Redirection no more?Alex Fields
I had recently published an article about setting up NTFS security for roaming profiles and redirected folders, when a co-worker and I got into an interesting discussion. So I had to share some of these thoughts while they were still bouncing around in my brain. The question is this: does it still pay to use redirected folders and/or roaming profiles at all?
Here’s the thing. It seems like we’ve had this capability since forever. I see it implemented in the vast majority of my client base in the SMB space. Small Business Server and Windows Server Essentials can automatically deploy GPO’s for enabling this functionality with just a couple of clicks, and I know it is widely used in the Enterprise space as well. So for years I’ve just assumed that it was a “normal” feature of most Windows environments. But with so many cloud-based solutions like DropBox and OneDrive available, do we really care about maintaining these (dare I say legacy?) structures anymore?
Here are the benefits of redirecting Documents, Desktop, Application Data and so forth:
- When users sit down at different PC’s, settings and profiles can follow them around;
- Each PC doesn’t have to be migrated individually during a refresh;
- All of your data and settings will also be backed up on the server.
In short, redirected folders and roaming profiles makes workstations a little more “disposable” or interchangeable. Of course, there is always some other work to do during a refresh or computer replacement–even if it is handled administratively in the background–refresh-related desktop work is unavoidable–but at least this part of it can be handled by a Windows Server, without third party tools or too much administrator intervention.
To be fair: yes, you could argue that having this functionality is very useful in solving a particular kind of problem. Especially if users roam between different devices frequently on the same domain. So it is a good solution, for example, in computer labs, places with shared PC’s, rotating shifts, or any personnel who aren’t in a 1-1 user-to-device situation. In these cases, roaming profiles and so forth can make life a lot easier for us. In more traditional environments, these tools are still of some benefit during hardware refreshes.
But on the other hand, redirection comes with it’s own can of worms, and can be a pain (at times) to manage. If you’re doing it well, then sure–it works great. Set the permission structures right, and take care when migrating file shares to a new server, so that you can make the changeover as transparent as possible. Do this wrong, and users will be waiting for a long time while the policy picks up on the location change and moves the data for you (slow process when there are a lot of items present, especially over slow links at a branch office, etc.). If you plan to use redirection over Direct Access or another VPN connection, then be sure you have your offline files/sync settings just right, or you will have other issues on your hands. And so on.
Okay, so you figure out how to manage the stuff and life is good again, so what’s the big deal? Well what if you wanted to avoid the whole mess to begin with? Is there another way to solve the same problems without involving Windows Server and IT administrative prowess?
For a few years now, I’ve been recommending OneDrive, Box or similar to replace the “My Documents” directory from days of old. This is a way better user experience, in my opinion, than storing your documents in a redirected folder, as you can sign into the service on any device anywhere in the world and have instant access to your document libraries (with file history, too).
Now with Windows 10 and Azure Active Directory Premium, we also have the ability to enable Enterprise State Roaming to backup certain Windows settings and data into the cloud, giving you a pretty good “roaming” experience, without using a Windows Server & GPO. Pretty cool stuff!
I am sure it will be a few years before this sort of approach becomes the new norm, but it solves a lot of the same problems, and removes some administrative overhead (lightens the load) for your on-premises Windows Servers. The dream is this: devices become completely, 100% disposable. Sign into any device you like, and have access to all corporate apps, settings and data. Bam. Just like magic. Some Enterprises have made this a reality already in the context of their corporately owned assets (but it relies on a fair amount of well-thought-out and well-maintained infrastructure–usually involving Windows Server).
I wouldn’t say that we are quite to that level with the Microsoft cloud just yet, but it’s getting closer all the time. If you take the more heavily cloud-based approach as of today, some things will remain as an “Out of the box experience” when you move to a new device–e.g. the first time you launch Outlook on a new computer or tablet, you’ll have to setup a new Outlook Profile, or you might need to accept an EULA for certain apps, and so forth.
There are other ways around some of this–you could publish over RemoteApp, for example, or employ group policy extensions to customize the experience for domain-joined machines. So we aren’t all the way done with Windows Server just yet. But you can see where it’s going…the days of Windows Server in the SMB space might be numbered.
What do you think? Any value in keeping redirected folders? Roaming profiles? Any issues with moving away from these technologies in favor of cloud-based alternatives? Drop me a line or leave a comment, and thanks for the dialogue in advance!