is a sister key. I'm not sure what it does, except hold the previous settings. You may have to mess with this, too:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

You'll notice in this key there are values for the two directories I just said you can't redirect, Application Data and Local Settings\Application Data. Don't you believe it. Go ahead and try to change them; let me know if you get it to work without errors.

Also, don't touch the Fonts value - you could very well render your Windows installation unusable, as the Explorer shell (the UI) needs to get to fonts in order to render windows.

After migrating (IE) Cache to another directory on my hard drive, I was able to migrate the following successfully to my P: drive: Cookies, Desktop, Favorites, SendTo, Start Menu, Templates, Programs, Startup, Local Settings, History, My Pictures, My Music, My Video, Administrative Tools.

Now, when I log in, instead of all those files going back and forth, only the two unmovable directories need to be copied over, instead of everything.

Those two directories will still give you trouble, in that there are a couple of applications which love to write cache files to those directories. You need a script to run against your profile server to eliminate the contents of these folders regularly. Otherwise, logon, logout, and backup times just get too long. These directories are:

root\Application Data\Microsoft\CryptnetUrlCache\Content\. /f /q
root\Application Data\Microsoft\Office\Recent\. /f /q
root\Application Data\Sun\Java\Deployment\cache /s /q (RD)
root\Application Data\Macromedia /s /q (RD)
root\Cookies\. /f /q
root\Oracle Jar Cache\. /f /q
root\*.tmp /s /f /q

Here's a script for you. You can either use a UserList.txt file in the same directory as this batch job, with the directory names of the persons' profiles to be updated, or you can be a little more self-assured and just run it off the current dir /b output. Up to you. The syntax of the UserList.txt file needs to have no spaces, and a standard CR/LF at the end of each data element.

I made it small so the command lines don't wrap inconveniently.

@echo off
REM By Tom Kretzmer http://geekswithblogs.net/HammerTips
set CurrentDirectory=%cd%
c:
net use x: /delete
net use x: <share of profiles>
x:
REM ******Brave method****** FOR /F %%i IN ('dir x:\ /b') DO call :RunScript %%i
FOR /F %%i IN (%CurrentDirectory%\UserList.txt) DO call :RunScript %%i
c:
REM ===Keep adding for each share location=========================
net use x: /delete
net use x: <another share of profiles>
x:
REM ******Brave method****** FOR /F %%i IN ('dir x:\ /b') DO call :RunScript %%i
FOR /F %%i IN (%CurrentDirectory%\UserList.txt) DO call :RunScript %%i
c:
net use x: /delete
goto end
REM ===Get to the meat of the script=========================
:RunScript
echo on
if not exist x:\%1\. goto end
cd x:\%1
del /as "x:\%1\Application Data\Microsoft\CryptnetUrlCache\Content\*.*" /f /q
del "x:\%1\Application Data\Microsoft\Office\Recent\*.*" /f /q
rd "x:\%1\Application Data\Sun\Java\Deployment\cache" /s /q
rd "x:\%1\Application Data\Macromedia\Flash Player" /s /q
del "x:\%1\Cookies\*.*" /f /q
del "x:\%1\Oracle Jar Cache\*.*" /f /q
del "x:\%1\*.tmp" /s /f /q
cd..
@echo off
goto End
REM ============================
:End

I have found this cuts out about 1/3 of data by number of bytes, 1/2 by number of files.

This has been very helpful in our environment. I hope it helps in yours.

Thanks,

Tom Kretzmer

Print posted @ Wednesday, May 28, 2008 3:31 PM

Feedback

# re: Roaming Profile Best Practices

thanks so much for the info. good information and I appreciate it and will use it in our roaming profiles!!

One additional question, when deleting the ...\office\recent\... shortcuts, is there a way to conditionally delete them, based on last date modified being older than say, 30 days? This way the user still has their recent, but it doesn't go on forever. I cannot use last date accessed because when backup runs it changes all of the date accessed to the time stamp of the backup.

Thanks again!
Lynn 9/24/2008 5:52 PM | Lynn

# re: Roaming Profile Best Practices

Watch for word wrap:

Here is a script I wrote toi clean recent docs that are older than 2 weeks. You should be able to adapt for your needs

Option Explicit

On Error Resume Next

'-------------------------------------------------------------------------------------------------------------------
'
'*** RecentDocsCleaner v1.0.0
'
'*** Created by Yogi
'*** Created: 16 Jan 2007
'
'
'*** Purpose: Performs a recursive find on a given path (i.e. "D:\profiles"), it searches for any folder named
' Recent. Once in that folder it deletes all .lnk files that are older than two weeks.
'
'
'-------------------------------------------------------------------------------------------------------------------

'*** Variable declaration
Public i, intFileSize
Dim objFileSystem
Dim strExt, strLogFile, strPath, strLogFilePath
Dim x, Elapsed

'*** variable initialization
Set objFileSystem = CreateObject("Scripting.FileSystemObject") '*** Create File System Object
strPath = "D:\Profiles" '*** Search path
strExt = "lnk" '*** File Extension to search for
strLogFilePath = "D:\Admin Logs\RecentDocsCleaner\" & FormatDateTime(Date(), 1) & " - RecentDocsCleaner.log"
'*** Set the Log File's Path & Name
Set strLogFile = objFileSystem.CreateTextFile(strLogFilePath, True) '*** Create the Log file

