Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


March 2008

Best Practices for Managing User Data and Settings, Part 2

Heed these tips for unifying UDS management for Vista and XP users and addressing four key types of user data
From the March 2008 Edition
of Windows IT Pro
Dan Holme
Feature
InstantDoc #98004
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Interoperability Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

Download the Code Here

Executive Summary:

In “Best Practices for Managing User Data and Settings, Part 1” (InstantDoc ID 97841), we talked about effectively managing user data and settings on the server side to meet specific security, mobility, availability, and resiliency business requirements. Part 2 addresses the client-side components, unifying UDS management for both Windows Vista and Windows XP users.


Last month, in “Best Practices for Managing User Data and Settings, Part 1” (InstantDoc ID 97841), I began a discussion about the pieces you need to put in place to effectively manage user data and settings (UDS). The goal was to create a UDS-management framework—a combination of technology, people, and processes—to meet specific security, mobility, availability, and resiliency business requirements. In that article, I covered the server-side components of the framework. This month, I address the client-side components.

The goal this time is to unify UDS management for both Windows Vista and Windows XP users— something that isn’t possible without some of the tips you’ll find herein, such as registry-based folder redirection. Specifically, we need to address four types, or classes, of UDS that I call “normal data,” “normal settings,” “locally accessed data,” and “unwanted data.” Unfortunately, as you’ll see, Windows provides direct support for managing only the first two types of data, which is why so many organizations struggle to put all the moving parts in place—some parts are missing!

Redirect User Data Stores
The first class of data I’ll address is “normal data” that can reside in standard Windows data stores such as the Documents and Desktop folders. You can use redirected folders to manage normal data and meet your business requirements.

Redirected folders are a well understood, tried-and-true technology in Windows environments. You can redirect selected shell folders (e.g., Documents, Desktop) to shared folders on the network, and the result will be completely transparent to users. You implement most folder redirection through Group Policy, under User Configuration, Windows Settings, Folder Redirection. You should use the Group Policy Management Editor (GPME) on a Vista client to edit Folder Redirection Group Policy settings so that you can configure settings that will apply to both Vista and XP.

Although XP supports redirecting only four folders, Vista lets you redirect thirteen folders, as you can see in Figure 1. I highly recommend redirecting Documents and Desktop, as well as any of the new folders that Vista can redirect. As I discuss later, you can redirect the AppData folder, but using roaming profiles is generally a better management choice for AppData. Except in schools and other environments in which multiple users should have identical Start menus, I’ve never found it useful to redirect the Start menu.

Microsoft documents the steps for configuring folder redirection in its Help files. Rather than repeat those steps here, let’s focus on bottom-line recommendations and tips. On the folder-redirection policy’s Target tab, you can set the following recommended policy settings.

  • Use Basic rather than Advanced folder redirection. Advanced folder redirection lets you redirect folders to different locations based on group membership. That capability might sound great, but there are other policy settings supporting a UDS framework that aren’t similarly multivalued. I recommend that if you need to redirect users to different servers, create separate GPOs filtered for each group.
  • For the Target folder location of each folder redirection, choose the Redirect to the following location setting and enter the path \\namespace\%username% foldername, where namespace is the DFS namespace for UDS, and foldername is the name of the redirected folder—for example, \\contoso.com users\%username%\Documents. (We created the DFS namespace in Part 1.)

On the Settings tab, you should change almost all the defaults.

  • Clear the Grant the user exclusive rights to Documents check box. If this check box is selected, only the user has access to his or her data stores. As I’ll discuss later, you should configure the root folder above all user folders with permissions that reflect your corporate information security policy. Those permissions should be inherited by individual user folders.
  • Clear the Move the contents of Documents to the new location check box. If this check box is selected, a user’s data moves automatically to the target location after you introduce the policy. The data move happens at the first logon and might take a significant amount of time for large folders. You should plan, control, and manage the migration of user data to the network folders; don’t let it happen automatically.
  • Select the Also apply redirection to Windows 2000, Windows 2000 Server, Windows XP, and Windows Server 2003 operating systems check box. Doing so will ensure that the folder-redirection policies apply to all Windows clients. This check box is available only for folders that XP can redirect.

