Windows profile management under Vista/Windows 7 is a bit special compared to how it works under WindowsXP/2000. These are some quick notes to avoid some of the common pitfalls.

Please Note: This is a brain dump from a rather tired brain. The information here might not be 100% correct so please take it with a grain of salt / update it as you find it to be false.

Profile Cleanup

The main difference between 2000/XP and Vista/7 is that there are additional references to the profiles stored on a machine stored in the registry (HKLM). Under XP/2000 it was possible to just delete profiles from C:\Documents and Settings in order to clear up disk space from cached profiles. Doing this under Vista/7 will result in 'Profile not found' errors on login.

Rather than muck about in the registry, there is an alternate interface for deletion:

  1. Right click on Computer and select Properties

  2. Select Advanced System Settings

  3. On the advanced tab, click the Settings button under User Profiles

  4. Delete erroneous profiles through the resulting interface

Can this be scripted, using something like https://learn-powershell.net/2011/01/27/use-powershell-to-remove-local-profiles/ ? That would let one run it repeatably or remove large/old profiles, perhaps remotely via SSH.

Please note, that in the instance we get folder redirection working, the chances of actually needing this is slim.

Roaming Profiles

Under Vista/7, Roaming profiles have also been changed. There is now a 30MB hard limit set for the User's Appdata\Roaming folder and the OS will attempt to keep non-essential data out of this folder (ie, it's mainly the User's ntuser.dat and some Microsoft settings). Most everything else lives in Appdata\Local or Appdata\LocalLow. This is a fundamental change from the way roaming profiles used to work (ie, everything in the user's home was synced). To accomodate the change, users now require an additional profile share on the samba server, specifically %ProfilePath%.V2 where the V2 is case sensitive.

Required changes

  • Users require a profile.V2 path (note, that the user's profile path doesn't actually include the .V2, that's appended silently).
  • For access across multiple machines, the AppData folder should be shifted onto the user's /away space with folder redirection.

Caveats

  • A lot of user settings from 2000/XP will not move across cleanly. Depending on your point of view this might not be a bad thing (TM).

Folder Redirection

Is now the recommended practice for sticking most everything else on the network. Requires redirects for each folder under the user's profile. It might work to just redirect /Users/<user> to H:\ but that will require some testing

Caveats

  • Windows handles folder redirection as pseudo NTFS joins. Every redirected folder will get a $RECYCLE.BIN$ folder created in it. If we use the existing Desktop etc folders this might get annoying

  • Vista/7 do not support NTPolicy and folder redirection is not available in local machine policy. May require a logon script to run on the first login.

Fixing Broken Profiles

Some windows profiles get permanently corrupted and will fail to log in.

Solution (nuke from orbit option)

  • Remove user's cached profile via "Advanced Computer Options", "User Profiles"
  • Remove profile folders from C:\Users

  • Delete or move profile files from /away/ucc/username/Windows/profile*

    • This part has been scripted, with a backup, as /home/wheel/bin/ucc-resetwindows

  • Email a report to tech@ucc and help diagnose the cause - is something causing it to happen repeatedly?