Windows Enterprise Client Boot and Logon Optimization – Part 19, Infrastructure and Settings – User Profiles

This post continues the series that started here.

Today I want to discuss the impact of user profiles to the logon experience.

User profiles contain different data, some of which may roam from system to system depending on the configuration choices you make –

UserProfiles

Here we see that Roaming User Profiles carries all user generated content, machine independent data ( %userprofile%\AppData\Roaming) and some machine dependent data (%userprofile\Appdata\Local)

Folder Redirection in combination with Offline Files carries all user generated content as well as machine independent data ( %userprofile%\AppData\Roaming)

User Experience Virtualization (UE-V) carries machine independent data ( %userprofile%\AppData\Roaming) and some machine dependent data ( %userprofile\Appdata\Local)

Local User Profiles

Local User Profiles are the default choice in Windows and provide the fastest logon experience. Group Policy may be processed asynchronously (meaning the user doesn’t have to wait for the network and service start-up) and data is read directly from the local disk.

The disadvantage of Local User Profiles is that user data isn’t centralized which may lead to data loss if the client system fails.

In my view, with the emergence of OneDrive for Business, Work Folders and User Experience Virtualization (UE-V) , this is the best choice when considering the user logon experience. I’d encourage you to investigate, test and embrace these newer technologies as viable options for your Enterprise clients.

User Experience Virtualization

User Experience Virtualization (UE-V) is a component available as part of the Windows Desktop Optimization Pack (MDOP) . Using UE-V, application and Windows settings follow the user between systems without Roaming User Profiles.

UE-V is preferable to Roaming User Profiles because Group Policy processing may remain asynchronous.

The server side copy of user state is updated with various triggers such as Lock Screen, Unlock Screen, Sign-on, Sign-off, Application Start and Application Close.

UE-V operates across multiple Windows versions as well as Virtual Desktop Infrastructure (VDI) sessions.

Roaming User Profiles

Roaming User Profiles have been around for many years and I still see wide spread use of this old technology in Enterprises today. A copy of the user profile is stored on a network share, facilitating centralized backup of user data. Users may logon to any system and receive their settings and documents.

Changes to the user profile are downloaded and uploaded at every logon & logoff (and also in the background starting with Windows 7). Unfortunately, this triggers synchronous logon, putting the user experience at the mercy of auto-start services, network availability and Group Policy processing.

If you intend to use Roaming User Profiles, you should configure exclusions appropriately (data that is excluded from roaming). This minimizes the profile size and you should aim to keep profile sizes as small as possible (think a few MBs).

Also critical, is the client system proximity to the file server. Profile synchronisation depends upon iterative network I/O as the local file and server file MD5 checksums are compared.

Some Microsoft customers use DFS Namespaces (DFS-N) in combination with DFS replication (DFS-R) to provide access to user profile data in multiple locations. Unfortunately, file locking that occurs with the use of Roaming User Profiles introduces compatibility issues with these technologies. Refer to the Microsoft support policy for DFS deployment scenarios here – https://support.microsoft.com/kb/2533009

In short, this support article states that

  • DFS-N is supported, but multiple targets not supported
  • DFS-R is supported, typically for backup & provided clients only modify a single copy

Mandatory User Profiles

Mandatory User Profiles use a template from SYSVOL, to provide standard configuration. When the user logs off, profile changes are discarded.

Although not commonly used by most Enterprise customers, Mandatory User Profiles are appropriate for public kiosks, university labs, etc.

The disadvantage of Mandatory User Profiles is that users experience active setup at every logon. This in turn triggers synchronous Group Policy processing and again, all of the disadvantages I’ve discussed in this post series.

Conclusion

When considering the boot and logon user experience, Local User Profiles are the best choice. They permit asynchronous logon with reads and writes of data occurring against local storage. User data backup may be addressed with newer technologies such as OneDrive for Business, Work Folders and User Experience Virtualization.

Next Up

Infrastructure and Settings – User Data