Redirect XP Favorites and Media Folders
Although Vista lets you use folder-redirection policies to redirect all user data folders, XP won’t let you use these policies to redirect folders such as Favorites, My Music, and My Videos. You can, however, use registry-based redirection to redirect these XP folders. In the XP registry, the HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVer sion\Explorer\User Shell Folders key contains values for each of these folders. You can change the data of these values to redirect the folders to network locations. The resulting redirection is identical to folder redirection implemented through Group Policy.

In fact, I’ll make it easy for you. How about a Group Policy administrative template that manages registry-based redirection of these folders? You can download the Registry- Redirection.adm file from www.windowsit pro.com, InstantDoc ID 98004. Load the file into a GPO that’s scoped to apply to XP users. I recommend using registry-based redirection for Favorites, My Music, My Pictures, and My Videos on XP, even though you can use folder-redirection policies to redirect XP’s My Pictures. For Vista clients, use standard folder-redirection policies.

When you redirect XP media folders, applications such as Apple iTunes and Windows Media Player (WMP) will automatically use the redirected folder. But what about users who are accustomed to opening My Documents and double-clicking a folder to access media? To accommodate those users, I recommend that after you migrate the contents of those folders to the network, you delete the actual subfolders in My Documents. Then, create shortcuts called My Music, My Pictures, and My Videos that point to the new locations. Those shortcuts will provide XP users with the visual links they use to browse to media. Of course, you might also choose not to redirect one or more of these folders based on your need to manage users’ media files.

Continue on Page 2

   Previous  [1]  2  3  Next 


Reader Comments
What happened to the rest of the article?

stalar March 28, 2008 (Article Rating: )

Thanks to Colette for repairing my online access. Now I can read the whole article. It's full of useful tips.

I'd wish a follow-up, though. There are similar problems concerning user settings and templates in Word, Excel, Outlook, and other Office apps. Not to mnetion IE favorites, Firefox bookmarks, other mail clients such as Thunderbird, etc.

In a perfect world we would not have such worries. Why didn't Microsoft, Mozilla, etc. make UDS management more streamlined in the first place? As a beginning they could separate user data from cache and trash.

stalar May 05, 2008 (Article Rating: )

You must log on before posting a comment.

If you don't have a username & password, please register now.




Learning Path Windows IT Pro Resources
"Using EFS with Offline Files"

"10 Ways to Manage Desktops with Group Policy"

"User-State Migration"

"Managing User Profiles"

"Using IntelliMirror to Manage User Data and Settings"

"Inside User Profiles"


Microsoft Resources
"Windows Administration Resource Kit"

"User Data and Settings Management"

"Error message: “Files of this type cannot be made available offline”"

"What’s New in Offline Files for Windows Vista"
Top Viewed ArticlesView all articles
Friday at PASS Europe 2006

Kevin talks about the closing day of the event and shares a funny Microsoft film. ...

PsExec

This freeware utility lets you execute processes on a remote system and redirect output to the local system. ...

Escape From Yesterworld

Kevin points you to the funniest SQL Server website ever! ...
Windows OSs Whitepapers Why SaaS is the Right Solution for Log Management
Related Events Introduction to Identity Lifecycle Manager "2"

Configuration Manager SP1 and R2 Overview

Power Up! With Virtualization Online Conference

Check out our list of Free Email Newsletters!
Windows OSs eBooks Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys

SQL Server Administration for Oracle DBAs
Related Windows OSs Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.



ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Register for Orion NPM v9 - Evaluation
Affordable, easy-to-use network performance management with SolarWinds Orion – Free Trial!

Want a Hardware-Independent Image?
Binary Research, the Ghost people, shows you how to clone with 1!

Maximize speed, performance and reliablity of your PCs and servers—automatically!
Speed Up Your PC! Try Diskeeper 2008 with InvisiTasking Free Now!

Order Your Fundamentals CD Today!
Register today for your in-depth copy of one of three Fundamental CDs on the following topics – Exchange, SQL, and SharePoint.

Implement a Successful Archiving Solution
View this web seminar to learn the best practices for creating an email archive that is secure, compliant, and searchable.
Protect Your Company’s Digital Assets
Do you know the risks of sending important files over email or FTP? Read this white paper to learn what you can do to safeguard your company’s data.

Prepare Yourself for Exchange Catastrophe
Read this white paper to learn how you can keep Exchange server healthy, as well as predict and respond to server failure.

Boost Customer Confidence and Satisfaction
Read this eBook to learn how faxing can ease communication with less computer-savvy customers while reducing your security, compliance and support woes.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing