| Author |
 Topic  |
|
|
Pesos
Honorable But Hopeless Addict
USA
3519 Posts
Status: offline |
 Posted - 03/09/2012 : 9:36:24 PM
|
Until recently we had an office set up for everyone to access published citrix desktops, and all resources lived within the remote server farm.
We are considering using DFS-R to replicate the file server locally to the main office and joining all machines to the domain so users can work locally and use citrix only at branch offices and for remote access.
In this type of scenario, how would you deal with roaming profiles and folder redirects? Desktops shouldn't be a big deal as they will function just like the citrix servers do and be happy as long as there is connectivity to the file server. But laptops will wig out and squawk at users when used offline as they won't be able to reach their server side profiles or folder redirects.
|
-Wes |
|
|
dmarelia
Moderator
USA
2922 Posts
Status: offline |
|
|
Pesos
Honorable But Hopeless Addict
USA
3519 Posts
Status: offline |
Posted - 03/15/2012 : 10:25:24 AM
|
Thanks Darren...
So our latest configuration was to continue to redirect all folders except Appdata. There are simply still too many apps out there that rightly or wrongly freak out when appdata is redirected (not to mention Microsoft's own mailmerge integration!).
So how does Win7 gracefully handle laptop users with roaming profiles and folder redirects going off the LAN? |
-Wes |
 |
|
|
Pesos
Honorable But Hopeless Addict
USA
3519 Posts
Status: offline |
Posted - 03/15/2012 : 10:26:25 AM
|
| p.s. regardless of whether users move between laptops and desktops in the office, they all use Citrix published desktops for remote access... we do have separate Profiles and RD Profiles configured, but of course the folder redirects are the same everywhere they log in... |
-Wes |
|
|
|
dmarelia
Moderator
USA
2922 Posts
Status: offline |
|
|
Pesos
Honorable But Hopeless Addict
USA
3519 Posts
Status: offline |
Posted - 03/16/2012 : 5:19:23 PM
|
Hmm...
So I guess the piece I'm missing is "offline files." So we'll have to enable offline caching on our profile/redirect share and have all laptops synching? |
-Wes |
|
|
|
dmarelia
Moderator
USA
2922 Posts
Status: offline |
|
|
Pesos
Honorable But Hopeless Addict
USA
3519 Posts
Status: offline |
Posted - 03/17/2012 : 02:40:36 AM
|
The machines don't squawk when they can't contact the server side profile?
So once I enable offline files on the file server share, all machines will start caching the folder redirects? Guess I should disable offline files via gpo on all desktops before I do that? |
-Wes |
|
|
|
dmarelia
Moderator
USA
2922 Posts
Status: offline |
Posted - 03/17/2012 : 11:06:28 AM
|
Wes-
user profiles always operate on the locally cached version. The only thing that roaming profiles provides is, when the user logs on, the server profile is compared to the locally cached version and then copied down. When user logs off, changes are written back up to the server share. So, no squawking involved :-). In terms of folder redirection. When you redirect a profile folder, it's automatically treated as "available for offline use". you don't want to disable offline files on the desktop, since that is what FR uses to cache the files. Hope that makes sense?
Darren |
Darren Mar-Elia
MS MVP--Group Policy
Group Policy Resource Site: http://www.gpoguy.com
Group Policy Blog: http://www.sdmsoftware.com/blog
Group Policy on Twitter:
http://www.twitter.com/grouppolicyguy
Like us on Facebook: http://www.facebook.com/SDMSoftware
***********
GPO Inventory & Comparison Simplified. Get SDM Software's GPO Reporting Pak -- http://sdmsoftware.com/group-policy-management-products/group-policy-reporting-pak/ |
|
|
|
Pesos
Honorable But Hopeless Addict
USA
3519 Posts
Status: offline |
Posted - 03/17/2012 : 11:10:29 AM
|
Hmm we have always disabled offline files on our folder redirection shares (as we don't want our citrix servers to cache anything - but rather to read the redirected folders directly from the networked file server)...
I thought that windows still squawked when it can't see the network copy of the roaming profile as well - something like "can't locate the server copy of your profile, logging you on with the locally cached copy" or something to that effect...
obviously i haven't had time to test this in a while :-) |
-Wes |
|
|
|
dmarelia
Moderator
USA
2922 Posts
Status: offline |
|
|
Pesos
Honorable But Hopeless Addict
USA
3519 Posts
Status: offline |
Posted - 03/18/2012 : 11:54:10 PM
|
| You and I know it's benign - Joe User wigs out at every little popup - especially ones that make noise! :-) Will check out the gpo... |
-Wes |
|
|
|
Pesos
Honorable But Hopeless Addict
USA
3519 Posts
Status: offline |
|
|
Pesos
Honorable But Hopeless Addict
USA
3519 Posts
Status: offline |
Posted - 03/19/2012 : 12:05:23 AM
|
| Maybe it's best to just forgot roaming profile for the (relatively small number of) laptop users and let folder redirection take care of the important data. Appdata would be the only thing lost in case of theft or damage as we don't redirect that anymore... |
-Wes |
|
|
|
jadgate
Major Contributor
USA
918 Posts
Status: offline |
Posted - 03/19/2012 : 11:31:18 AM
|
Guys-
Along these lines, I have a question about whether (old) local account (system) SIDs for a migrated laptop will create access issues, if the migration did not happen sucessfully (complete).
I manually re-direct the my docs folder to a network share for storage/backup, although I also setup/utilize offline folders so I can access My Docs when I am not connected to the network.
I was migrated to a new laptop a couple of weeks ago(XP to XP, we are years away from Windows 7 at work, although I use and like Windows 7 at home).
The migration had issues (the migration software kept crashing in the middle of the process to move date from the old system to the new). As most of the data I care about is stored on a network share, I wasn't all that concerned: the only thing they really needed was to grab my browser favorites and my mail rules (and the Outlook OST, although it could be pulled from the server, if need be). As I needed my laptop back for work, I told them to just copy my user profile from the old system to the new. I'm fairly certain that they did not run any routines to update/cleanup ACLs or SIDs on the "moved" data.
Since the migration, I've been getting messages whenever I want to save a file that I probably created on my desktop prior to the migration but now want to move to my docs (the network share) or am accessing of the re-directed my docs. Messages along the lines of "this file is currently open for another user. Do you want to save/overwrite/create new version?" I also got some error messages about desktop.ini access issues whenever the offline folders want to sync at login/logoff). I made those go away by deleting every copy of desktop.ini I could find as the offline sync would not complete otherwise.
Do I need to have the support staff go back and "clean up" ACLs/SID history on migrated folders (and the files within)?
Later,
Jim
|
James Adgate, CISSP
IT Auditor and Compliance Specialist
Data Loss Prevention (DLP)
IT Security Policy and Risk Mitigation for Enterprises
http://linkedin.com/in/jamesadgatech
|
|
|
| |
Topic |
|
best practice for folder redirection with laptops
