Roaming profiles, home folders & folder redirection

HCHTech

HCHTech

Well-Known Member
Reaction score
3,835
Location
Pittsburgh, PA - USA
I'm doing some "reorganization" at one of my larger clients (30 ees), coincident with a server refresh. I'd like to:
  • Simplify backup of local workstation files
  • Present the user with the same experience whether logged on to the RDS server or a desktop at the office
  • Enjoy the benefits of a simpler job when replacing workstations
This sounds like a job for folder redirection and/or roaming profiles. I've personally lived the downside of roaming profiles where a full sync of the profile has to happen during logon and logoff - this is an untenable result, people get impatient and things go wrong. As a result, I've avoided roaming profiles like, forever. Then I read recently that if you redirect user folders separately to a network location, those redirected folders are not part of the roaming profile, so not part of the logon/logoff sync. Further, if you establish quotas for those redirected folders, it caps the amount of stuff folks can save there, avoiding that problems created when that one person thinks it's a good idea to copy 12,000 songs from their itunes library to their music folder.

So, I guess I'm asking for the experience of others that might have gone down this path. Great "you're the best IT guy ever!" solution? Solves the problem but creates other problems, so a lateral move at best? Terrible idea for so many reasons? What's your vote?
 
I don't miss this stuff, since having 365 take over all this.

As you noted, just having "roaming profiles" can turn the login process into quite a long ordeal for end users with "lots of documents, lots of crap on the desktop, lots of pictures, lots of iTunes, etc etc".

So yes...you can combine "roaming profiles"....with "folder redirection"...so that just the "user state" is on the roaming profile, and all the user files just remaing "over there" in the redirected folders. So logins are nice and quick.

I did mostly avoid roaming profiles, granted it got better and better with later versions of Windows. Used to be quite the headache with earlier versions. Some things to note......ensure SAME version of MS Office on all the computers. Ensure pretty much same software is installed across all computers.

But climbing up to 10,000 feet with this client here....do users sit down at various different computers? Or...do people pretty much just have their own computer? The terminal server..."What for?" Access to a certain application from inside? Or....is it for external access, like remote users? If for this...why not just RDG....Remote Desktop Gateway direct to their desktops? Or...better yet, something like Splashtop Business with MFA?
 
Roaming profiles are the pathway to crashes and pain...

Redirected Folders are current tech, but that workload is generally held up by Onedrive now, because Onedrive doesn't unify just the desktops / RDS server in the office, but the mobile devices too.

RDS clusters utilize profile disks now... not roaming profile shares because the performance of the latter is crap.

This path you're walking? It's a decade too late to be making these calls.

Virtual desktops, or remote access to physical desktops is far easier and fault tolerant... not to mention CHEAPER especially if the client is cloud adverse, which I assume must be the case or you'd have mentioned use of Onedrive / Teams by now.
 
I would definitely recommend at least folder redirection (offline files disabled) for RDS, especially if you have multiple load balanced RDS hosts. It helps keep the RDS hosts from bloating. RDS Profile Disks are probably a better option than roaming profiles, especially if you don't setup roaming profiles correctly with GPOs.

I tend not to enable folder redirection anymore on PCs. You can probably get away with it on workstations but I wouldn't advise for mobile devices like laptops. When offline files gets enabled and you have devices roaming in and out of the network it becomes a nightmare. Even if you set certain shares to never cache data offline, if users have data in shares that can be offlined and they move that data to shares that are not supposed to be offlined, it will offline them anyway on a slow connection. If users work remotely a lot, and have slow connections, offline files dont sync back to the server... just too many issues to account for.

For end-user devices I would definitely go the OneDrive way if possible and implement Known Folder Move. Its just a lot more easier to store that stuff in the cloud and have it easily available on different devices given shift to remote work that has happened recently.
docs.microsoft.com

Redirect and move Windows known folders to OneDrive - SharePoint in Microsoft 365

In this article, you'll learn how to redirect users' Documents folders or other known folders to OneDrive.
docs.microsoft.com
 
So 3 groups of employees:
  • 100% remote - These folks are currently remoting into headless computers on a shelf, one machine dedicated to each employee. We are retiring these machines in favor of an RDS setup where we'll be presenting full desktops, not published apps.
  • 100% in the office - these folks have an physical office with a computer. When they work remotely while travelling, for example, they remote into their desktops with RDP over a VPN connection.
  • Floaters - These folks spend part of the time in the office and part of the time working remotely. Right now these folks have offices with dedicated desktops. When working remotely, they RDP over VPN like the above group. We're moving from dedicated offices for these folks to a group of shared computers that they will use on a first-come, first-served basis when they come into the office. We want them to use the RDS host when working remotely.
The client is downsizing their office as part of this whole thing, they will have a bullpen for the shared computers and smaller individual offices for the folks who come in every day. For the 100% remote folks, we want to remove the requirement to have a dedicated machine for them - hence RDS. The client also has a small 2nd location with 5 employees, so we don't want to have to buy two computers every time they hire somebody new there.

