|Date:||February 6, 2006 / year-entry #48|
|Summary:||Earlier, we learned about roaming user profiles, wherein the master copy of the user's profile is kept on a central server (which for the purpose of discussion I will call the "profile server") and is copied around to follow the user as she logs onto computers throughout an organization. In the comments, many people said...|
Earlier, we learned about roaming user profiles, wherein the master copy of the user's profile is kept on a central server (which for the purpose of discussion I will call the "profile server") and is copied around to follow the user as she logs onto computers throughout an organization. In the comments, many people said that what they really want is for the files to be stored in a central location without any copying.
That is what redirected folders gives you. Redirected folders are a way for a domain administrator to specify that selected folders in the user profile (for example, the Desktop, the Start menu, the My Documents directory) are not stored in the user profile but rather on a separate server (which for the purpose of discussion I will call the "folder server"). Note that this feature can be turned on independently of roaming user profiles. Roaming user profiles copies the user profile around; redirected folders let you pull folders out of the user profile. There are four combinations of these two settings, and each of them has its merits. If you've been following along so far, you already see how they interact, but I'll spell it out in pictures this time. The diagrams are color-coded as follows:
For illustration purposes, I've shown only two redirectable folders, although in reality there are plenty more.
The first case is the common case: The profile neither roams nor contains redirected folders. Since there is nothing roamed or redirected, the fact that everything is kept on the local computer is hardly surprising. This is the most common configuration on consumer machines, where there is no IT department running the show.
In this configuration, the profile is still local, but we've redirected the My Documents folder to another location. (Though just to prove a point, I left the Start menu unredirected.) Some people redirect their My Documents to another, presumably much larger, drive on the same machine. Another common configuration in this same model (local profile + redirected folder) consist of redirecting My Documents to a folder server. This alternate configuration might be seen in a corporate network so that each user's documents are kept on a file server that is regularly backed up and has shadow copies enabled so the files can be recovered easily. You might even see it in a home network if you have accounts on multiple machines but want to keep all your documents in a central location. The downside of this arrangement is that if your My Documents server becomes unavailable, you lose access to all your documents.
This is the configuration with a roaming user profile but no redirected folders. As we learned earlier, the master copy of the user profile resides on the profile server. When you log on, the server copy of the profile is pulled down to update the local profile, and when you log off, and changes to the local profile are pushed back to the server. This is the classic roaming profile configuration where all user data lives in the profile. Since the document folders are not redirected, the profile server can go offline and you can still do your work since your documents are cached locally.
In this final configuration, we have enabled both roaming profiles and redirected folders. This is another common corporate configuration since it reduces the amount of copying that happens at logon and logoff but still keeps the user's profile and documents on managed servers so they can be backed up and otherwise centrally administered.
A common gotcha for keeping the files entirely on a folder server is that if the folder server becomes unavailable, you lose access to your documents. This is particularly painful in laptop scenarios where the computer spends a lot of its time not connected to the network that houses the folder server. You can use offline files, however, to make these scenarios much more tolerable.
What is the lesson here?
First, as we already noted when we discussed roaming profiles, one reason why you can't manipulate the profile of a user that is not logged on is that the profile you may happen to find might not be the master copy, and what's worse, modifying the local copy can result in it becoming the master, ultimately resulting in data loss when the two versions are reconciled.
Second, even if you somehow manage to get the user to log on so that the local copy is the master, and even if you are running as local administrator, the user's files may have been redirected to another server where the local computer's administrator account do not have access.
The upshot is that you simply cannot manipulate another user's profile without actually running in the context of that user. You need to be aware of these other scenarios where the user's data is simply not accessible.
<-- Back to Old New Thing Archive Index