none
Appdata\Local and LocalLow following roaming profile??

    Question

  • I have a problem that Appdata\Local and LocalLow are been synchronised roaming profile. I have done a lot of research and have not found a satisfactory answer. 

    In my company we have roaming profiles and folder redirection in place.

    Until recently we had Desktop, documents, Appdata and some other folders all been redirected to a network share. 

    We now have only Desktop and documents redirected and also use Roaming profile. the problem is that I do need Appdata\Roaming in the roaming profile but Local and LocalLow seem to be going in the roaming profile also (on some PC's only) and for some users these folders are over 1.5GB and it causes huge delay at logon time.

    I am aware that there is a GPO (group policy to exclude Appdata: User Configuration-->Administrative Templates-->System-->User Profiles-->Exclude directories in roaming profile.) and I am using this to block some folders, such as downloads, music etc.

    Can someone please tell me why these folders are been synchronized with Roaming profile and how can I fix this?? I really need to have this fixed even if I have to do it on a per PC basis.  

    Even when we had Appdata been redirected instead of roaming, both Local and LocalLow were redirected as well and this was causing problems in some applications and network bandwidth. 

    Microsoft should implement a GPO that specifies what should be included on the roaming as there seem to be quite a lot of applications that store data on the root of user profile which then ends up on the roaming profile. 

    We have Server 2008 R2 domain and mainly windows 7 machines. we still have very few windows XP but they are almost been replaced with Windows 7.

    Many thanks in Advance...

    Wednesday, September 25, 2013 4:31 PM

Answers

  • if you are (or were) redirecting AppData, it's likely to be related to that.
    Redirecting AppData isn't straightforward, even though it's possible.

    Essentially, you need to re-write the values in the registry key for ExcludeProfileDirs, so you should be able to do that with the template setting, or, you could use GPP (via the Registry CSE) to re-write that value to the WinVista/Win7/Win8 default value.

    On my Win7 32bit machine, that key is a string (REG_SZ) and the embedded backslash appears to be escaped:

    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "ExcludeProfileDirs"="AppData\\Local;AppData\\LocalLow;$Recycle.Bin"


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    Friday, September 27, 2013 8:37 PM
  • Hmm,

    random thought..

    If this setting itself is subject to roaming, and, you have not separated a user's WinXP central profile store from that user's Win7 central profile store, maybe the NTUSER.DAT from WInXP has found its way onto a Win7 machine?

    This way, the WinXP registry key (which doesn't specify the exclusions), is written to the Win7 registry?

    WinVista and Win7 and WIn8, all use a ".V2" suffix for the roaming user profile by default, but, I guess in some situations this could be mis-configured, causing the WinXP NTUSER.DAT to be stored/retrieved by a Win7 pc?

    I have never tested this theory, and we do use a mixture of WinXP and WIn7 in my company, but we separate the OS profiles onto different folders by expanding an environment variable into the profilepath.


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    • Marked as answer by ndrepebx Friday, September 27, 2013 4:13 PM
    Friday, September 27, 2013 11:10 AM

All replies

  • The local AppData folder is a location explicitly to store application data that should not be roamed. This is typically application cached data. It would be very bad to include Local in the Roaming Profile or to re-direct it as this folder is typically very large and should have quick local disk access as this is like a cache location for the apps. If an application is writing data to this location that should roam with the use then it most definitely the fault of the application writing to the wrong location...

    Local-Low is for higher risk applications that need to save files locally (like browsers) so that the file saved there should be considered un-trusted is just a way to sand box those lower trusted files...


    Alan Burchill (MVP)
    http://www.grouppolicy.biz

    @alanburchill

    • Proposed as answer by Alan BurchillMVP Thursday, September 26, 2013 12:30 AM
    • Unproposed as answer by ndrepebx Friday, September 27, 2013 4:14 PM
    Thursday, September 26, 2013 12:30 AM
  • Hi Alan and thanks for your reply. 

    Appdata folder contains 3 subfolders, Roaming, Local and LocalLow. When you enable roaming or folder redirection then only the Roaming folder is meant to roam or redirect. My problem is that the other two Local and localLow are following as well. 

    You're saying its a bad idea to for Local and LocalLow to roam and I agree but I have not been able to find a solution to this issue yet.

    The GPO "Exclude directories in roaming profile" says that  "By default, the Appdata\Local and Appdata\LocalLow folders and all their subfolders like the History, Temp, and Temporary Internet Files folders are excluded from the user's roaming profile."

    What is going wrong then? does anyone know why these folders are still roaming?


    • Edited by ndrepebx Thursday, September 26, 2013 8:31 AM
    Thursday, September 26, 2013 8:19 AM
  • Hi. I've never seen local or locallow roaming, so the only advice I can give is "if in doubt, use process monitor". Switch user, start procmon, filter on the affected user, switch back and logoff. Switch to the second user again and analyze... Hard, I know, but better than nothing...

    The locallow folder is not for "untrusted" files, but it serves as a possibility for "low integrity level" apps (like IE in protected mode) to store local data at all.

    @Alan: Want to do me a favour? Please unmark your post.


    Martin

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))

    Restore the forum design - my user defined Cascading Style Sheet!

    Thursday, September 26, 2013 8:44 PM
  • Thanks Martin.

    I had not seen this before either until it happened, but when I started doing some research on the internet it seems that quite a lot of people have had the same issue. 

    One thing I discovered now is that there is a registry key in windows 7  HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon and under ExcludeProfileDirs the default value should be AppData\Local;AppData\LocalLow;$Recycle.Bin and this is what stops appdata and localLow from Roaming. 

    In my case, for those users that have the issue, this value has somehow changed to Local Settings;Temporary Internet Files;History;Temp and I can tell you that these users at some point have logged in windows XP but now the use Windows 7.

