none
Windows 7 - Roaming Mandatory Profiles and Caching RRS feed

  • Question

  • Disclaimer: I had a previous post about this but it was many months ago and would like to revisit it:

    I work in a library environment and use roaming mandatory profiles for my public customers.  I have never really used caching.  When I allow profiles to be cached, certain parts of the policy seem not to apply.  I have run gpresult and never seen any errors.  For example: I prevent users from accessing ALL Programs - well, when I log in the first time, it works great, on previous logins, the programs are accessible.  On the other hand, if I DO NOT allow the profile to be cached, it works great every time.

    We have some locations with slower connections, so I would really prefer it if we could have this working, but I can't seem to find anything or anyone that can tell me how to fix this problem.

    One thing asked previously was how I made the profile...well, the last time I made one, I essentially did this  and then pointed an administrative user at that profile and made changes, followed by changing it to a mandatory profile.  I really look forward to your help.

    Wednesday, August 1, 2012 7:28 PM

Answers

  • Hi,

    > I work in a library environment and use roaming mandatory profiles for my public customers. I have never
    > really used caching. When I allow profiles to be cached, certain parts of the policy seem not to apply.

    How you configure Roaming Mandatory profile and how you configured cache in group policy?

    A user profile is the collection of things that reside under %USERPROFILE% directory, user registry is kept in %USERPROFILE%\ntuser.dat. So after your user logoff, user level registry changes will be remove. And Windows has a feature “Fast Logon Optimization”, it load the system without wait for network. I think that’s why your system can’t apply user policies.

    You may change it by using Group Policy, enable: Computer Configuration\Administrative Templates\System\Logon\Always wait for the network at computer startup and logon.

    Please check that and give us feedback for further troubleshooting.

    For more information please refer to following MS articles:

    Fast Logon Optimization
    http://technet.microsoft.com/en-us/library/cc780527(v=WS.10).aspx
    Beware of roaming user profiles
    http://blogs.msdn.com/b/oldnewthing/archive/2005/06/30/434209.aspx
    User Profiles best practices
    http://technet.microsoft.com/en-us/library/cc738803(v=WS.10).aspx

    Lawrence

    TechNet Community Support

    Thursday, August 2, 2012 7:07 AM
    Moderator
  • Hi,

    > would seem that that would defeat the point of caching profiles if the point is to allow for quicker logins,
    > or am I misunderstanding?

    Yes, I think you are correct.

    According to definition of Cached copies of roaming user profiles, the local copies are using in case the server that stores the roaming profile is unavailable when the user logs on again or when the remote copy of the roaming user profile is slow to load.

    So generally, computer will re-load roaming profile from network share at next logon. And now we enabled policy “Always wait for the network at computer startup and logon”, this reapply all polices, however it also re-load roaming user profile.

    > what should happen if the network connection is lost

    System will wait for network until reach time threshold to load local profile copy. Since no network connection, it’ll not also apply user group policy settings.


    Lawrence

    TechNet Community Support

    Friday, August 3, 2012 8:20 AM
    Moderator
  • Hi,

    By default Roaming profile is loading on every logon, local cache copy are using only in case computer can’t connect to the server that stores the roaming profile, or when remote copy of roaming profile is slow to load.

    Since Windows has a feature “Logon Optimization”, it reduce logon delay, computer not wait network ready and use cached user credential to logon. If network is not ready, computer load local roaming profile cache copy. Also computer has no time to load user group policies, these policy will applied in background, and will take effect at next logon by default. However, what you use is Mandatory Roaming profile, applied user policies settings will discard at logoff. That’s why your user group policies why not apply.

    After we enable policy “always wait for the network”, computer wait network to process user policy. In this time, computer has chance to load roaming user profile.

    > Right now, without caching profiles, when we lose connection, if someone reboots, it logs into the default
    > profile,

    Yes, if no local cache copy, user logs into default profile.

    I think whether you can rebuild your mandatory profile, make profile after apply User group policies.


    Lawrence

    TechNet Community Support

    Tuesday, August 7, 2012 8:00 AM
    Moderator

All replies

  • Hi,

    > I work in a library environment and use roaming mandatory profiles for my public customers. I have never
    > really used caching. When I allow profiles to be cached, certain parts of the policy seem not to apply.

    How you configure Roaming Mandatory profile and how you configured cache in group policy?

    A user profile is the collection of things that reside under %USERPROFILE% directory, user registry is kept in %USERPROFILE%\ntuser.dat. So after your user logoff, user level registry changes will be remove. And Windows has a feature “Fast Logon Optimization”, it load the system without wait for network. I think that’s why your system can’t apply user policies.

    You may change it by using Group Policy, enable: Computer Configuration\Administrative Templates\System\Logon\Always wait for the network at computer startup and logon.

    Please check that and give us feedback for further troubleshooting.

