The default behavior for user profiles is practical only for small-to medium-sized organizations. Larger enterprises should store user profile data on a file server, preferably within a Distributed File System (DFS) namespace.
Redirecting a user's profile to a file server isn't too difficult. You can instruct Windows about the profile's new location through Group Policy settings. The trick is that in Windows Server 2008 R2, Microsoft rebranded Terminal Services as Remote Desktop Services. In doing so, the company also changed the names and locations of some of the required Group Policy settings. Therefore, if your domain controllers (DCs) are running Windows Server 2008, and the Active Directory schema has not been extended to support Windows Server 2008 R2, then you would use one set of Group Policy settings -- anyone running Windows Server 2008 R2 will have to use different settings. Both sets of settings are described below.
The first step in getting a handle on user profiles is to specify an alternate location for them.
In Windows Server 2008, navigate through the Group Policy Management Editor to Computer Configuration | Policies | Administrative Templates | Windows Components | Terminal Services | Terminal Server, and enable Set Path For TS Roaming User Profiles.
In Windows Server 2008 R2, this setting is located at Computer Configuration | Policies | Administrative Templates | Windows Components | Remote Desktop Services | Remote Desktop Session Host | Profiles. Enable Path For Remote Desktop Service Roaming User Profile.
After this setting is enabled, Windows creates a folder that matches each user's account name. The profile is stored within subfolders beneath the user's home folder. The specified location should be entered in Universal Naming Convention format. It should not include the %username% variable since Windows creates the user folders on its own. Furthermore, everyone must have rights to access the shared folder.
In addition, consider enabling Set Remote Desktop Services User Home Directory. This settings allows you to specify the location to be used by user's home directories.
Although some folders are a part of the user's profile, profile redirection and folder redirection are two different things. Folder redirection is used to redirect user's data folders to a network location. This is important because folders such as Documents can become quite large. If redirection is not used, then these folders have to be copied every time the user logs on. Redirecting the folders to a network share eliminates the copy process and expedites logon and logoff times.
Group Policy also controls fold redirection. The same policy settings are used in both Windows Server 2008 and Windows Server 2008 R2, and they can be found under User Configuration | Policies | Windows Settings | Folder Redirection.
If you're already performing profile redirection and want to use the same location for redirecting folders, then you have to do so in a way that prevents potential conflicts. The easiest way to do this is to use the Redirect to the Following Location option for each folder. You can then include the %username% variable within the path (\\server\share\%username%) to ensure that the folder is placed within the user's profile.
While redirecting Windows profiles isn't difficult, make sure your chosen destination has sufficient resources and that the specified server can't become a single point of failure if the server malfunctions.
ABOUT THE AUTHOR
Brien M. Posey, MCSE, has received Microsoft's Most Valuable Professional Award four times for his work with Windows Server, IIS and Exchange Server. He has served as CIO for a nationwide chain of hospitals and health care facilities and was once a network administrator for Fort Knox. You can visit his personal website at www.brienposey.com.
This was first published in April 2010