Manage Learn to apply best practices and optimize your operations.

Prepare and protect user profiles before virtualizing your desktop

User profiles are one of the most important aspects of a desktop. Before you can virtualize, though, you need to take some steps to protect those profiles. Learn how in this tip.

There are three items that make up a desktop: the desktop operating system (OS), the applications the user requires and the user's data and preferences. These are the three key items you need to prepare and protect when you move to a virtual desktop infrastructure.

While each has its own peculiarities, the most important of the three -- at least from a user's perspective -- is the user profile.

Traditionally, the user profile is stored within the confines of the desktop and because of this, it's not highly available and is trapped on the desktop itself. If the desktop dies, then so does the user's profile because they are often on the same disk drive. However, Windows includes several different technologies that are designed to achieve two specific goals in regards to user profiles:

  • The first is to move the profile from within the local desktop and store it on a network shared folder. This move is automatic and occurs through a process that is completely transparent to the end user.

  • The second is to provide profile mobility, letting the user access his or her preferences, data and application configurations from any desktop in the organization.

These two goals should be part of each and every virtual desktop infrastructure. By storing profiles outside of local desktops, you ensure that your users are able to work with any desktop in the organization (see Figure 1). Then, when you move from physical to virtual desktops, your implementation team does not need to be concerned about the migration or the retention of user data since it is already taken care of by Windows' own capabilities.

Figure 1
Maintaining the user profile outside the local desktop lets users work with any desktop.

Windows manages remote desktop profiles through two technologies. The first, roaming profiles, is a function of the user account within Active Directory. Basically, you tell Windows to store the user's profile on a network share instead of on the local desktop. The first time the user logs in, the profile is generated and stored on the network. If the user already has a profile when you assign roaming profiles, then the profile is moved from the local system to the network.

However, there are issues with roaming profiles. The most significant is that the Windows session will not open until the profile has been completely downloaded from the server. Because of this, you will want to marry roaming profiles with another Windows technology, folder redirection. Folder redirection -- also assigned through Active Directory, but this time through the Group Policy feature -- silently redirects local folder contents contained in the user profile to a network share.

The difference between folder redirection and roaming profiles is that with folder redirection, Windows does not need to create a local copy of all of a folder's content to let the user work. This significantly reduces the delay in opening the user session. On the other hand, folder redirection alone does not protect 100% of the user's profile. You use both together by excluding all of the redirected folders from the user's roaming profile.

By combining both technologies, you reduce the time it takes to open a session, yet you provide complete protection for user contents. Best of all, you can implement these technologies at any time, even before moving to VDI. That way, you reduce the risk of having one of the three desktop construction points block your move to virtual desktops.


For a complete description of how to move local profiles to a combined roaming profile/folder redirection strategy, look up Chapter 8: Working with Personality Captures from the free Definitive Guide to Vista Migration.

Table of Contents
- Tip 1: Verify device support in your hypervisor
- Tip 2: Identify desktop virtualization audiences
- Tip 3: Prepare and protect user profiles before virtualizing your desktop
- Tip 4: Use application virtualization before moving to VDI
- Tip 5: Lock down systems by switching to a VDI technology

Danielle Ruest and Nelson Ruest are IT professionals focused on technology futures. Both are passionate about virtualization and continuous service delivery. They are authors of multiple books, including Windows Server 2008: The Complete Reference (McGraw-Hill Osborne), which is focused on building virtual workloads with this powerful new OS. They are currently writing Virtualization, A Beginner's Guide (McGraw-Hill Osborne). They are also performing a multi-city tour on Virtualization in the U.S. Feel free to contact them at [email protected] for any comments or suggestions.


Dig Deeper on Virtual desktop infrastructure and architecture