IntelliMirror Technology Background

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Many users must work with network-based files, even when their computers are not connected to the network. IntelliMirror technologies, such as Folder Redirection and Offline Files, make data and settings available to users even when the network is not. This increased availability is a result of storing user data and settings on network servers, while maintaining local copies of selected files and folders.

The IntelliMirror management technologies that are included in Microsoft® Windows® 2000, Microsoft® Windows® XP, and Microsoft® Windows® Server 2003, Standard Edition; Windows® Server 2003, Enterprise Edition; and Windows® Server 2003, Datacenter Edition, operating systems provide directory-based change and configuration management capabilities. By using IntelliMirror technologies on the server and the client, a user’s data, applications, and settings remain consistent throughout the user’s environment. When you use Windows XP and Windows 2000 clients, and Windows 2000 Server, and Windows Server 2003 networks with Active Directory, you can take full advantage of IntelliMirror and Group Policy management features. Active Directory and Group Policy provide the foundation for IntelliMirror. Based on the Group Policy settings you specify, IntelliMirror can deploy, recover, restore, and replace a user’s data, software, and personal settings.

For more information about Group Policy, see the Windows Security Collection of the Windows Server 2003 Technical Reference (or see the Windows Security Collection on the Web at https://www.microsoft.com/reskit). For more information about Active Directory, see the Active Directory Collection of the Windows Server 2003 Technical Reference (or see the Active Directory Collection on the Web at https://www.microsoft.com/reskit).

Table 7.1 describes the advantages of using the core technologies in IntelliMirror that support user state management.

Table 7.1   IntelliMirror Features and Technologies for User State Management

Active Directory

Windows–based directory service, Active Directory, stores information about objects on a network and makes this information available to administrators and users. By using Active Directory, you can view and manage network objects on the network from a single location, and users can access permitted network resources by using a single logon. Active Directory Users and Computers Microsoft Management Console (MMC) snap-in is the recommended tool for managing Active Directory objects, including organizational units (OUs), users, contacts, groups, computers, printers, and shared-file objects.

To manage sites and services, use the Active Directory Sites and Services MMC snap-in. To administer domains and trusts, use the Active Directory Domains and Trusts snap-in*.*

Group Policy

The infrastructure within Active Directory that enables directory-based configuration management of user and computer settings on computers running Windows® Server 2003, the Windows® 2000 family, and the Microsoft® Windows XP Professional operating systems. By using Group Policy, you can define configurations for groups of users and computers, including policy settings for Windows Server 2003 registry-based policies, software installation, scripts, folder redirection, Remote Installation Services, Microsoft® Internet Explorer maintenance, and security.

The Group Policy settings that you create are contained in a Group Policy object (GPO). To create a GPO, use the Group Policy Management Console MMC snap-in (GPMC). To edit policy settings in GPOs, use the Group Policy Object Editor, which can be started from the GPMC. By using GPMC to link a GPO to selected Active Directory system containers — sites, domains, and OUs — you apply the policy settings in the GPO to the users and computers in those Active Directory containers.

For more information about Group Policy and GPMC, see "Designing a Group Policy Infrastructure" in this book. To download GPMC from the Microsoft Download Center; see the Group Policy Management Console link on the Web Resources page at https://www.microsoft.com/windows/reskits/webresources.

User Data and User Settings

Before you deploy IntelliMirror technologies, it is useful to understand the distinctions between user data and user settings. User data describes the files that a user creates and uses; user data belongs to the user. Examples of user data include word processing documents, spreadsheets, or graphics files. Examples of user-accessed data that is not considered to be user data include database records that exist in a corporate database and documents that are shared by many users but that are not exclusively owned by any single user.

In a managed environment, user data is stored in files in the My Documents folder. Administrators can use Folder Redirection to redirect the paths of the following special folders to a network location to back up and protect the data: My Documents, My Pictures, Application Data, Desktop, and Start Menu.

User settings are the configuration choices — stored by the operating system or applications — that the user applies to a desktop or to applications. Typically, settings include variables such as the customized toolbar settings in an application, icon arrangement and color scheme of the desktop, mouse pointers, and language options. User settings are stored in the registry, the Application Data folder, on the Desktop, and on the Start Menu in the user’s user profile.

User Profiles

A user profile includes a user’s unique settings, such as printer connections, desktop icons, mouse settings, folder settings, and the special folders that can be redirected. (Table 7.2 lists the contents of each user profile folder.) A user profile is automatically created the first time that a user logs on.

A user profile consists of a registry hive and a set of profile folders.

Registry hive   NTuser.dat in file form. It is loaded by the system at logon and mapped to the registry subtree HKEY_CURRENT_USER. NTuser.dat stores the user’s registry-based preferences and configuration.

Set of profile folders   Stored in the file system. User profile files are stored in the file system in %SYSTEMDRIVE%\Documents and Settings(for example, C:\Documents and Settings), in per-user folders. The user profile folder is a container for applications and other system components to populate with subfolders and per-user data, such as documents and configuration files. Windows Explorer uses the user profile folders extensively for the user’s desktop, the Start menu, and the My Documents folder.

Table 7.2   Contents of the User Profile Folder

* These folders are hidden by default.

The three types of user profiles are local, roaming, and mandatory.

