none
Can you exclude Home folders on specific computers?

    Question

  • Hi,

    We have a domain and in Active directory every user gets their home folder. This works good on every server and computer but on our thin clients they do not have this network path so it does not work there. And that is no problem because we don't want that either, you are only supposed to use remote desktop to terminal servers from them.

    But the problem is that the login time takes very very long time (on win 7 clients, not that much on win 8). If I remove default gateway (firewall that is blocking acess to home folder patch) or remove home folder in AD the login is fast. But I dont want to remove home folders in ALL paths (only thin clients) and we would like to have default gateway. (We could use static route for the specific things we need through firewall but would like to use default gateway.

    Is there a way to exlude Home folders from specific computers?

    Other shared folders are excluding thin clients in GPO but since this folder is from AD I don't know how?

    Monday, November 06, 2017 7:18 AM

All replies

  • Hi,

    Based on my research, I didn’t find a built-in way to exclude home folders on specific computers, I think you could try to use scripts to do it

    In addition, as far as I know, I suggest you browse to the following location:

    Computer Configuration->Administrative Templates->System->Logon

    and disable “Always wait for the network at computer startup and logon” to see if it helps.

    What’s more, I suggest you delete the misconfigured GPO and don’t store redirected folders across slow media and on slow boxes.

    For more information, you could refer to the following article:

    Troubleshooting the intermittent slow logon or slow startup

    https://blogs.technet.microsoft.com/instan/2008/04/17/troubleshooting-the-intermittent-slow-logon-or-slow-startup/

    Best Regards,

    Tobias Fang

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, November 07, 2017 9:57 AM
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Tobias Fang

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, November 09, 2017 8:07 AM
  • Instead of using the old-style 'home folder' on the 'profile' property sheet of ADUC, consider using GPP.

    Using GPP, you can then perform additional Item-Level-Targeting or any other Group Policy filtering.

    Here is one example of using GPP to do drive mappings

    https://blogs.technet.microsoft.com/askds/2009/01/07/using-group-policy-preferences-to-map-drives-based-on-group-membership/


    Don [doesn't work for MSFT, and they're probably glad about that ;]

    Thursday, November 09, 2017 8:36 AM
  • > Instead of using the old-style 'home folder' on the 'profile' property sheet of ADUC, consider using GPP.

    Don, the home folder is "more" than a simple drive mapping :) But you are right, it should work with plain mappings, too.

    Thursday, November 09, 2017 3:52 PM
  • Hi!

    I disabled this Wait for network-setting but it did no difference.

    I will look att the troubleshooting guide maybe good to have in the future, but this time I know what the problem is but I can not solve it. Maybe we will have to use static route anyway. Today we only have the gateway for anti virus but who knows the future. The bad thing about this is that we will still have the folder showed with a red cross. The best would be to not map it at all, but as long as the login could be fast then we can live with that.

    Friday, November 10, 2017 12:20 PM
  • DonPick: My college read somewhere that GPO could work according to Microsoft, but someone told that in reality it what not that good and that from AD was better. Any thoughts about that?

    Martin Binder:How is it "more" compared to drive mapping that you do with GPO?

    Friday, November 10, 2017 12:38 PM
  • DonPick: My college read somewhere that GPO could work according to Microsoft, but someone told that in reality it what not that good and that from AD was better. Any thoughts about that?

    Well, there is good & bad to everything ;)

    If you have basic/simple needs, then the old-style methods are excellent. (but these are limited flexibility as you have found ;)
    If you have more complex needs, then this old-style method is not sufficient.

    The user-profile / home-dir attributes are static, and are not affected by Group Policy, because these attributes are from the old-times in NT when Group Policy did not exist.

    If you want to do some conditional or cool stuff, you need a flexible/programmable method, and this could be Group Policy (logon scripts) or Group Policy (Preferences) or something like that. 

    If you have good skills with scripting, then this is easily done via logon scripts, and this was very common to do in most platforms, for many years (Windows, NetWare, *nix, all kinds of platforms, I've worked with them all ;)

    Drive Mappings via GPP can be a little tricky, Martin has written a lot about how you can have some bad experiences with performance if you don't understand/test the different methods available. This can also affect performance if you use GPP for handling Printer connections.

    In our enterprise, I don't use GPP for drive mappings nor for printers any more. We don't use drive mappings on servers any more, really, it's too limiting and clunky, we use web services etc. For printing, we use uniFLOW and swipe-secure-release, so printer connections are much simpler (same two connections no matter who or where you are).


    Don [doesn't work for MSFT, and they're probably glad about that ;]

    Friday, November 10, 2017 10:23 PM
  • Did you try using the "Remote Desktop Services Profile" tab of user accounts in ADUC? It allows you to separate settings for home drive and profile that will be used for Terminal Services from those used in other situations. You can have your home drive set to "Local path" on the "Remote Desktop Services Profile" tab and have your share and letter configured on the Profile tab for all other situations.

    This eliminates the need for any GPOs.

    Friday, November 10, 2017 11:21 PM
  • > Martin Binder:How is it "more" compared to drive mapping that you do with GPO?

    If you have a home folder and open a commandline, you will notice that the current drive/directory is your home folder. In addition, it will populate %homedrive%, %homeshare% and %homepath% which does not happen with GPP Drive Mappings.
    This in turn enables you to use folder redirection to %homeshare%%homepath%Documents eg which will work for each and any user regardless of his home share (different servers, different shares, different subfolders - does not matter at all).

    Saturday, November 11, 2017 11:03 AM
  • Did you try using the "Remote Desktop Services Profile" tab of user accounts in ADUC? It allows you to separate settings for home drive and profile that will be used for Terminal Services from those used in other situations. You can have your home drive set to "Local path" on the "Remote Desktop Services Profile" tab and have your share and letter configured on the Profile tab for all other situations.

    This eliminates the need for any GPOs.

    This actually seemed like a good idea at first! Almost all servers are virtual and we use RDP most time, so only using Home folder for RDP and leave blank on Profile tab would have worked. The the rare cases we use the Console in WMware you could always find you own folder from Users-drive (that uses GPO).

    But then I got reminded that we also have some "thick" clients (normal computer/workstations) and there we do not use RDP, but would be nice to have home folders there too.

    So for now I think the easy way is to use static route and skip the default gateway (we only use it for anti virus). And maybe look at GPO in the future.

    Wednesday, November 15, 2017 8:10 AM