[tech] Clubroom home directories of the future
zanchey at ucc.gu.uwa.edu.au
Wed Jun 2 21:48:10 WST 2010
I would like some consensus on how to deal with home directories for
clubroom machines, in particular those running Windows.
Some background: the UCC hosts files on /away that provide networked home
directories for user logins on clubroom machines. For a user's $HOME path,
there is a corresponding /away/$HOME (herein referred to as $AWAY). Logins
on Linux and Mac OS clubroom machines mount the /away filesystem over NFS
as /home, and thus the users' home directory is $AWAY. Within this
directory are the various folders for things like Desktop, Documents and
Windows XP machines, on the other hand, use roaming profiles.
Traditionally, these profiles have been stored in $AWAY/profiles. The
entire contents of this directory is synced to the clubroom machine at
logon, then copied back at logout. The Windows machines are also
configured to connect to $AWAY as drive H: for access to the files that
other operating systems use, etc. Because many users are unaware of the
mechanics of this process, many of our users dump several gigabytes of
data in their Windows desktop, which has to be copied back and forward
(slow) and takes up space on the disk due to roaming profile caching.
This is a problem across most Windows XP sites and therefore Microsoft
have seen fit to alter the process in Windows Vista and Windows 7. These
operating systems connect to a different network share (profiles.V2
instead of profiles) and impose tight regulations on the size of the
roaming profile. No settings or files are migrated across from the old
profile during first logon. To allow people to still store their gigabytes
of whatever on their desktop, administrators are strongly encouraged to
set up Folder Redirection, where any access to certain folders in the
local copy of the roaming profile is redirected to the network.
Obviously we would like to get this working at UCC. There are some
decisions to make:
1. Deployment of Folder Redirection.
The easiest way to set up Folder Redirection is to use Group Policy, the
Windows central management tool. We are not running Active Directory and
there are no plans in the near future to move to it, so we need to look
for alternatives. The old way of getting around this was to use NT Policy,
but that's not supported in newer versions of Windows.
1A: default profiles (like skeldir for Windows): nobody has a Vista/7
style profile yet, and if we define a default user profile with
appropriate folder redirection settings, every user will get the right
settings on first login. The advantage of this is that it's reasonably
clean, works across all users, and doesn't require modification of client
machine policies. However, we only get one chance to get it right, and
there is no way to edit existing profiles without doing it all manually.
1B: logon scripts: we can define a logon script for all users to set the
Folder Redirection policy at each logon. This would also give us an
infrastructure to deploy other useful registry hacks as necessary.
Unfortunately, it requires us to set a local machine policy ("Run logon
scripts synchronously") to avoid unpredictable behaviour during logon (the
first time, anyway), although this could probably be deployed using our
standard operating environment tool, WPKG, which is already going to be
set up for Windows 7 to hack the registry so that domain logons work.
2. Choice of folders.
All users currently have two desktop folders - one in $AWAY/Desktop and
one in $AWAY/profiles/Desktop. The same applies to Documents folders, etc.
etc. Where should we redirect these folders to?
2A: seamless Windows experience: all users will see the same files in
Windows XP and Windows 7, as the redirection policy will be set to
$AWAY/profiles/Desktop. As Windows XP will probably go away soon enough,
this my least preferred option.
2B: One True Desktop, except Windows XP: redirection policy will be to
$AWAY/Desktop, and logging in on Windows 7 will show the same files on the
desktop as Linux.
2C: One True Desktop: as above, except we copy everything currently in
$AWAY/profiles/Desktop to $AWAY/Desktop, and symlink the former to the
latter. Probably the best user experience (no "where did my data go",
maybe some "where did all this stuff come from"), but may require dealing
with naming collisions (unlikely).
Also, 2B and 2C suffer from the problem [JCF] noted in
UCC Wheel Member
More information about the tech