Manage Learn to apply best practices and optimize your operations.

Managing user profiles via Group Policy Objects

There are three parameters in the GPO for an Active Directory container that make user profiles easier to handle.

The group policy object for an Active Directory container (domain, site or organizational unit) can be used to control many aspects of user profiles. I want to focus on three of these controls in this tip. All three of these controls are located within the User Configuration, Administrative Templates, System, User Profiles section of a GPO.

The first control is named "Connect home directory to root of the share." When this setting is enabled, it resets the usage of several environmental variables back to their Windows NT definitions. The effect of this setting is to allow users to access the root of the share where their home directories are stored simply by accessing the drive letter for their mapped home directory drive. If you want to grant users access to the root of the home directory share, enable this setting. Otherwise leave it as is to restrict their access to their own home directory and sub-folders.

The second control is named "Limit profile size." As the size of your user community grows, it can become increasingly difficult to manage the storage space on the network shares where user profiles are stored. One way to help control and prevent rampant expansion of user profile size is to implement a profile quota limit via this GPO control. When this control is enabled you can set a maximum size for all user profiles, indicate whether the Registry files are included in the size calculations and determine whether users are notified if their profile exceeds the size limitation. If you plan on using this control, I highly suggest that you train your users to employ their home directory as the primary location for the storage of files, especially work materials and e-mail, rather than their desktop. The home directory is a separate location from the storage of user profiles and therefore not included in the size calculation. However, items stored on the desktop are part of the user profile and are calculated in the size assessment. If a user fully logs out and does not reduce the size of their user profile after they have exceeded the maximum limit, the OS will delete files until the size of the profile is under the limit.

The third control is named "Exclude directories in roaming profile." There are several elements stored in a user profile that are almost, if not completely, useless between one logon session and the next. This control allows you to define the sub-folders within a user profile that are not transferred from the client back to the network share where user profiles are stored. This accomplishes a reduction in the overall size of user profiles, faster logon and logoff times -- especially when not using the same client twice in a row -- and reduced network traffic due to user profile transfers. By default when this setting is enabled, it stops transferring and storing the History, Local Settings, Temp and Temporary Internet Files folders. If users have a large Internet Explorer cache or perform activities that create lots of temporary files, this control will greatly improve the operation and storage of user profiles on your system.

James Michael Stewart is a researcher and writer for Lanwrights, Inc.


Dig Deeper on Windows systems and network management