    So users that have logged in to windows XP before are having the problem, and users that have not logged in to windows XP but only used windows 7 are not having the problem.

    I know that windows 7 and XP are completely different architecture but they also store separate folders for roaming profiles and windows 7 adds .v2 at the end. 

    The question is why does this registry value change on windows 7 if a user has logged in XP before? and how can this be fixed? is there a policy that can change this value?

    Friday, September 27, 2013 9:58 AM
  • Hmm,

    random thought..

    If this setting itself is subject to roaming, and, you have not separated a user's WinXP central profile store from that user's Win7 central profile store, maybe the NTUSER.DAT from WInXP has found its way onto a Win7 machine?

    This way, the WinXP registry key (which doesn't specify the exclusions), is written to the Win7 registry?

    WinVista and Win7 and WIn8, all use a ".V2" suffix for the roaming user profile by default, but, I guess in some situations this could be mis-configured, causing the WinXP NTUSER.DAT to be stored/retrieved by a Win7 pc?

    I have never tested this theory, and we do use a mixture of WinXP and WIn7 in my company, but we separate the OS profiles onto different folders by expanding an environment variable into the profilepath.


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    • Marked as answer by ndrepebx Friday, September 27, 2013 4:13 PM
    Friday, September 27, 2013 11:10 AM
  • I agree with Don - at first view, it looks like the XP ntuser.dat has made its way into the Win 7 profile... On the other hand, this should not be the case because the OS uses the .V2 suffix on Win 7, and I'm unaware of any scenario that would cause this issue.

    It might be worth to check the XP configuration whether it - by accident? - sets this value to the wrong content.


    Martin

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))

    Restore the forum design - my user defined Cascading Style Sheet!

    Friday, September 27, 2013 12:05 PM
  • Thanks for the ideas guys and I think I agree with Don as well, as the way we had the roaming profiles configured before was quite a mess and the permissions were not set correctly on the profiles folder and there was quite a lot of manual configuration before and it is possible that the XP and windows 7 profiles got mixed up.

    I have recently configured new profiles folder for roaming profiles and set the correct permissions from the start so that when users log on their folders are created automatically and get the correct permissions (as before they had to be manually created due to incorrect permissions on the Profiles Folder).

    I have now noticed that one of our new users that has logged in both operating systems, has both profiles created for xp and windows 7 as expected, and the windows 7 profiles is also roaming as expected without Local and LocalLow.

    so it appears that somewhere in the past some of these profiles have been mixed up and the NTUSER.DAT has ended up on the windows 7 profile. 

    Now I know that this problem will not appear again for any new users, but I do have about 30 users with this issue. Has any one got any ideas of how to fix this via a GPO? or what would be the quickest and easiest way?

    Friday, September 27, 2013 12:58 PM
  • if you are (or were) redirecting AppData, it's likely to be related to that.
    Redirecting AppData isn't straightforward, even though it's possible.

    Essentially, you need to re-write the values in the registry key for ExcludeProfileDirs, so you should be able to do that with the template setting, or, you could use GPP (via the Registry CSE) to re-write that value to the WinVista/Win7/Win8 default value.

    On my Win7 32bit machine, that key is a string (REG_SZ) and the embedded backslash appears to be escaped:

    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "ExcludeProfileDirs"="AppData\\Local;AppData\\LocalLow;$Recycle.Bin"


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    Friday, September 27, 2013 8:37 PM
  • Don is right. I want to add that you have to use Item Level Targeting to avoid writing those values on XP profiles.

    Martin

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))

    Restore the forum design - my user defined Cascading Style Sheet!

    Saturday, September 28, 2013 8:41 AM
  • Interesting and helpfull post. My problem is in a way simular to this one.

    http://social.technet.microsoft.com/Forums/windows/en-US/a1cd6801-72aa-4adf-889a-5a0720191e83/userprofileappdatalocal-is-counted-in-the-users-profile?forum=w7itprogeneral

    --------------------------
    "In our environment we see some strange behavior on laptops. Users report that their user profile is becoming too large. We use the user Profile Management tool from Microsoft.(Limit profiles size - proquota.exe @ 100mb)
    So “%userprofile%\appdata\local” is counted in the users profile.

    After that userprofiles are inconsistant. Users log's on with a TEMP profile or cannot logon anymore.
     
    This seems just a symptom of a underlying problem. We can solve it by giving the user a new userprofile. But we have seen this problem too frequently now.

    How is it possible that de default variables %LOCALAPPDATA% en %APPDATA% suddenly are missing. The day before the user has no problem. It mostly happens on laptops after a VPN or WIFI connection. It looks like if the connection is lost before the local user profile is synchronised to the server profile.

    We also see Event 1530 frequently. Can this be a clue?
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
    ## user registry handles leaked from \Registry\User\S-1###

    Is the missing of these variables the cause or effect of a corrupt user profile?

    Should we think of leaving roaming profiles for laptops? And look to UE-V or another solution?
    Giving the user a new user profile is a workarround but not a solution.

    We are using:
    We use Windows 7 x86, latest patches, Office 2010.
    A Windows 2003 domain functional level
    We have an OU in AD wich contains the users and computer in subfolders.
    We use Loopback processing for Group policy so the user policy is linked to the client OU and not to the user OU.
    We user folder redirection to the homeshare (DFS namespace)
    User profiles are on a DFSnamespace but single server.
    We user Offline files for the Homeschare."
    -------------------

    Are there any experiences in the mean time wit write the register vallues withe GPP every time a user logs on?

    I deleted the XP profiles from the profile share to avoid mixing. Just in case.

    Regars,

    Peter van der Laarse

    • Edited by Alpejan Friday, November 08, 2013 8:11 AM
    Friday, November 08, 2013 8:06 AM