Windows User State Virtualization - Part 5: Implementing USV

by [Published on 19 Oct. 2010 / Last Updated on 19 Oct. 2010]

This article describes high-level steps for implementing different Windows User State Virtualization solutions.

If you would like to read other articles in this series please go to:

The previous articles in this series have discussed various planning issues around Windows User State Virtualization (USV). This article and the next one deal with the implementation side of things but do so at a relatively high level since most of the low-level implementation details are covered in this TechNet article (you can also download the guide from here). And although the TechNet article referred to was written in the Windows Vista timeframe, because there have been no changes in the user profile structure in Windows 7 the procedures outlined in the TechNet article remain mostly valid. However, the TechNet article only concerns itself with the basic steps for implementing FR and/or RUP, and don't cover other types of considerations such as network latency, high availability, and indexing that may be important for large organizations planning on implementing a USV solution. This article therefore tries to fill the gap in these areas by providing a bird's-eye summary of the steps for implementing USV in various types of scenarios.

Scenario 1: Implementing FR for Windows 7

As discussed in a previous article of this series, if you are going to use Folder Redirection (FR) alone—that is, without also implementing Roaming User Profiles (RUP)—then you should only redirect user data folders such as My Documents and Desktop, not the AppData\Roaming folder which contains user settings. If you are not using FR right now in your environment and your client computers are currently running Windows XP and you plan on migrating them soon to Windows 7, then it is probably best if you don't implement FR until you have Windows 7 deployed since this will ensure a better first logon experience for users as their data folders are initially redirected.

Once all your clients are running Windows 7, the high-level steps for implementing FR are as follows:

  1. Decide which user data folders will need redirection based on business need.
  2. Estimate the total amount of data that could be redirected using FR and ensure your redirection servers will have sufficient storage space.
  3. Implement Failover Clustering for redirection servers to ensure high availability for redirected data.
  4. Identify which USV scenario(s) are important for your environment. For example:
  • If users have assigned computers and you are implementing FR mainly for centralized backup of user data, then Offline Files should be enabled on client computers so that redirected files are indexed locally on each user's computer. In that case be sure to identify any network issues for your environment as these can impact on the performance of the Offline Files feature. One way to deal with high network latency for example is to configure slow link mode using Group Policy so that the network link is always considered a slow link. That way the user always works from the local Offline Files cache, not the network. If you do this however, be sure to also configure Offline Files Group Policy to frequently synchronize with the server in the background.
  • If users do not have assigned computers and instead use whichever computer is available (user roaming scenario) then consider disabling Offline Files on client computers and indexing the shared folders on the redirection server itself. Be sure to install Windows Desktop Search 4.0 on your redirection servers so that Windows 7 clients can perform remote queries against the indexed user data on the redirection servers. The advantage of this approach is that the user's data won't need to be re-indexed locally every time the user works on a computer they never previously logged on to.
  1. Identify whether you have any mixed environment issues to consider. For example, if you have some computers running Windows 7 and others Windows Vista, you can basically just implement FR as if all your computers are running Windows 7. But if you also have some Windows XP computers in your environment then you will need to configure the Pictures, Music and Videos folders to follow the Documents folder. In other words, you will more or less be limited to implementing FR the way it was implemented in Windows XP—unless of course your Windows XP computer accounts are in a separate OU in which case you can implement separate FR policies for your Windows 7/Windows Vista computers and your Windows XP computers.
  2. Once you've prepared your network and addressed various considerations, use Group Policy to create a new FR policy using the steps outlined in the section titled "Scenario 1: Manage roaming data using Folder Redirection" of the Managing Roaming User Data Deployment Guide.

Scenario 2: Migrating FR to Windows 7

If you are currently running Windows XP and have FR implemented in your environment, and you plan on migrating to Windows 7 and want to continue using FR in your environment, the steps you perform will depend largely on whether you are leaving your existing Windows Server 2003 infrastructure in place or upgrading your back-end to Windows Server 2008 R2. If you are leaving your existing server infrastructure in place, you may want to leave your existing FR policies in place as well.

If you are planning on upgrading your infrastructure to Windows Server 2008 R2 however, then you may want to take advantage of the enhanced FR policies available for this platform. One way of doing this might be to do the following:

  1. Migrate your client machines to Windows 7 and your server infrastructure to Windows Server 2008 R2.
  2. Migrate the folder structure and redirected user data from your old redirection server running Windows Server 2003 to your new redirection server running Windows Server 2008 R2 (see the File Services Migration Guide on TechNet for details).
  3. Upgrade your FR policy so you can redirect Favorites, Downloads and other user profile folders that could previously not be redirected using Windows Server 2003 Group Policy.

The above steps are not meant to be prescriptive guidance however because a lot of things can affect the actual migration steps you will need to perform, so it's best if you enlist the help of your organization's Microsoft Technical Account Manager (TAM) to obtain further guidance on the exact procedure you'll need to follow in this scenario.  Larger organizations may also want to enlist the help of Microsoft Consulting Services (MCS) for designing a migration strategy for this scenario.

