Clicky

I am adding two more servers into my terminal server farm.  So instead of just one I will have 3. Spread the load and make things redundant.
This would require a roaming profile.  Some users do make mistake and save large files into their profile.  How to prevent this? Is there a way to limit a profile size in Group Policy? or any other way doing this?

Thanks.

asked 12/08/2011 02:05

Tiras25's gravatar image

Tiras25 ♦♦


10 Answers:
If you use folder redirection for My Documents, etc along with roaming profiles it won't affect the profile size unless they save the large file to their desktop.

We just try to educate our users not to save any files to their desktop, only to their My Documents or shared drives and create shortcuts on their desktop if there are files they access regularly. We've seen some success with some of our more capable users then educating others on how to do it.
link

answered

ghodder's gravatar image

ghodder

Hmm, not so convinced.  The last time a file 12GB ended up in someone's App Data folders that is part of the user's profile.
link

answered 2011-12-08 at 22:32:58

Tiras25's gravatar image

Tiras25


You should do 4 things.

1.- Mapped a shared drive for users on the terminal server sessions (Regularly letter Z on My PC)
2.- Enabled roaming profile for those users.
3.- Redirect My Documents, Desktop, App Data Folders, My Music, My Images, Favorites, ETC to the network on those servers.
4.- Disable offline files on those servers.

With these configurations you should be fine, and the profiles will not hold to many information.
link

answered 2011-12-08 at 22:40:53

eduardoaguirrev's gravatar image

eduardoaguirrev

I would be extremely caution about redirecting AppData.  It contains a lot of frequently used information and redirecting it can cause application crashes, non-responsiveness, data corruptions etc.  That's a worst-case alternative.

Ultimately, it sounds like you are looking for a technological solution to a human-driven problem, and there really isn't one.  The users need to not save large files in their profile, end of story.  Typically, if they do that, and their logins take forever, it is almost self-correcting :-\  

If this absolutely must be dealt with, then look at triCerat's Profile Acceleration Technology.  It can dramatically cut the login times, especially if you have large files in the profile, or lots of small ones..  It can help with any roaming profile.  (I have no direct affiliation with triCerat.. I've just looked at it before, and I'm looking at it again for this new environment).

Coralon
link

answered 2011-12-09 at 07:19:12

Coralon's gravatar image

Coralon

YOu are correct and I agree!
Looking into the redirection and like that option.. My only concern is if the redirection would be for all servers, or if we could limit it to just the terminal servers.  Or, do we want this to be applied to all servers?
link

answered 2011-12-09 at 09:26:52

Tiras25's gravatar image

Tiras25

Depends on the items.. generally, you want your TS boxes in their own OU for policy purposes.  I normally use Loopback Processing:Replace for them (Machine\Policies\Admin Templates\System\Group Policy)

For a "common" set for all the machines, I would redirect My Documents and Favorites to the home directory.  Then I would apply the extra redirections for just the TS boxes.. typically for the TS boxes, I'll redirect the desktop and the various libraries to places in the home directory.  

Coralon
link

answered 2011-12-09 at 09:32:09

Coralon's gravatar image

Coralon

That's what I think - only for TS boxes.  What's Loopback Processing BTW?

Users do not logon interactively to other boxes unless troubleshooting, etc.  So TS boxes are the only I concern.
link

answered 2011-12-09 at 10:17:13

Tiras25's gravatar image

Tiras25

Loopback processing - causes the GPO processing to be altered.  In "normal" gpo processing, the machine processes its' gpos at boot time.  The user's process the GPO's they get from their OU at login time.  

With Loopback, the order changes depending on the mode.  
  • LB:Replace processes the machine GPO at boot time, and the user GPO's from the machine's OU at login time.

  • LB Merge processes the machine GPO at boot time, processes the user's native GPO from their OU at login time, and then processes the user GPO's from the machine's OU at login time


So, for you, I'd move the TS boxes to a sub-OU where there are, block inheritance, and then add the redirection policies for the TS Boxes at that level.  And for convenience sake, I'd add one at the higher level to redirect my documents & favorites & make sure the 2 settings match between the policies.  

And as a safety measure, I will normally block administrators from receiving the policy, so that if something goes wrong, they won't be locked out by it.  To do that, edit the policy and right click on the top of the policy and select Security.  There, you can modify the Administrators permission to include "Deny: Apply group policy".

Coralon
link

answered 2011-12-09 at 10:21:56

Coralon's gravatar image

Coralon


I have worked with AppData redirection on VDI enviroments and it works fine. It help a lot reducing the size of the profile.

The only thing I would be concern about is installing programs that create folder on the Users folder.

link

answered 2011-12-09 at 10:38:30

eduardoaguirrev's gravatar image

eduardoaguirrev

Yeah, the appdata is very hit or miss.. I've done it some environments and it works great.. I've done it in others and had nothing but problems.  It's all application driven.   The ones that are very time/latency sensitive seem to have the most problems with redirected appdata.  While the ones that use it infrequently do just fine.

Because it is hit or miss, I avoid it unless I have a compelling reason to redirect it.

Coralon
link

answered 2011-12-09 at 13:15:03

Coralon's gravatar image

Coralon

Your answer
[hide preview]

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Tags:

×30
×1
×23

Asked: 12/08/2011 02:05

Seen: 282 times

Last updated: 12/15/2011 03:03