Shulou(Shulou.com)06/02 Report--

In the domain environment, domain users can log in on any client computer in the domain. Because the permissions of ordinary domain users are relatively low, they can only have full control over their own user profiles in most cases. Therefore, most domain users save their data directly in the user profile. The user profile is actually a folder, and the default location is in a folder called "Users" under the root directory of disk C (system disk). Every domain user who has logged in on this computer will create a folder with the same user name in this "user" folder, such as "zhangsan". The user configuration folder contains the configuration of personal data such as "Desktop", "document" and "favorites". The files that users put in the "Desktop" or "document" are actually saved in the user profile.

The default setting of the system stores the user profile on the client computer, but in this way, there is a certain security risk, and when the domain user logs in on another computer, the contents of these configuration files will not be seen. There are two ways to achieve profile roaming with domain users: one is to set user properties on DC to store user profiles on a remote server, and the other is to set group policy on DC to redirect the storage path of user profiles to remote servers. Both methods can achieve the same effect, but is there any difference between them? Which method is more desirable in practice? This paper will illustrate the configuration process of the two methods through examples, and analyze and compare the characteristics between them.

The domain name used in the experimental environment is "WorldSkills2017.china", and the computer name of DC is R_Server2. Two domain user accounts have been created in the OU,OU named "test" in the domain: "zhangsan" and "lisi". Both DC and the client use the Windows Server 2012 R2 system.

I. configure the roaming profile

The roaming profile needs to be set in the domain user properties. Take the domain user "Zhang San" as an example to illustrate the configuration process.

① creates a shared folder

First, create a shared folder called profile on DC and set it to Everyone with read and write permissions. (in a production environment, shared folders should be set up on a dedicated file server, not on the DC. )

② configure user properties

Open Active Directory users and computers on DC, open the property settings interface of Zhang San, and set the profile path to\ DC\ profile\% username% in the profile tab (the% username% parameter in the path is automatically replaced by the user's login name). As shown in figure 1.

Figure 1 setting up roaming profile

③ is tested on the client side

Log in to the domain as Zhang San on the client computer, and the client computer where Zhang San is located will go to the shared directory on the server to download the zhangsan configuration file. But there is no zhangsan configuration file on the server, so Zhang San will create a local configuration file on the local disk.

After setting up the desktop or favorites, log out the user, and the client computer where zhangsan is located will upload the local configuration file you just created to the server. Open the shared folder profile on DC and you will find that there is an extra folder called "zhangsan.V2". Since this is a backup of the local configuration file, "V2" will be added to the name.

Figure 2 user profile uploaded to the server

Then another computer logs in with the identity of Zhang San. Zhang San will first download all his user configurations from the shared folder of the server, so he finds that the configuration he has just made has roamed over.

Summary of ④

The roaming configuration file actually makes a backup of the configuration file in the shared folder of the server. when the domain user logs in on the client, the configuration file will be downloaded from the server first. when the domain user logs out, the modified configuration file is transferred to the server's shared folder.

Configure folder redirection

Folder redirection needs to be configured in group policy. Take "test" OU as an example to illustrate the configuration process of group policy.

① creates a shared folder

The first step is to create a shared folder called "folder" on the DC, giving Everyone "read / write" permission.

② configuration Group Policy object GPO

Open the Group Policy Management tool, create a new GPO called folder Redirection in the Group Policy object, and edit it.

In the Group Policy Editor, expand user configuration\ Policy\ Windows Settings\ folder Redirection, which lists the directories of profiles that can be redirected. The Desktop and documents folders are usually redirected the most, so change the Desktop folder of the domain user to be stored centrally on the domain controller.

Right-click on Desktop and select Properties to open the Desktop Properties settings interface.

First, select "basic-redirect everyone's folder to the same location" in the "destination" tab, and select "create a folder for each user under the root path" in "destination folder location". In the "root path", enter the location where the folder will be redirected, that is, the UNC path\ DC\ folder of the shared folder set on the DC. As shown in figure 3. In this way, the system automatically creates a dedicated folder for each logged-in user in the shared folder.

Figure 3 redirects the Desktop

③ links GPO to OU

After you close the Group Policy Editor, drag the configured Group Policy object folder Redirection to the "test" OU so that Group Policy takes effect for all domain users in the "test" OU.

④ is tested on the client side

Log in as user Li Si on the client computer, and after opening the user's local configuration folder, it is found that there is no "Desktop" folder, this is because the location of the "Desktop" folder has been redirected to the server.

Open the folder folder on DC and you can see that a folder called "lisi" is automatically created inside, including the "Desktop" subfolder.

Note that if the group policy is not in effect, you can execute the "gpupdate / force" command on the client to force the group policy to refresh.

The following is to create a test file on the client desktop as Li Si, and then log out the Li Si user (you can see that the files are synchronized when you log out). Then log back in as Li Si on another client computer, and you can see that the test file you just created on the Desktop also appears.

Summary of ⑤

After redirecting the folder in the user profile, the corresponding folder seen by the client is just a path to the shared folder in the server, and the data is stored directly in the server. In this way, when domain users log in or log out on the client, they no longer need to upload or download file data to or from the server.

3. Comparison of the two operations

Through the comparison of the example, it can be found that the roaming configuration file backs up the configuration file in the server, while the folder redirection stores the configuration file directly in the server. Which of these two ways is better or worse?

We can imagine that if a domain user places a large amount of data in the profile, roaming the profile will cause the domain user to log in and log out very slowly. this problem does not occur with folder redirection. Therefore, in practical application, folder redirection is more operable.

In conclusion, the role of folder redirection is mainly reflected in the following two aspects:

First, you can use this function to make a unified backup of related files or folders. Because the files scattered on each host are redirected to a server, so that the administrator only needs to back up the folder of the server, so that the data of the employees' computers can be backed up, so as to ensure the security of the data.

Second, the location where users can access the folder will be unrestricted. If the desktop or my documents and other materials are saved locally, the user can only access these files by logging in to this computer. After redirecting the folder, all employees need to log in to the domain to access the folder.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.