A Group Policy Object (GPO) has always allowed administrators to exclude folders from a roaming profile but not include them. I'd always assumed that the functionality of a roaming profile was more or less hardcoded, whereby it only captured data from AppData\Roaming. However, I have to admit I was mistaken, and I give big thanks to Raphael Schulz for pointing this out to me.

No particular engine controls roaming profiles. They instead rely on a registry value in HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon. This value is a string (REG_SZ) format and is called ExcludeProfileDirs. It tells the roaming profile what not to save from the %USERPROFILE% folder. The screenshot below shows the default values on Windows 10.

ExcludeProfileDirs default settings

ExcludeProfileDirs default settings

Why to include folders

You can see from the screenshot above that the system excludes AppData\Local by default. However, to capture the Windows 10 Start Menu, we need to capture the AppData\Local\TileDataLayer folder.

So by this method, if we were to remove AppData\Local from the exclusion list, and then add all the other subfolders to the exclusion list except the one we are interested in (TileDataLayer), we could make our roaming profile capture the Windows 10 Start Tiles settings.

Now the number of subfolders within %LOCALAPPDATA% that you need to exclude will depend very much on what your application sets are. It is very important to exclude folders like Google (for Chrome) and Mozilla (for Firefox) as these bloat quite heavily.

You need to make sure that you keep the exclusion list current and streamlined; otherwise you will soon start capturing lots of unwanted data that is transmitted to and stored on the network. The example list I have here is based around a very simple Windows 10 setup. So make sure you include all relevant subfolders for your environment!

How to include and exclude folders

The easy way to enforce this is to use a Group Policy Preference (GPP). Here is an example of the one I have used to set this. Make sure the list is semicolon-delimited, and state the excluded folders as subfolders of the %USERPROFILE% folder.

Group Policy Preferences to enable Windows 10 roaming profile

Group Policy Preferences to enable Windows 10 roaming profile

That is, quite simply, all you need to set up. Now the roaming profile will capture the %LOCALAPPDATA%\TileDataLayer subfolder into the roaming profile share when the user logs off, and restore it when the user logs back on again.

Roaming profile with LOCALAPPDATA

Roaming profile with LOCALAPPDATA

If you're using the latest version of Windows 10 fully patched, you should find that using a roaming profile in this way allows you to seamlessly maintain Start Tiles settings, file type associations, and everything else the user needs.

Finally, you'll need to apply slightly changed permissions to the profile folders to allow administrative access for ongoing monitoring and maintenance. I normally apply permissions as below either through inheritance or GPO settings.

Profile permissions

Profile permissions

Windows 10 with full roaming profile capability

Windows 10 with full roaming profile capability

What folders to include

In an ordinary environment, here's a good list to start with. It includes the registry entries to cover you for some of the most common folders out there on a Windows 10 machine. If you aren't using some of the software specified, then it won't cause any trouble to add them in. If they're not present, the system won't process them at all.

AppData\LocalLow
$Recycle.Bin
OneDrive
WorkFolders
AppData\Local\ConnectedDevicesPlatform
AppData\Local\Google
AppData\Local\GroupPolicy
AppData\Local\Microsoft
AppData\Local\PeerDistRepub
AppData\Local\Publishers
AppData\Local\Temp
AppData\Local\VirtualStore
AppData\Local\Mozilla
AppData\Local\Packages
AppData\Local\AppSense (if using AppSense, as I was)
AppData\Local\History
AppData\Local\MicrosoftHelp
AppData\Local\Publishers
AppData\Local\Comms
AppData\Local\HP
AppData\Local\TemporaryInternetFiles
AppData\Local\VirtualStore
AppData\Local\Winternals
AppData\Local\Adobe
AppData\Local\Apple
AppData\Local\AppleComputer
AppData\Local\Autodesk
AppData\Local\Chromium
AppData\Local\CrashDumps
AppData\Local\NVIDIA
AppData\Local\NVIDIACorporation
AppData\Local\Skype
AppData\Local\WebEx
AppData\Local\Foxit Reader
AppData\Local\Macromedia
AppData\Local\Microsoft_Corporation
AppData\Local\Real
AppData\Local\DropBox (if using DropBox)
AppData\Local\VMware
AppData\Local\Windows Live
AppData\Local\CrashDumps
AppData\Local\Citrix (if using Citrix)

Bear in mind that these entries need to be semicolon-delimited.

Conclusion

Obviously, you will still have the limitations of a roaming profile: possible corruption, last writer wins, limited to a single OS or profile version, and so on. But for a lightweight method of a roaming user state from session to session, it works very well. There's also the added bonus that it will extend onto Server 2016 Remote Desktop Session Host (RDSH) sessions as well. If you're using Modern Apps on Windows 10 though, you will get blank Start Menu entries where the Modern Apps were on the Server 2016 session.

However, this little trick also extends your capabilities with roaming profiles a lot. You could even selectively include other folders from %LOCALAPPDATA% if you want to roam them as well. Logon times are also quite reasonable with this method. I observed around a minute for the very first logon after creating the roaming profile, and 20–40 seconds for each logon after that.

If you would like to see this method in action, I have recorded a YouTube video:

Subscribe to 4sysops newsletter!

avataravatar
6 Comments
  1. Dennis 6 years ago

    Hi. in my organization wee use roaming profile, and now get some problems whit windows 10.

    I audit APPDATA\Local folder at all PC. And get unique folder names list. And I think it no very good idea to add them to registry (more than 100 folders).

    User Profile Disk – no stable for use? I want find solution for roaming profiles.

  2. Rob 5 years ago

    I added some vbs code to my login script that basically enumerates the %USERPROFILE%\AppData\Local folder and writes the semicolon delimited list of folders, excluding TileDataLayer, thereby having it always up to date.  I also use a Win 10 Ent standard image.

  3. adam gaunt 5 years ago

    Many thanks – Worked well on a new policy.

    I was expecting Outlook settings such as which windows open at start (Calendar plus Inbox etc) but it would seem that those are in HKCU – so how might you go about roaming those settings?

    Adam

    • James R 5 years ago

      The HKCU settings should be captured from the ntuser.dat file in the user profile.

  4. Gu 3 years ago

    Hi James.

    Saw your video and thought it was great. Tried to implement it and I did not have any luck. In your example, does the Start Menu Folder get redirection on it or not? I'm having some major issues getting this start menu to work. Thanks in advance. Gavin

  5. Andrew 9 months ago

    Does roaming profiles follow symbolic links?

    What would happen if a symlink was created from AppData\Roaming\TileDataLayer to AppData\Local\TileDataLayer ?

    If that works (AppData\Local\TileDataLayer gets roamed), it would be a lot easier to administer than maintaining long exclusion lists.

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2023

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account