There are a couple of management issues with roaming profiles. One problem is that a user can only be logged into one computer at a time. Make sure that each user understands it's essential to close his or her account before trying to log into another computer.
A bigger problem is that roaming profiles can take a very long time to load if you don't handle them properly. The reason is that anything the user stores on the desktop ends up in the profile and has to be downloaded when the user logs in. This can result in profiles of 300MB or more and login times that approach geological time scales—not to mention an unnecessary load on the network. The solution is a combination of user education and setting the right policies:
- Roaming profiles should include fairly tight limits on storage space; 20MB is a popular number.
- Discourage users from keeping large files on the desktop or stored in the user's profile. As much as possible, files, specialized applications, and such should be stored on the network drive. Because the user is the primary person inconvenienced when it takes forever to log in because of a bloated profile, this is a fairly easy sell.
- Redirect folders from the user's computer to a share point on the server. Typically you would redirect folders such as My Documents, Application Data, and Favorites, which tend to be quite large, and store them in a folder on the server. With this approach, the server doesn't have to try to move those files every time the user logs in, which reduces login time and network load enormously.
Redirecting folders is as simple as using the Group Policy Editor to redirect each user's folders to his or her subfolder:
- Create a folder on the server, share it, and give the users full control at the share level.
- In the Group Policy Editor, select User Settings, Windows Settings, Folder Redirection.
- Set the folder's Setting option to Basic - Redirect Everyone's Folder to the Same Location.
- Go to the Target Location and select Create a Folder for Each User Under the Root Path.
- Enter the root path.
The clunky part of this strategy is that you have to redirect each of the folders in the user's profile separately. The less-clunky part is that Windows automatically creates the folders and sets the permissions as you redirect the files.