- Can’t uninstall app: Delete or change Windows apps that have been flagged as non-removable - Thu, Mar 16 2023
- FSLogix VHDX compaction: Resize virtual disks - Thu, Dec 1 2022
- Sysinternals Process Monitor: Real-time file system, registry, and process monitoring - Fri, Oct 28 2022
No particular engine controls roaming profiles. They instead rely on a registry value in HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon. This value is a string (REG_SZ) format and is called ExcludeProfileDirs. It tells the roaming profile what not to save from the %USERPROFILE% folder. The screenshot below shows the default values on Windows 10.
ExcludeProfileDirs default settings
Why to include folders
You can see from the screenshot above that the system excludes AppData\Local by default. However, to capture the Windows 10 Start Menu, we need to capture the AppData\Local\TileDataLayer folder.
So by this method, if we were to remove AppData\Local from the exclusion list, and then add all the other subfolders to the exclusion list except the one we are interested in (TileDataLayer), we could make our roaming profile capture the Windows 10 Start Tiles settings.
Now the number of subfolders within %LOCALAPPDATA% that you need to exclude will depend very much on what your application sets are. It is very important to exclude folders like Google (for Chrome) and Mozilla (for Firefox) as these bloat quite heavily.
You need to make sure that you keep the exclusion list current and streamlined; otherwise you will soon start capturing lots of unwanted data that is transmitted to and stored on the network. The example list I have here is based around a very simple Windows 10 setup. So make sure you include all relevant subfolders for your environment!
How to include and exclude folders
The easy way to enforce this is to use a Group Policy Preference (GPP). Here is an example of the one I have used to set this. Make sure the list is semicolon-delimited, and state the excluded folders as subfolders of the %USERPROFILE% folder.
Group Policy Preferences to enable Windows 10 roaming profile
That is, quite simply, all you need to set up. Now the roaming profile will capture the %LOCALAPPDATA%\TileDataLayer subfolder into the roaming profile share when the user logs off, and restore it when the user logs back on again.
Roaming profile with LOCALAPPDATA
If you're using the latest version of Windows 10 fully patched, you should find that using a roaming profile in this way allows you to seamlessly maintain Start Tiles settings, file type associations, and everything else the user needs.
Finally, you'll need to apply slightly changed permissions to the profile folders to allow administrative access for ongoing monitoring and maintenance. I normally apply permissions as below either through inheritance or GPO settings.
Profile permissions
Windows 10 with full roaming profile capability
What folders to include
In an ordinary environment, here's a good list to start with. It includes the registry entries to cover you for some of the most common folders out there on a Windows 10 machine. If you aren't using some of the software specified, then it won't cause any trouble to add them in. If they're not present, the system won't process them at all.
AppData\LocalLow $Recycle.Bin OneDrive WorkFolders AppData\Local\ConnectedDevicesPlatform AppData\Local\Google AppData\Local\GroupPolicy AppData\Local\Microsoft AppData\Local\PeerDistRepub AppData\Local\Publishers AppData\Local\Temp AppData\Local\VirtualStore AppData\Local\Mozilla AppData\Local\Packages AppData\Local\AppSense (if using AppSense, as I was) AppData\Local\History AppData\Local\MicrosoftHelp AppData\Local\Publishers AppData\Local\Comms AppData\Local\HP AppData\Local\TemporaryInternetFiles AppData\Local\VirtualStore AppData\Local\Winternals AppData\Local\Adobe AppData\Local\Apple AppData\Local\AppleComputer AppData\Local\Autodesk AppData\Local\Chromium AppData\Local\CrashDumps AppData\Local\NVIDIA AppData\Local\NVIDIACorporation AppData\Local\Skype AppData\Local\WebEx AppData\Local\Foxit Reader AppData\Local\Macromedia AppData\Local\Microsoft_Corporation AppData\Local\Real AppData\Local\DropBox (if using DropBox) AppData\Local\VMware AppData\Local\Windows Live AppData\Local\CrashDumps AppData\Local\Citrix (if using Citrix)
Bear in mind that these entries need to be semicolon-delimited.
Conclusion
Obviously, you will still have the limitations of a roaming profile: possible corruption, last writer wins, limited to a single OS or profile version, and so on. But for a lightweight method of a roaming user state from session to session, it works very well. There's also the added bonus that it will extend onto Server 2016 Remote Desktop Session Host (RDSH) sessions as well. If you're using Modern Apps on Windows 10 though, you will get blank Start Menu entries where the Modern Apps were on the Server 2016 session.
However, this little trick also extends your capabilities with roaming profiles a lot. You could even selectively include other folders from %LOCALAPPDATA% if you want to roam them as well. Logon times are also quite reasonable with this method. I observed around a minute for the very first logon after creating the roaming profile, and 20–40 seconds for each logon after that.
If you would like to see this method in action, I have recorded a YouTube video:
Subscribe to 4sysops newsletter!
Hi. in my organization wee use roaming profile, and now get some problems whit windows 10.
I audit APPDATA\Local folder at all PC. And get unique folder names list. And I think it no very good idea to add them to registry (more than 100 folders).
User Profile Disk – no stable for use? I want find solution for roaming profiles.
I added some vbs code to my login script that basically enumerates the %USERPROFILE%\AppData\Local folder and writes the semicolon delimited list of folders, excluding TileDataLayer, thereby having it always up to date. I also use a Win 10 Ent standard image.
Many thanks – Worked well on a new policy.
I was expecting Outlook settings such as which windows open at start (Calendar plus Inbox etc) but it would seem that those are in HKCU – so how might you go about roaming those settings?
Adam
The HKCU settings should be captured from the ntuser.dat file in the user profile.
Hi James.
Saw your video and thought it was great. Tried to implement it and I did not have any luck. In your example, does the Start Menu Folder get redirection on it or not? I'm having some major issues getting this start menu to work. Thanks in advance. Gavin
Does roaming profiles follow symbolic links?
What would happen if a symlink was created from AppData\Roaming\TileDataLayer to AppData\Local\TileDataLayer ?
If that works (AppData\Local\TileDataLayer gets roamed), it would be a lot easier to administer than maintaining long exclusion lists.