I'm also hoping that if the "Same experience" goal can be met, then even the 100% in the office folks can just use the RDS for remote work when traveling - one solution for everyone.

For the floaters, we want the same desktop experience for them regardless of whether they are in the office at one of the shared computers or remoted into the RDS host.

I'll have to think about using Onedrive for the local user data. They mostly only store temporary stuff there anyway. I was thinking redirecting the desktop folders locally, then using roaming profiles to get the appdata stuff should meet the "same experience" goal for the floaters. They are a bit cloud-adverse, but not rabidly so. I'm still thinking I'll get better performance having that stuff local on an SSD array than I would having it online. We're doing the correct M365 licenses to get the shared activation stuff to have office on the RDS server - so all computers will have the latest version of Office.

I'm also cognizant of internet bandwidth - If doing local folder redirection saves bandwidth that lets more folks remote in simultaneously with a better experience, then that's definitely a better answer. It's tough making these kinds of decisions because we won't know real-world performance until we're all done.
 
If you're getting the M365 that allows shared activation, then presumably you're using Premium. If you're using Premium, you have the desktop license there too, and you're setup for VDI.

You can get rid of all of those desktops everywhere, and replace them with a VDI deployment with a master image that spools up a desktop on demand for user. RDS is a poor choice for this application, it's been replaced by VDI for a reason.

That being said, I'm not the best at those new toys yet either. But that is where Microsoft wants users now. RDS is too darned fragile, VDI is the "same experience" to the user, but far cheaper to host, more resilient, AND easier to maintain.
 
Well, I'm somewhat the victim of my own experience here, I've never even seen a VDI setup so would have a tough time recommending it. I'm guessing you need a Windows 10 license for every VDI? For the 100% in the office folks, they already have working and configured desktops - would those (and the shared desktops in my proposed setup) essentially be turned into thin clients in a VDI setup? Where is the breakeven point where X number of desktops makes VDI a slam dunk over RDS?

Edit - it looks like you just need an RDS CAL, which we would need to do RDS in any event. Maybe I can explore VDI if I don't get good enough performance from RDS...
 
Last edited:
@HCHTech The desktop license is part of M365 Business Premium, along with your shared activation rights! The only costs you have for VDI above the M365 premium sub is compute time in Azure. But I like you haven't actually done this yet. I've seen it done though, which is the only advantage I have in this circumstance.

It's a crazy new world MS has built... one where users login to an Azure joined device, MFA off their phones if policy requires, and then remote from there to a desktop that doesn't exist until they push the button, which authenticates using the exact same identity for instant access to use an infrastructure that only exists in a private portion of Azure cloud services.

So your endpoints are totally disposable... there's nothing on them. The VDIs spawn off a master image that needs maintenance, you'll need to patch it and replace it monthly to keep it up to date for example. Users files are in Sharepoint/Teams or Onedrive, also automatically integrated on login based on the image used to deploy the VDI.

RDS is nice because you can deploy it once and it just lives there with automatic patching like we're all used to. But if you've ever had one of those things crypto'd because a user did something foolish... you'll know exactly why I want all mine gone! All RDS deployments must have Datto or something similar with rapid restoration capabilities as a result. And by the time you get done leasing the server, paying for the Datto, the UPS, and everything else you need to really keep that server... VDI winds up being far less. Exactly how much less is impossible for me to answer from here, but MS has an article on the topic.

azure.microsoft.com

Azure Virtual Desktop Pricing | Microsoft Azure

Access Windows 10 Enterprise and Windows 7 Enterprise desktops and apps at no additional cost if you have an eligible Windows or Microsoft 365 license.
azure.microsoft.com azure.microsoft.com

P.S. If a user makes their VDI sick... they logout and back in again... POOF fixed.
 
Now I'm thinking this might be the way - if I can do it on prem. I'm not ready to jump in the Azure pool yet, let alone for such a good customer. You've given me some homework.
 
You must log in or register to reply here.

Similar threads

thecomputerguy
Cut/Copy/Paste folders by date while retaining the folder structure?
Replies
5
Views
301
SAFCasper
SAFCasper
Blue House Computer Help
Google Workspace Sync for Microsoft Outlook - Sent emails also copied into wrong Sent Items folder
Replies
5
Views
544
callthatgirl
callthatgirl
HCHTech
Hot-Desking setup
Replies
0
Views
329
HCHTech
HCHTech
HCHTech
Fun with redirected folders
Replies
10
Views
1K
cyabro
cyabro
HCHTech
Office App pinning not working with redirected folders
Replies
12
Views
1K
HCHTech
HCHTech
Back
Top