[tech] Clubroom home directories of the future

David Adam zanchey at ucc.gu.uwa.edu.au
Wed Jun 2 21:48:10 WST 2010


I would like some consensus on how to deal with home directories for 
clubroom machines, in particular those running Windows.

Some background: the UCC hosts files on /away that provide networked home 
directories for user logins on clubroom machines. For a user's $HOME path, 
there is a corresponding /away/$HOME (herein referred to as $AWAY). Logins 
on Linux and Mac OS clubroom machines mount the /away filesystem over NFS 
as /home, and thus the users' home directory is $AWAY. Within this 
directory are the various folders for things like Desktop, Documents and 
Downloads.

Windows XP machines, on the other hand, use roaming profiles. 
Traditionally, these profiles have been stored in $AWAY/profiles. The 
entire contents of this directory is synced to the clubroom machine at 
logon, then copied back at logout. The Windows machines are also 
configured to connect to $AWAY as drive H: for access to the files that 
other operating systems use, etc. Because many users are unaware of the 
mechanics of this process, many of our users dump several gigabytes of 
data in their Windows desktop, which has to be copied back and forward 
(slow) and takes up space on the disk due to roaming profile caching.

This is a problem across most Windows XP sites and therefore Microsoft 
have seen fit to alter the process in Windows Vista and Windows 7. These 
operating systems connect to a different network share (profiles.V2 
instead of profiles) and impose tight regulations on the size of the 
roaming profile. No settings or files are migrated across from the old 
profile during first logon. To allow people to still store their gigabytes 
of whatever on their desktop, administrators are strongly encouraged to 
set up Folder Redirection, where any access to certain folders in the 
local copy of the roaming profile is redirected to the network.

Obviously we would like to get this working at UCC. There are some 
decisions to make:

1. Deployment of Folder Redirection.

The easiest way to set up Folder Redirection is to use Group Policy, the 
Windows central management tool. We are not running Active Directory and 
there are no plans in the near future to move to it, so we need to look 
for alternatives. The old way of getting around this was to use NT Policy, 
but that's not supported in newer versions of Windows.

1A: default profiles (like skeldir for Windows): nobody has a Vista/7 
style profile yet, and if we define a default user profile with 
appropriate folder redirection settings, every user will get the right 
settings on first login. The advantage of this is that it's reasonably 
clean, works across all users, and doesn't require modification of client 
machine policies. However, we only get one chance to get it right, and 
there is no way to edit existing profiles without doing it all manually.

1B: logon scripts: we can define a logon script for all users to set the 
Folder Redirection policy at each logon. This would also give us an 
infrastructure to deploy other useful registry hacks as necessary. 
Unfortunately, it requires us to set a local machine policy ("Run logon 
scripts synchronously") to avoid unpredictable behaviour during logon (the 
first time, anyway), although this could probably be deployed using our 
standard operating environment tool, WPKG, which is already going to be 
set up for Windows 7 to hack the registry so that domain logons work.

2. Choice of folders.

All users currently have two desktop folders - one in $AWAY/Desktop and 
one in $AWAY/profiles/Desktop. The same applies to Documents folders, etc. 
etc. Where should we redirect these folders to?

2A: seamless Windows experience: all users will see the same files in 
Windows XP and Windows 7, as the redirection policy will be set to 
$AWAY/profiles/Desktop. As Windows XP will probably go away soon enough, 
this my least preferred option.

2B: One True Desktop, except Windows XP: redirection policy will be to 
$AWAY/Desktop, and logging in on Windows 7 will show the same files on the 
desktop as Linux.

2C: One True Desktop: as above, except we copy everything currently in 
$AWAY/profiles/Desktop to $AWAY/Desktop, and symlink the former to the 
latter. Probably the best user experience (no "where did my data go", 
maybe some "where did all this stuff come from"), but may require dealing 
with naming collisions (unlikely).

Also, 2B and 2C suffer from the problem [JCF] noted in 
http://wiki.ucc.asn.au/WindowsProfiles#Caveats-1

Any thoughts?

David Adam
UCC Wheel Member
zanchey@


More information about the tech mailing list