Local user profile   The default profile type that resides only on the computer at which the user is logged on. A local profile is created whenever a user first logs on to a computer. Local profiles are highly recommended for users who never connect over fast links (such as remote users) or those who need their user settings to roam to whichever computer they use to log on.

Roaming User Profile   Ideal for users who use different computers on the network and who need to have their customized settings and data available to them at each computer they use. A roaming user profile is copied to a specified server at logoff. When the user logs on to another computer in the network, the roaming user profile is copied from the server to that computer. When the user logs off the second computer, the profile is copied back to the server, thus maintaining the most recent version of the profile on the server.

A mandatory user profile   A profile that you create to provide specific settings for users. Any changes that users make to their desktop while they are logged on are lost when they log off. With Windows Server 2003, the recommended tool for establishing strict control over workstations is Group Policy, not mandatory profiles, because mandatory profiles are less manageable and more likely to create administrative problems.

Folder Redirection

Use Folder Redirection to relocate specific user folders to centrally managed shared folders on the network. You can redirect My Documents, My Pictures, Application Data, Desktop, and StartMenu. Users can then work with the files in those folders from any computer on the network, and the folders receive the benefits of centralized security and backup.

My Documents   The standard folder in which user data is stored. By redirecting My Documents to a shared network server, the user can access all the documents from any computer. Also, important user data can be more easily backed up as part of routine system administration, requiring no action on the part of the user.

My Pictures   The default location for pictures and images in Windows 2000. Typically, My Pictures is contained in the My Documents folder. By default, if My Documents is redirected, My Pictures is also redirected. Alternatively, My Pictures can be redirected independently of My Documents. However, it is recommended that you allow My Pictures to remain within My Documents, unless you need to separate these folders for a specific reason such as server scalability, for example.

Application Data   A folder in the user’s profile where applications often place large amounts of data (such as a custom dictionary). By redirecting the Application Data folder, users with roaming profiles can still access files in their Application Data folder without downloading those files every time they log on.

Desktop   A folder that includes files and shortcuts.

Start Menu   Windows Server 2003 allows Folder Redirection to redirect the Start Menu folder.

Offline Files

Offline Files is a feature that complements Folder Redirection and lets users disconnect from the network and work as if they were still connected. When the computer is offline, the files and folders appear in the same directory as they did online — as if they still resided in the same location on the network. This allows the user to edit files when they are disconnected from the network. The next time the user connects to the network, the offline changes are synchronized with the shared folder on the network.

Offline Files is a stand-alone technology. You do not need to pair it with Folder Redirection. However, using the technologies together works well. To ensure that users can access their files even when the network is unavailable, it is recommended that you use Offline Files along with Folder Redirection, especially if you are redirecting the Application Data folder.

Synchronization Manager

File synchronization ensures that local copies of offline files match their network counterparts. When using Offline Files, users can synchronize all network resources by using the Synchronization Manager. You can set the Synchronization Manager to automatically synchronize some or all resources. For example, users can set certain files and folders to be synchronized every time they log on or off the network. The Synchronization Manager quickly scans the system for any changes, and if it detects changes, the resources are updated. Only resources that have changed are updated.

User Profile Quotas

To specify the maximum disk space that a user profile can occupy, use the Limit Profile Size Group Policy setting. This setting is in the User Configuration\Administrative Templates\System\User Profiles node of the Group Policy Object Editor. When you enable this policy setting, you can set options that determine the maximum profile size, specify whether to include registry files when calculating the profile size, and define the user notification options. Profile quotas apply to all types of profiles.

For roaming user profiles, it is recommended that you use profile quotas to limit profile size, not disk quotas. If you use disk quotas to manage profile size, the users find out they have exceeded their quota after they log off. If you use profile quotas, the Proquota.exe tool displays a message to the users when they exceed their profile quota. Users can then manually select and delete files from one or more profile folders by using Windows Explorer or My Computer. Proquota.exe prevents a user from logging off from the network until the profile size is decreased. This tool is enabled when you set the Limit Profile Size policy setting.

Disk Quotas

Administrators can use disk quotas to track and manage disk space usage on the servers that contain users’ redirected folders. Disk quotas apply to NTFS volumes. You can specify a disk quota limit and a disk quota warning level. For example, you can set a disk quota limit to 500 megabytes (MB) and the disk quota warning level to 450 MB. In this case, the user can store no more than 500 MB of files on the volume. You can configure the disk quota system to log a system event if the user stores more than 450 MB of files on the volume.

Remote OS Installation Feature

Administrators can enable remote installation of Windows 2000– and Windows 2003–based operating systems and desktop images on new or replacement computers By using Remote Installation Services, you can direct client computers to a Remote Installation Services server and install automated, customized versions of the operating system. Administrators can use Group Policy to manage Remote Installation Services by centrally setting client configuration options. The remote OS installation feature uses Active Directory, Group Policy, the Dynamic Host Configuration Protocol (DHCP) service, and Remote Installation Services.

To facilitate computer replacement, you can use Remote Installation Services to install the operating system, Group Policy–based software installation to recover applications, Roaming User Profiles to restore user profiles, and Folder Redirection to manage files centrally.

For more information about managing user profiles, Folder Redirection, Offline Files, and Synchronization Manager for Windows XP in a Windows 2000 environment, see the User Data and Settings Management link on the Web Resources page at https://www.microsoft.com/windows/reskits/webresources.