Executive Summary:
In “Best Practices for Managing User Data and Settings, Part 1” (InstantDoc ID 97841), we talked about effectively managing user data and settings on the server side to meet specific security, mobility, availability, and resiliency business requirements. Part 2 addresses the client-side components, unifying UDS management for both Windows Vista and Windows XP users.
|
Last month, in “Best Practices for Managing User Data and Settings, Part 1” (InstantDoc ID 97841),
I began a discussion about the pieces you need to put in place to effectively manage user data
and settings (UDS). The goal was to create a UDS-management framework—a combination of
technology, people, and processes—to meet specific security, mobility, availability, and resiliency business
requirements. In that article, I covered the server-side components of the framework. This month,
I address the client-side components.
The goal this time is to unify UDS management for both Windows Vista and Windows XP users—
something that isn’t possible without some of the tips you’ll find herein, such as registry-based folder
redirection. Specifically, we need to address four types, or classes, of UDS that I call “normal data,” “normal
settings,” “locally accessed data,” and “unwanted data.” Unfortunately, as you’ll see, Windows provides
direct support for managing only the first two types of data, which is why so many organizations struggle
to put all the moving parts in place—some parts are missing!
Redirect User Data Stores
The first class of data I’ll address is “normal data” that can reside in standard Windows data stores such
as the Documents and Desktop folders. You can use redirected folders to manage normal data and meet
your business requirements.
Redirected folders are a well understood, tried-and-true technology in Windows environments. You
can redirect selected shell folders (e.g., Documents, Desktop) to shared folders on the network, and the
result will be completely transparent to users. You implement most folder redirection through Group
Policy, under User Configuration, Windows Settings, Folder Redirection. You should use the Group Policy
Management Editor (GPME) on a Vista client to edit Folder Redirection Group Policy settings so that you
can configure settings that will apply to both Vista and XP.
Although XP supports redirecting only four folders, Vista lets you redirect thirteen folders, as you can see
in Figure 1. I highly recommend redirecting Documents and Desktop, as well as any of the new folders
that Vista can redirect. As I discuss later, you can redirect the AppData folder, but using roaming profiles
is generally a better management choice for AppData. Except in schools and other environments in which
multiple users should have identical Start menus, I’ve never found it useful to redirect the Start menu.
Microsoft documents the steps for configuring folder redirection in its Help files. Rather than repeat
those steps here, let’s focus on bottom-line recommendations and tips. On the folder-redirection policy’s
Target tab, you can set the following recommended policy settings.
- Use Basic rather than Advanced folder
redirection. Advanced folder redirection
lets you redirect folders to different locations
based on group membership. That
capability might sound great, but there
are other policy settings supporting a UDS
framework that aren’t similarly multivalued.
I recommend that if you need to
redirect users to different servers, create
separate GPOs filtered for each group.
- For the Target folder location of each
folder redirection, choose the Redirect to
the following location setting and enter
the path \\namespace\%username% foldername, where namespace is the
DFS namespace for UDS, and foldername
is the name of the redirected
folder—for example, \\contoso.com users\%username%\Documents. (We created
the DFS namespace in Part 1.)
On the Settings tab, you should change
almost all the defaults.
- Clear the Grant the user exclusive rights to
Documents check box. If this check box
is selected, only the user has access to his
or her data stores. As I’ll discuss later, you
should configure the root folder above
all user folders with permissions that
reflect your corporate information security
policy. Those permissions should be
inherited by individual user folders.
- Clear the Move the contents of Documents
to the new location check box. If this
check box is selected, a user’s data moves
automatically to the target location after
you introduce the policy. The data move
happens at the first logon and might take
a significant amount of time for large folders.
You should plan, control, and manage
the migration of user data to the network
folders; don’t let it happen automatically.
- Select the Also apply redirection to Windows
2000, Windows 2000 Server, Windows
XP, and Windows Server 2003 operating
systems check box. Doing so will ensure
that the folder-redirection policies apply to
all Windows clients. This check box is available
only for folders that XP can redirect.
Redirect XP Favorites
and Media Folders
Although Vista lets you use folder-redirection
policies to redirect all user data folders, XP
won’t let you use these policies to redirect
folders such as Favorites, My Music, and My Videos. You can, however, use registry-based
redirection to redirect these XP folders. In
the XP registry, the HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVer
sion\Explorer\User Shell Folders key contains
values for each of these folders. You can
change the data of these values to redirect the
folders to network locations. The resulting
redirection is identical to folder redirection
implemented through Group Policy.
In fact, I’ll make it easy for you. How about
a Group Policy administrative template that
manages registry-based redirection of these
folders? You can download the Registry-
Redirection.adm file from www.windowsit
pro.com, InstantDoc ID 98004. Load the
file into a GPO that’s scoped to apply to XP
users. I recommend using registry-based
redirection for Favorites, My Music, My
Pictures, and My Videos on XP, even though
you can use folder-redirection policies to
redirect XP’s My Pictures. For Vista clients,
use standard folder-redirection policies.
When you redirect XP media folders,
applications such as Apple iTunes and Windows
Media Player (WMP) will automatically
use the redirected folder. But what about users
who are accustomed to opening My Documents
and double-clicking a folder to access
media? To accommodate those users, I recommend
that after you migrate the contents
of those folders to the network, you delete the
actual subfolders in My Documents. Then,
create shortcuts called My Music, My Pictures,
and My Videos that point to the new locations.
Those shortcuts will provide XP users with the
visual links they use to browse to media. Of
course, you might also choose not to redirect
one or more of these folders based on your
need to manage users’ media files.
Continue on Page 2
Previous
)
Register
stalar March 28, 2008 (Article Rating: