AppData Folder Redirection with Roaming Profiles

I have Windows 7 Clients on a Windows 8 R2 domain.  I am using Folder Redirection for Documents (as well as My Music, My Pictures and My Videos). I also use Roaming Profiles.  The profiles have started getting large causing user login times to increase.  I am looking into also redirecting AppData(Roaming).  In my test environment I have redirected AppData(Roaming) to the users Home Folder (as desceibed in many articles I have read). When I do this the users have access full access to the AppData folder and as users go are apt to jack with it.  Is there a way to dynamically restrict access to this folder? Should I have these redirected else ware?  Or am I missing something?
mjobesAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Daniel HelgenbergerCommented:
Please have a look at access based enumeration (ABE). Deploy this for your shares and DFS:
http://technet.microsoft.com/en-us/library/dd772681(v=ws.10).aspx
0
mjobesAuthor Commented:
The problem is since the AppData(Roaming) folder is redirected to (and created in) their home share they have access to it... I have not used ABE before but from a quick read on it, it seems it will hide folders a user does not have access to.  Not sure if this will work in this case.
0
Daniel HelgenbergerCommented:
I am not quite sure if I get your setup correctly.
In any case, only your user needs access to it, since only user relevant data is stored there; nobody else will need to access it.
And, your users need access to it - normally it is only hidden.

Apart from ABE there is not much you can do. Redirect %APPDATA% separate share, then it will be hidden again (because it is no folder in the user profile).

Also, do exeriment a lot with redirected APPDATA. I found it cumbersume, since some applications I need to use just don't work with a networked APPDATA. This is why I sync it (IMHO I think to to the nature it is best practice: http://www.sepago.de/d/helge/2010/05/31/should-appdata-be-redirected-or-left-in-the-user-profile)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Skyler KincaidNetwork/Systems EngineerCommented:
We did a ton of testing with roaming profiles and offline files. Roaming profiles are antiquated with the changes in Windows 7 that optimize file uploads and login times. Roaming profiles are still great for networks that have Windows XP computers because that is what it is designed for.

This is by far the best link and walkthrough I have found for setting up folder redirection. The important part is to enable Offline Files on laptops or anything that will be leaving the office.

http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/
0
mjobesAuthor Commented:
To optimize the login process I ended up excluding the following from syncing with the roaming profile:

%appdata%\Roaming\Microsoft\Templates\LiveContent\15\Managed

This folder contains 40 or 50 MBs of template content that is not necessary.

We'll see if this speeds things up at all.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.