One thing you should not do in this scenario is the following:

  1. Configure existing FR policy to redirect user data back to client machines.
  2. Retire your old redirection server.
  3. Migrate client machines to Windows 7 using User State Migration Tool (USMT) to migrate user data and settings.
  4. Provision a new redirection server.
  5. Configure a new FR policy to redirect user data to the new server.

The reason you should not follow this procedure is simply because the risk of data loss is too great—during the time period that the data resides on the client machines the data is not being backed up.

Scenario 3: Implementing FR with RUP for Windows 7

If are going to use Folder Redirection (FR) together Roaming User Profiles (RUP) then there are two ways you can roam user settings:

  • You can decide to use FR to roam the AppData\Roaming folder while using RUP to roam the HKCU registry hive Ntuser.dat.
  • You can decide to not use FR to roam the AppData\Roaming folder and instead use RUP to roam both the AppData\Roaming folder and the HKCU registry hive.

For a discussion of the advantages and disadvantages of each of these approaches, see article 3 in this series.

If you are not using FR/RUP right now in your environment and your client computers are currently running Windows XP and you plan on migrating them soon to Windows 7, then it is definitely best if you don't implement FR/RUP until you have Windows 7 deployed because of the incompatibility between older Windows XP user profiles and the newer .v2 user profiles of Windows Vista and later (see article 1 in this series for more info concerning this).

Once all your clients are running Windows 7, the additional high-level steps (on top of those described in Scenario 1 above) for implementing FR/RUP are as follows:

  1. Estimate the total amount of roaming user profile data that could be roamed using RUP and ensure your roaming profile servers will have sufficient storage space. Here are some additional considerations for performing such estimation:
  • If user profile folders such as Pictures, Music and Video are not business-critical and are not going to be redirected using FR, you should use Group Policy to exclude these folders from being roamed using RUP in order to reduce the size of roaming profiles and thus improve logon/logoff performance. The policy setting for configuring this is User Configuration\Policies\Administrative Templates\System\User Profiles\Exclude Directories In Roaming Profile.
  • If you want to restrict the size of roaming profiles, don't try to do this by configuring the User Configuration\Administrative Templates\System\User Profiles\Limit Profile Size policy setting. Instead, add the File Services Resource Manager (FSRM) role service on your roaming profile servers and implement soft quotas with notifications to users via email when they exceed their quotas. 
  • You should store roaming user profiles on a different server than redirected data folders. In other words, your RUP server and FR server should be different machines.
  • Implement Failover Clustering for roaming profile servers to ensure high availability for roaming user profiles.
  1. Identify whether you have any mixed environment issues to consider. For example, RUP cannot be used to roam 64-bit registry settings across both 32- and 64-bit Windows.
  2. Create a default user profile and customize it according to the needs of your users, then copy the profile to the NETLOGON share on your domain controllers. Note that this step is different in Windows 7 than it was in Windows XP. Because of this, I'll be covering this subject in detail in an upcoming series of articles here on WindowsNetworking.com.
  3. Prepare your roaming profile servers for storing roaming profiles for users. Configure user accounts in Active Directory to use roaming profiles. Now when a user logs on for the first time to her computer, the customized network default profile will be downloaded from NETLOGON to her computer. Then when she logs off from her computer, her profile will be uploaded to the roaming profile server where it will be downloaded from the next time she logs on to her computer. You can find detailed information concerning these steps in the section titled "Scenario 2: Manage roaming data using Roaming and Mandatory Profiles" of the Managing Roaming User Data Deployment Guide but make sure you do NOT follow the steps in the section titled "Create a Default Network User Profile" as this no longer works in Windows 7. Instead you can follow the steps outlined in my upcoming series of articles on this subject.

Scenario 4: Migrating FR with RUP to Windows 7

If you are currently running Windows XP and have both FR and RUP implemented in your environment, and you plan on migrating to Windows 7 and want to continue using both FR and RUP in your environment, your best bet is probably to start again from scratch. That's because Windows XP user profiles are not compatible with Windows 7, so once you've migrated your users won't be able to load their existing Windows XP roaming profiles on their Windows 7 machines. In other words, you could do the following:

  1. Redirect all user data folders back to users' computers.
  2. Create and customize a network default .v2 profile and copy it to NETLOGON.
  3. Migrate from Windows XP to Windows 7.
  4. Implement FR to redirect user data back to the network by following the steps outlined in Scenario 1 above.
  5. Implement RUP by following the steps outlined in Scenario 3 above.

Again however, due to the complexity of this scenario it's really best if you enlist the help of your TAM or even involve MCS to help you perform the migration.

Conclusion

Implementing FR is straightforward, but migrating FR has a few gotchas to consider. Implementing FR with RUP is more complicated, and migrating FR/RUP is basically a pain. The next and final article of this series will deal with various questions and answers concerning Windows user state virtualization, after which we'll examine how to customize the default user profile in Windows 7 and make it the network default profile used by RUP.

If you would like to read other articles in this series please go to:

Featured Links