    For more information please refer to following MS articles:

    Fast Logon Optimization
    http://technet.microsoft.com/en-us/library/cc780527(v=WS.10).aspx
    Beware of roaming user profiles
    http://blogs.msdn.com/b/oldnewthing/archive/2005/06/30/434209.aspx
    User Profiles best practices
    http://technet.microsoft.com/en-us/library/cc738803(v=WS.10).aspx

    Lawrence

    TechNet Community Support

    Thursday, August 2, 2012 7:07 AM
    Moderator
  • Lawrence,

    Thanks very much for your reply.  I had not done any configuring of cache so to speak in group policy.  That is, previously I had always chosen to delete cached profiles and I unchecked that option.  As to how I made the roaming profiles, I copied the default off to a server then I pointed a user to that profile and edited.  Once I was done, I changed it to mandatory.

    As far as I can tell your solution appears to work for me.  My question is, if you choose to "always wait for the network", it would seem that that would defeat the point of caching profiles if the point is to allow for quicker logins, or am I misunderstanding?

    Also, what should happen if the network connection is lost?

    Thanks again.

    Thursday, August 2, 2012 8:11 PM
  • Hi,

    > would seem that that would defeat the point of caching profiles if the point is to allow for quicker logins,
    > or am I misunderstanding?

    Yes, I think you are correct.

    According to definition of Cached copies of roaming user profiles, the local copies are using in case the server that stores the roaming profile is unavailable when the user logs on again or when the remote copy of the roaming user profile is slow to load.

    So generally, computer will re-load roaming profile from network share at next logon. And now we enabled policy “Always wait for the network at computer startup and logon”, this reapply all polices, however it also re-load roaming user profile.

    > what should happen if the network connection is lost

    System will wait for network until reach time threshold to load local profile copy. Since no network connection, it’ll not also apply user group policy settings.


    Lawrence

    TechNet Community Support

    Friday, August 3, 2012 8:20 AM
    Moderator
  • Hi,

    > would seem that that would defeat the point of caching profiles if the point is to allow for quicker logins,
    > or am I misunderstanding?

    Yes, I think you are correct.

    According to definition of Cached copies of roaming user profiles, the local copies are using in case the server that stores the roaming profile is unavailable when the user logs on again or when the remote copy of the roaming user profile is slow to load.

    So generally, computer will re-load roaming profile from network share at next logon. And now we enabled policy “Always wait for the network at computer startup and logon”, this reapply all polices, however it also re-load roaming user profile.

    > what should happen if the network connection is lost

    System will wait for network until reach time threshold to load local profile copy. Since no network connection, it’ll not also apply user group policy settings.


    Lawrence

    TechNet Community Support

    Actually, Lawerence, upon reading the information for “Always wait for the network at computer startup and logon”, it seems that this applies more for policies themselves, than for the profile?  I attempted to unplug one of my machines and it seemed to still have policies working and it logged in with a cached profile.

    Right now, without caching profiles, when we lose connection, if someone reboots, it logs into the default profile, which is not desirable (we run software that only allows them on the computer for a limited period of time).  I suppose the other way to fix this would be using a super mandatory profile, but that is another topic.

    So back to the topic:  My understanding is that allowing profiles to cache would perhaps reduce some load time since they are not downloading the profile every reboot.  I don't know of a way to test though if “Always wait for the network at computer startup and logon” still allows for this or not.

    Friday, August 3, 2012 1:53 PM
  • Hi,

    By default Roaming profile is loading on every logon, local cache copy are using only in case computer can’t connect to the server that stores the roaming profile, or when remote copy of roaming profile is slow to load.

    Since Windows has a feature “Logon Optimization”, it reduce logon delay, computer not wait network ready and use cached user credential to logon. If network is not ready, computer load local roaming profile cache copy. Also computer has no time to load user group policies, these policy will applied in background, and will take effect at next logon by default. However, what you use is Mandatory Roaming profile, applied user policies settings will discard at logoff. That’s why your user group policies why not apply.

    After we enable policy “always wait for the network”, computer wait network to process user policy. In this time, computer has chance to load roaming user profile.

    > Right now, without caching profiles, when we lose connection, if someone reboots, it logs into the default
    > profile,

    Yes, if no local cache copy, user logs into default profile.

    I think whether you can rebuild your mandatory profile, make profile after apply User group policies.


    Lawrence

    TechNet Community Support

    Tuesday, August 7, 2012 8:00 AM
    Moderator
  • Thanks Lawrence - so it sounds like cached profiles don't really work as a means of "speeding up the login" - they only work as  a means of having a profile available IF the network is unavailable.  If that is correct, then I guess I don't really have a reason to try to allow cached profiles.  Am I correct on that? (Also, I apologize for not getting back to this sooner).

    Wednesday, September 12, 2012 9:12 PM