Folder Redirection or ROBOCOPY profile

What is the best practice for protecting a domain users profile behind the scenes?

Using a logon script to robocopy the profile over to the server?

Or using folder redirection?

I have run into issues with both, like a handy red X over files with folder redirection or GPO's failing to run on Vista/7 machines, or even sync issues.  With these issues, at least the end user knows something is wrong and to contact me.

With the logon batch file (which I did not create, a friend did) I have seen it either not run on Windows 7/ Vista because of UAC.  Or just stop functioning.  The only way I know it doesn't work, is checking the log file it creates to see the most recent date.  The user has no clue it stopped working and I would have to manually check each workstation.

So what is the best practice here?  What do you do to protect user data?
dksgreenitAsked:
Who is Participating?
 
TechOps07Connect With a Mentor Commented:
I implemented Folder Redirection at my job which has worked out great. Other users cannot access anyone's My Documents because of the default security options.

I went as far as making sure the Pictures, Music, and Video folders stay on the C:\ local drive to reduce space on my file server.

This way it is automated via GPO where RoboCopy has to be created in a script, setup for the logon. To me there are plenty of things that can break or fail to run. Then you have to troubleshoot where the breakdown is.

That is to much overhead for me.
0
 
Randy DownsConnect With a Mentor OWNERCommented:
This might help

http://www.cb-net.co.uk/microsoft-articles/23-windows-2008/1987-windows-server-folder-redirection-migration

Firstly let me point out a simple way of doing this in a smaller environment. If you update your Group Policy Folder Redirection Options  (or apply a new policy with higher precedence), if the Redirection Policy is configured to "Move the contents of xxxx to the new location" then at logon the users files will be moved to the new location.... an automated migration that works well for small amounts of data.

With up to 20GB of data per user the above solution simply wasn't going to cut it. This would have added hours of delays for users logging on. We opted to pre stage the data, which meant we had to disable the "Move the contents of xxxx to the new location" for each folder we were pre-staging - this is an important step! You should allow a week or two for all users to get this change before proceeding with your migration.

Next problem, how to pre-stage the data! Well RoboCopy failed miserably due to the ACL's and exclusive rights, so we used a tool called SecureCopy which worked really well - to a point; open files, and files with specific ACL's which users had set were not pre-staged. The number of these files totalled around 2,300!

We needed to pre-stage these files are many of them were current, business related documents... welcome back to the fight RoboCopy! We deployed a script (below) to run at user logon, as the user, that would copy the missing files (using /MIR to mirror the folder contents) from the Windows box to the NetApp CIFS. This ran for a few days to minimise the amount of missing data when we 'flipped the switch.'

Finally, with the data pre-staged we change the GPO folder redirection options to point to the vFiler shares.
0
 
dksgreenitAuthor Commented:
Thanks for the info
0
All Courses

From novice to tech pro — start learning today.