[Samba] wiki entry regarding updating self compiled samba addc (4.11.x -> 4.15.0 in my case)
Patrick Goetz
pgoetz at math.utexas.edu
Tue Sep 28 22:52:10 UTC 2021
Thanks for the detailed response. It's my understanding that the MS
recommendation is to implement Windows profiles as a virtual disk:
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/easier-user-data-management-with-user-profile-disks-in-windows/ba-p/247555
Based on your description is sounds like you're not using the VHDX
version of profiles.
On 9/28/21 17:24, rme at bluemail.ch wrote:
>> I thought everyone was trying to get away from roaming profiles
>> because, for example the AppData folder starts to fill up with cruft
>> like browser and email caches, making login/logout times unbearably
>> long for users.
>
> It's rather about Microsoft and others trying to push you using cloud
> services. They don't want you to do this for free or even without
> running into a vendor lock-in of course.
> Actually the concept of Windows using %AppData% for roaming data and
> %LocalAppData% for local data (which is not roaming and therefore not
> synchronized at logoff is quite good. Sure there are some applications
> which totally fail to make use of this concept and store heaps of caches
> and volatile data belonging to %LocalAppData% or even %TEMP% to roaming
> %AppData% folder. But some of those applications can be pre-configured
> to store data into the right location and others (like Firefox) can be
> configured using policies to keep the profile folders relatively clean.
> For Firefox there is also open bug reports to review the %AppData%
> folder structure and contents to move volatile data away from it.
>
> If all fails you can also exclude paths from roaming so you might
> exclude AppData\Roaming\xyz from roaming and therefore prevent Windows
> from synchronizing it at logon/logoff.
>
> With current SMB3 capabilities a typical profile including a Firefox
> profile is perhaps around 200MB and is delaying the logon on a modern
> LAN for about 10-20 seconds only - except you are logging on to a
> machine for the first time which requires to download the complete
> profile or you use policies to always wipe the local profile on logoff.
>
>
>> Does this work better than in the PDC/NTLM days? I'm in the process of
>> upgrading such a network (which has admittedly been in place far too
>> long) and it literally takes 45 minutes for users to logon or logoff.
>
> I am not really having problems with Windows 10 clients and roaming
> profiles on medium sized installations. However there are occasional
> users complaining about long logon times. Those users are usually the
> ones keeping heaps of data (talking about Gigabytes) on Desktop or other
> roaming folders. So you can also remind those users NOT to do this as
> mostly policies in companies should disallow storing data locally but
> rather using shares. You can also use folder-redirection along with
> roaming profiles to lower the size of roaming profiles by directing
> typically large folders like documents, videos or even desktop to
> network shares directly so they don't need to get synced on logoff.
>
>
>
>> Final question about this: The page referenced above shows a chart of
>> Windows profile suffixes. Since part of this project includes setting
>> up several new PCs which will presumably be upgraded to the most
>> current version of Windows 10, I found the lack of a server reference
>> in that chart for Profile version V6 to be a but unnerving. Does this
>> mean Samba does not work with V6 profiles; or maybe I should be asking
>> what is the difference between, say, V4, V5, and V6?
>
> The version is directly appended to the path you configure in GPO or in
> user profile configuration. The reason for the version is that the data
> structure changed. In Windows up to XP the %LocalAppData% tree was
> stored at "%UserProfile%\Local Settings" while this was changed to
> %UserProfile%\AppData\Local (%LocalAppData%) and
> %UserProfile%\AppData\Roaming (%AppData%) later.
>
> Microsoft also recommends to set the prefix via policy. So When future
> versions (actually I don't know if they opted for using V7 or other
> prefix in Windows 11) are introduced the path does not change. However
> at the risk of mixing profile structures. So for example you could use a
> Windows 7 profile all the way up to Windows 10 without actually having
> to re-create it as the base structure did not change. However some
> additional folders were introduced along the way.
>
>
>> I'm guessing this fact alone should be a deterrent to using Windows
>> Profiles? "Most notable about Windows 10, however, is that the
>> 'profile version' increments can now happen with Windows 10’s feature
>> upgrades."
>
> So just "freeze" the suffix via GPO if you need to. However I personally
> opted not to do this. If a future Windows is adding another suffix I
> will just symlink the old to the new folder on Linux if the profiles are
> compatible so users keep using the same profile in future versions.
>>> This message is from an external sender. Learn more about why this <<
>>> matters at https://links.utexas.edu/rtyclf. <<
More information about the samba
mailing list