Windows User Profiles and Folder Redirection options

This post is also available in my podcast. This blog post discusses Windows User Profiles and Folder Redirection options. It is recommended to also review my separate article on Windows File server design considerations.

Introduction

There are various technologies available in Windows client and server operating systems for managing user profiles and folder redirection in an Active Directory environment. User profiles and folder redirection are methodologies used for accomplishing User State virtualization, also most recently called User Experience virtualization (https://docs.microsoft.com/en-us/windows/configuration/ue-v/uev-for-windows).

User profiles fall inside the scope of a user personality. The automated management of user personalities and behavior of the user environment can be carried out by a type of application called User Environment Manager (UEM). User environment management is a software solution which enables corporate policy and user preference data, the ‘user personality’, to be abstracted from the delivered operating system and applications and centrally managed. More details about User Environment Management software can be found in .

This article provides an overview of Windows User Profiles and Folder Redirection options.

User profiles

Types of user profiles

The following user profile types are available:

  • Local profiles

The local Windows profiles have only local scope on the Windows client or server OS under the C:\Users folder.

  • Mandatory profiles

A mandatory user profile is a special type of pre-configured roaming user profile that administrators can use to specify settings for users. With mandatory user profiles, a user can modify his or her desktop, but the changes are not saved when the user logs off. The next time the user logs on, the mandatory user profile created by the administrator is downloaded. There are two types of mandatory profiles: normal mandatory profiles and super-mandatory profiles. User profiles become mandatory profiles when the administrator renames the NTuser.dat file (the registry hive) on the server to NTuser.man. The .man extension causes the user profile to be a read-only profile. User profiles become super-mandatory when the folder name of the profile path ends in .man; for example, \\server\share\mandatoryprofile.man\. Super-mandatory user profiles are similar to normal mandatory profiles, with the exception that users who have super-mandatory profiles cannot log on when the server that stores the mandatory profile is unavailable. Users with normal mandatory profiles can log on with the locally cached copy of the mandatory profile. Only system administrators can make changes to mandatory user profiles.

  • Roaming profiles

Roaming User Profiles redirects user profiles to a file share so that users receive the same operating system and application settings on multiple computers. When a user signs in to a computer by using an account that is set up with a file share as the profile path, the user's profile is downloaded to the local computer and merged with the local profile (if present). When the user signs out of the computer, the local copy of their profile, including any changes, is merged with the server copy of the profile. Typically, a network administrator enables Roaming User Profiles on domain accounts.

  • Temporary profiles

Temporary profiles are created when there is an issue while creating a new profile or loading the existing profile of a user. There are various reasons why this can happen. You may find relevant troubleshooting articles for resolving temporary profile issues at: https://stefanos.cloud/kb/rds-error-message-0x2-82-temporary-profile/ and https://stefanos.cloud/kb/how-to-fix-citrix-temporary-profile-issue/.

  • Default profiles

Windows uses the default user profile as a template to assign a profile to each new user. By customizing the default user profile, you can configure settings for all user accounts that are created on the computer.

Container-based vs file-based profile solutions

There are two main approaches in the user profile technology. One major approach is the file-based approach where user profile files are synced back and forth between the central user file repository residing in a highly available SMB file share and a locally synced copy. Such an example is Citrix Profile Management (see below section for more details). The other major approach is container-based user profiles, which are based on vhdx containers where all relevant user profile information is stored. Such an example is Microsoft FsLogix profile technology (see below section for more details). Citrix is also investing in this technology with the introduction of the Citrix profile container (https://docs.citrix.com/en-us/profile-management/current-release/configure/profile-container.html)

Windows Roaming Profiles

Windows Roaming Profiles are standard roaming profiles which can be setup at user level or computer level. More instructions on how to setup Windows roaming profiles can be found at: https://docs.microsoft.com/en-us/windows-server/storage/folder-redirection/deploy-roaming-user-profiles.

Troubleshooting Windows Roaming Profiles

In case you need to troubleshoot operations of Windows Roaming profiles, Microsoft offers a very hand resource at https://docs.microsoft.com/en-us/windows-server/storage/folder-redirection/troubleshoot-user-profiles-events.

RDS User Profile Disks

User profile disks is a disk-based (vhdx) roaming profile solution for Remote Desktop Services (RDS) users. It is now being phased out and will be replaced by its successor technology (FsLogix). A more detailed discussion on user profile disks is available at:

https://techcommunity.microsoft.com/t5/microsoft-security-and/easier-user-data-management-with-user-profile-disks-in-windows/ba-p/247555

FsLogix Profile Disks

FsLogix expands upon user profile disks and offers a disk-based (vhdx) roaming profile solution. It separates the Office 365 profile components from all other Windows components, therefore there are two seaprate .vhdx files created per user by FsLogix in a Windows roaming profile.

FSLogix solutions include:

  • Profile Container
  • Office Container
  • Application Masking
  • Java Version Control

An important benefit of FsLogix is that it is free of charge for all Microsoft customers using RDS CAL licenses.

FsLogix is also the default roaming profile solution used in the Azure-based Windows Virtual Desktop (WVD).

Full FsLogix documentation can be found at: https://docs.microsoft.com/en-us/fslogix/ .

Citrix Profile Management (CPM)

Citrix Profile managementg is a file-based profile management solution. It comprises a Windows Service and profile management service agent on each Citrix Virtual Apps and Desktops VDA server on one side and the central user store on a H/A file server on the other side. All CPM settings are set via Group Policy, as described at https://support.citrix.com/article/CTX222893

There are also other third party user profile solutions, such as Ivanti (https://www.ivanti.com/products/environment-manager).

Folder redirection

Folder redirection works alongside a roaming profile solution to redirect user folders to a distributed location. Folder Redirection enables users and administrators to redirect the path of a known folder to a new location, manually or by using Group Policy. The new location can be a folder on the local computer or a directory on a file share. Users interact with files in the redirected folder as if it still existed on the local drive. For example, you can redirect the Documents folder, which is usually stored on a local drive, to a network location. The files in the folder are then available to the user from any computer on the network.

The group policy settings for folder redirection as well as other best practices can be found in this article.