A Group Policy Object (GPO) has always allowed administrators to exclude folders from a roaming profile but not include them. I'd always assumed that the functionality of a roaming profile was more or less hardcoded, whereby it only captured data from AppData\Roaming. However, I have to admit I was mistaken, and I give big thanks to Raphael Schulz for pointing this out to me.

James Rankin

James is a consultant from the UK, specializing mainly in end-user computing, Active Directory and client-side monitoring. When not implementing projects for his company HTG, he can often be found blogging, writing technical articles and speaking at conferences and user groups.

No particular engine controls roaming profiles. They instead rely on a registry value in HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon. This value is a string (REG_SZ) format and is called ExcludeProfileDirs. It tells the roaming profile what not to save from the %USERPROFILE% folder. The screenshot below shows the default values on Windows 10.

ExcludeProfileDirs default settings

ExcludeProfileDirs default settings

Why to include folders ^

You can see from the screenshot above that the system excludes AppData\Local by default. However, to capture the Windows 10 Start Menu, we need to capture the AppData\Local\TileDataLayer folder.

So by this method, if we were to remove AppData\Local from the exclusion list, and then add all the other subfolders to the exclusion list except the one we are interested in (TileDataLayer), we could make our roaming profile capture the Windows 10 Start Tiles settings.

Now the number of subfolders within %LOCALAPPDATA% that you need to exclude will depend very much on what your application sets are. It is very important to exclude folders like Google (for Chrome) and Mozilla (for Firefox) as these bloat quite heavily.

You need to make sure that you keep the exclusion list current and streamlined; otherwise you will soon start capturing lots of unwanted data that is transmitted to and stored on the network. The example list I have here is based around a very simple Windows 10 setup. So make sure you include all relevant subfolders for your environment!

How to include and exclude folders ^

The easy way to enforce this is to use a Group Policy Preference (GPP). Here is an example of the one I have used to set this. Make sure the list is semicolon-delimited, and state the excluded folders as subfolders of the %USERPROFILE% folder.

Group Policy Preferences to enable Windows 10 roaming profile

Group Policy Preferences to enable Windows 10 roaming profile

That is, quite simply, all you need to set up. Now the roaming profile will capture the %LOCALAPPDATA%\TileDataLayer subfolder into the roaming profile share when the user logs off, and restore it when the user logs back on again.

Roaming profile with LOCALAPPDATA

Roaming profile with LOCALAPPDATA

If you're using the latest version of Windows 10 fully patched, you should find that using a roaming profile in this way allows you to seamlessly maintain Start Tiles settings, file type associations, and everything else the user needs.

Finally, you'll need to apply slightly changed permissions to the profile folders to allow administrative access for ongoing monitoring and maintenance. I normally apply permissions as below either through inheritance or GPO settings.

Profile permissions

Profile permissions

Windows 10 with full roaming profile capability

Windows 10 with full roaming profile capability

What folders to include ^

In an ordinary environment, here's a good list to start with. It includes the registry entries to cover you for some of the most common folders out there on a Windows 10 machine. If you aren't using some of the software specified, then it won't cause any trouble to add them in. If they're not present, the system won't process them at all.

Bear in mind that these entries need to be semicolon-delimited.

Conclusion ^

Obviously, you will still have the limitations of a roaming profile: possible corruption, last writer wins, limited to a single OS or profile version, and so on. But for a lightweight method of a roaming user state from session to session, it works very well. There's also the added bonus that it will extend onto Server 2016 Remote Desktop Session Host (RDSH) sessions as well. If you're using Modern Apps on Windows 10 though, you will get blank Start Menu entries where the Modern Apps were on the Server 2016 session.

However, this little trick also extends your capabilities with roaming profiles a lot. You could even selectively include other folders from %LOCALAPPDATA% if you want to roam them as well. Logon times are also quite reasonable with this method. I observed around a minute for the very first logon after creating the roaming profile, and 20–40 seconds for each logon after that.

If you would like to see this method in action, I have recorded a YouTube video:

Are you an IT pro? Apply for membership!

12+

Users who have LIKED this post:

  • avatar
  • avatar
Share
4 Comments
  1. Dennis 2 years ago

    Hi. in my organization wee use roaming profile, and now get some problems whit windows 10.

    I audit APPDATA\Local folder at all PC. And get unique folder names list. And I think it no very good idea to add them to registry (more than 100 folders).

    User Profile Disk - no stable for use? I want find solution for roaming profiles.

    4+

  2. Rob 1 year ago

    I added some vbs code to my login script that basically enumerates the %USERPROFILE%\AppData\Local folder and writes the semicolon delimited list of folders, excluding TileDataLayer, thereby having it always up to date.  I also use a Win 10 Ent standard image.

    2+

  3. adam gaunt 1 year ago

    Many thanks - Worked well on a new policy.

    I was expecting Outlook settings such as which windows open at start (Calendar plus Inbox etc) but it would seem that those are in HKCU - so how might you go about roaming those settings?

    Adam

    2+

    • James R 1 year ago

      The HKCU settings should be captured from the ntuser.dat file in the user profile.

      1+

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2019

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account