'*** Write the file
strLogFile.writeline "Start Time: " & Now()

'*** Call the search function
call DoSearch(strPath, strExt)

strLogFile.writeline i & " Recent Documents Links have been deleted" & vbtab & intFileSize & _
" bytes (" & Round(intFileSize/1048576,2) & " MB) have been recovered"
strLogFile.writeline "Stop Time: " & Now()
strLogFile.Close

'*** Cleanup
Set strLogFile = Nothing

'+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Function DoSearch(strPath, strExtName)

'*** Variable declaration
Dim strSubpath, s1, strList, s
Dim intExt
Dim objFolderPath, objFile, objFiles, objSubFolders, objFolder

'*** variable initialization
Set objFolderPath = objFileSystem.GetFolder(strPath)

If right(strPath,6) = "Recent" Then
Set objFiles = objFolderPath.Files
If objFiles.count > 0 Then
For Each objFile in objFiles
If UCase(Right(objFile.name, Len(strExtName))) = UCase(strExtName) And objFile.DateCreated < Date-14 Then
i = i + 1 '*** File counter
'*** The minimum unit allocation size on the target drive is 4096 bytes.
'*** Even though shortcuts are actually < 1024 bytes, they consume 4096 bytes of disk space.
intFileSize = intFileSize + 4096
objFile.Delete '*** Delete the file(s) found
End if
Next

End If
End if

Set objSubFolders = objFolderPath.SubFolders

If objSubFolders.count > 0 Then
For Each objFolder in objSubFolders
strSubpath = objFolder.Path
s1 = dosearch(strSubpath, strExtName)
If Not s1 = vbNullString Then
strList = strList & s1
End If
Next
End If

'*** Cleanup
Set objSubFolders = Nothing
Set objFiles = Nothing
Set objFolderPath = Nothing
Set objFile = nothing
Set objFolder = nothing

DoSearch = strList

End Function 2/17/2009 4:14 PM | Yogi_Bear_79

# re: Roaming Profile Best Practices

Currently at work we use roaming profiles. We have been discussing the idea of reverting back to local profiles. What issues can I expect? 5/10/2009 7:02 PM | Larcanne Allen

# re: Roaming Profile Best Practices

If you just delete these files off the server, won't they just re-appear as the users log off/on? If I incorporated the deleting of these files in their logon script, it would delete them off of both over time. Would that be a better approach? 6/19/2009 11:27 AM | Jim A. Fieser

# re: Roaming Profile Best Practices

The script below we run as a scheduled task each night. We have around 1000 users in our Farm, but have tested up to 5000 users. I run it every night.

----------------------------------------------

option explicit

Dim sPath 'Base Profile Path
Dim dCookies 'Days to Keep Cookies
Dim dRecents 'Days to Keep Microsoft Recents
Dim dCryptnet 'Days to Keep CryptnetUrlCache

'####### Script Variable Below
'####### CHANGE AS NEEDED

sPath = "RoamingProFilePath" <<< Change!!!!
dCookies = 7 'Days to Keep Cookies
dRecents = 15 'Days to Keep Recents
dCryptnet = 7 'Days to Keep CryptnetUrlCache

'###### Subs 'n Functions Below
'###### DO NOT CHANGE

Dim oFileSystem
Dim fso
Dim oFolders
Dim oSubFolder
Dim colSubFolders
Dim oCookies
Dim oFile
Dim oRecent
Dim oCryptnet

Set fso = createobject("Scripting.FileSystemObject")

Set oFolders = FSO.GetFolder(sPath)

set colSubFolders = oFolders.subfolders

On Error Resume Next

for each oSubFolder in colSubFolders

'###############
'### Cookies ###
'###############

'wscript.echo osubfolder '### testing purposes only ###

set oCookies = fso.GetFolder(oSubFolder & "\cookies")

for each oFile in ocookies.files

If DateDiff("d", oFile.DateLastModified,Now) > dCookies Then
If right(oFile.Name,4) = ".txt" then
'Wscript.echo oCookies & "\" & oFile.Name '### testing purposes only ###
oFile.Delete(True)
End If
End If
Next
set oFile = Nothing

'###############
'### Recents ###
'###############

set oRecent = fso.GetFolder(oSubFolder & "\Application Data\Microsoft\Office\Recent")

for each oFile in oRecent.files

If DateDiff("d", oFile.DateLastModified,Now) > dRecents Then
If right(oFile.Name,4) = ".LNK" then
'Wscript.echo oRecent & "\" & oFile.Name '### testing purposes only ###
oFile.Delete(True)
End If
End If
Next
set oFile = Nothing

'########################
'### CryptnetUrlCache ###
'########################

set oCryptnet = fso.GetFolder(oSubFolder & "\Application Data\Microsoft\CryptnetUrlCache\Content")

for each oFile in oCryptnet.files

If DateDiff("d", oFile.DateLastModified,Now) > dCryptnet Then
'Wscript.echo oCryptnet & "\" & oFile.Name '### testing purposes only ###
oFile.Delete(True)
End If
Next
set oFile = Nothing

Next 9/9/2009 12:13 AM | Alexander Bingham

Hammer Blog