[Update] Since writing this I have fallen out with Roaming Profiles and would suggest you DO NOT USE THEM, as per the comments below they are not robust and do not fail gracefully. See my post on Active Directory Users for more information on how I would recommend setting up users on your Active Directory.
Many small businesses might be running Active Directory (see related post) but are not using roaming profiles. It isn't hard to setup, just a bit fiddly and it makes a lot of sense.
The Advantages
I have seen a lot of bad press for roaming profiles on the web but sometimes they are relevant: when users 'hot-desk' i.e. change machines a lot. Users are not bound to one machine but instead exist as entities on the network. Logging in from any machine provides the user with a personalised experience not just in terms of permissions and network drives but also their own folders, files and settings e.g. desktop background.
With file synchronisation all their files are keep in sync between the local computer and the server, so even if the user takes their laptop out of the office they can continue to work with their files. When they return or are able to log in remotely their files are automatically synced back to the server.
One of the criticisms made of Roaming Profiles is the login speed. This is usually because the user’s files are copied on login and logout. The best solution I have found to this is to map the user’s file folders to server locations. I have blogged about this here. In addition the offline files can be moved to a separate (local) drive which can help reduce the load on the local machine’s system drive.
The Disadvantages (The Dark Side of Roaming Profiles)
On the down (dark) side I have witnessed some ‘strange’ behaviour with Roaming Profiles. e.g. a new user setup in the same way as others who didn’t have access to network shares or even have explorer or IE in their start menu. Another where the profile became corrupt (probably in this case due to power outage on logout) and would no longer log in. In my limited experience this sort of situation with a profile is very difficult to debug and I’ve found the best way is to just create a new profile. This is ok if you have an administrator handy and all the files backed up but not so much if the admins are not available or the files are specific to and only located in the profile. For me though on balance the advantages still outweigh the potential flaws.
If you are using XP and Windows Server 2003 be warned that there are inconsistencies between that combination and the latest versions (Win Server 2008 and Win 7 as of writing).
An Alternative
A alternative to roaming profiles would be to use Active Directory for the authentication, without roaming profiles but with with personal folder redirection to a network share and offline files… which is part of the way to roaming profiles but easier to manage and more robust particularly if your workers don’t hot desk. I haven’t tried this method however.
See my related posts on: Active Directory; Active Directory Folder Redirection; Personal Folder Redirection; Moving Offline Files
Many small businesses might be running Active Directory (see related post) but are not using roaming profiles. It isn't hard to setup, just a bit fiddly and it makes a lot of sense.
The Advantages
I have seen a lot of bad press for roaming profiles on the web but sometimes they are relevant: when users 'hot-desk' i.e. change machines a lot. Users are not bound to one machine but instead exist as entities on the network. Logging in from any machine provides the user with a personalised experience not just in terms of permissions and network drives but also their own folders, files and settings e.g. desktop background.
With file synchronisation all their files are keep in sync between the local computer and the server, so even if the user takes their laptop out of the office they can continue to work with their files. When they return or are able to log in remotely their files are automatically synced back to the server.
One of the criticisms made of Roaming Profiles is the login speed. This is usually because the user’s files are copied on login and logout. The best solution I have found to this is to map the user’s file folders to server locations. I have blogged about this here. In addition the offline files can be moved to a separate (local) drive which can help reduce the load on the local machine’s system drive.
The Disadvantages (The Dark Side of Roaming Profiles)
On the down (dark) side I have witnessed some ‘strange’ behaviour with Roaming Profiles. e.g. a new user setup in the same way as others who didn’t have access to network shares or even have explorer or IE in their start menu. Another where the profile became corrupt (probably in this case due to power outage on logout) and would no longer log in. In my limited experience this sort of situation with a profile is very difficult to debug and I’ve found the best way is to just create a new profile. This is ok if you have an administrator handy and all the files backed up but not so much if the admins are not available or the files are specific to and only located in the profile. For me though on balance the advantages still outweigh the potential flaws.
If you are using XP and Windows Server 2003 be warned that there are inconsistencies between that combination and the latest versions (Win Server 2008 and Win 7 as of writing).
An Alternative
A alternative to roaming profiles would be to use Active Directory for the authentication, without roaming profiles but with with personal folder redirection to a network share and offline files… which is part of the way to roaming profiles but easier to manage and more robust particularly if your workers don’t hot desk. I haven’t tried this method however.
See my related posts on: Active Directory; Active Directory Folder Redirection; Personal Folder Redirection; Moving Offline Files
I would seriously not choose reliance on roaming profiles in a small office environment.
ReplyDeleteAlthough to you and I, they are logical, easy to set up and troubleshoot, to someone not so IT literate, should something not work correctly, it would be very time consuming, impossible or expensive to fix.
They are great when they work, but an absolute pain when they don't. Eg I don't use them, the transition from an XP roaming profile to a Win7 profile is fraught with issues - just Google it.
They are a lovely idea, just not very robust, or very well thought out - they don't degrade/fail gracefully.
Agreed they are not a cure-all. So what is the answer... not logging in locally?
DeleteI would suggest relying on roaming profiles as little as possible - ie for some users.
DeleteIt's not appropriate for the same profile to follow a user on to all machines they use for instance.
Setting up GPOs and managing them is a specialist area. If for instance Internet explorer is updated on a machine, the GPO will very likely not apply in the same way, at all, or break something else.
I would recommend local profiles for as much as possible with all documents stored centrally on a file server, which is raided, shadow copied and cloud backed up.
Favourites can be stored in the cloud too.
Other than that - icon positions / wallpapers etc is trivial to set up.
What you say is true. I have added "An Alternative" to my post. This is probably a more robust solution more appropriate for most offices as you point out.
Delete