Managing where user data is stored in Windows is one of those things that, if done incorrectly, ends up in corrupt profiles, extremely slow logins, and angry usersIf done right, you get centralized backups, seamless equipment changes, and faster login times.
In modern domain environments, the two classic tools for this are Folder Redirection (folder redirection) and Roaming User Profiles (moving profiles). They are similar in objective, but they work very differently and are used to solve Additional issues: user data vs. configuration and profileUnderstanding this difference is key to avoiding creating a Frankenstein's monster of GPOs that is impossible to maintain.
What exactly is a user profile in Windows?
Before comparing anything, it's worth remembering that a user profile in Windows is much more than the Documents folderA standard profile includes everything that hangs from C:\Users\username (Desktop, Documents, Images, AppData, etc.) and also the contents of the hive log HKEY_CURRENT_USER (HKCU)where lots of application and system settings are stored.
When you work with purely local profiles, all of that data stays on the computer where the user logs in. This means that If you switch PCs, you'll see a "clean" desktop, with no settings, and your data will remain on the old computer., unless there are backups or some additional system.
Roaming profiles and folder redirection address this problem in different ways: roaming profiles They copy the entire profile to and from a shared network resource, whereas redirection only moves certain folders that you choose to the network.
Roaming User Profile: how it works and what data is included in “roaming”
A mobile user profile is, essentially, a local profile that is stored centrally on a shared resource and is copied to the computer when the user logs in, and back to the server when they log out.
In a domain, the user is configured with a profile path in Active Directory that points to a file share (for example, \\server\profiles\%username%). When the user logs on to a computer in the domain, Windows copies the profile contents from that share to the local computer and merges what already exists locally, if it exists.
When you log out, the system performs the reverse process: synchronizes changes from the local profile to the profile stored on the serverIf the user logs in on another computer, that new computer will download the same profile, so it will see the same settings, desktop, printers, etc.
The key is that mobile profiles not only carry the most obvious user data, but also Tons of settings and preferences: wallpapers, application settings, browser views, default printers and many other details stored in AppData\Roaming and in HKCU.
This sounds great in theory, but it has a direct impact: The larger the profile, the slower the login and logout process will be.Because all that content has to be copied across the network every time someone logs in/out. If users save photos, music, or iTunes libraries to their profile, the loading times skyrocket.
Folder Redirection: move only what matters
Folder Redirection allows you to take one of the "special" folders from the user profile (Documents, Desktop, Pictures, AppData\Roaming, etc.) and changing the actual path to a network share, usually through group policies (GPO).
In practice, the user still sees their folders in the same place as always (for example, “Documents” in the browser), but in reality It is working against a folder located on a server.In this way, important data is stored on the network, where it can be accessed and retrieved. centralized backups can be made and made available from different devices..
For example, you can move the "Documents" folder from C:\Users\username\Documents to \\FS\UserData\%username%\Documents. This is transparent to the user, but you, as the admin, gain control, centralized backups, and the ability for the user to log in to multiple PCs and see the exact same files.
In addition, Windows often combines Folder Redirection with Offline FilesThis ensures that data remains available even if the server connection is slow or drops, as the system maintains a cached copy and synchronizes changes in the background, instead of blocking login while copying everything.
Roaming Profile vs Folder Redirection: Key Differences
Although both mechanisms rely on shared network resources, They are not the same, nor do they behave the same.It is important to clarify some points to avoid mixing them up incorrectly.
With mobile profiles, The profile is copied almost entirely at the beginning and end of the sessionAll content that isn't redirected is included in the profile package, so size = wait time. Folder Redirection, on the other hand, It moves only certain folders to the server and keeps them synchronized while the user works.reducing the volume of data that travels during logon/logoff.
Furthermore, when a folder is redirected, It is no longer part of the mobile profile.In other words, the content of, for example, Documents is no longer included in the roaming profile file; it resides independently in its shared resource. This is positive for performance, because logon/logoff times become lighter.
Regarding what data travels only with mobile profiles and not with Folder Redirection, you have to look at everything that is not a typical candidate for redirectionAppData\Local, AppData\LocalLow, temporary data, much of the configuration stored in HKCU, etc. That's where things like Outlook profiles, certain application preferences, screensavers, browser customizations and more settings that, without a roaming profile or a third-party profile management solution, wouldn't move between teams.
Therefore, in many modern scenarios there is a tendency to minimize or even avoid the use of traditional mobile profiles and rely much more on folder redirection (or alternatives such as OneDrive KFM, Work Folders or profile managers like Citrix Profile Manager), leaving roaming profiles only for very specific or legacy cases.
Folders that are usually redirected (and which ones you shouldn't touch)
Windows allows redirecting to 13 special profile foldersAppData\Roaming, Contacts, Desktop, Documents, Downloads, Favorites, Links, Music, Pictures, Saved Games, Searches, Start Menu, and Videos. That doesn't mean you should just redirect them all; there are quite a few nuances.
In most companies, the number one candidates for redirection are Documents and DesktopThese are the folders where users typically store their work files (documents, spreadsheets, presentations, etc.). By redirecting both, you cover almost all the critical content that users consider "their important stuff."
The Downloads folder raises more questions. On the one hand, it makes sense to centralize it, but in practice It tends to fill up with installers, temporary files, and junk that grows uncontrollably.If you redirect it to a shared resource, you can end up with tons of unnecessary data taking up server space and moving across the network. Many administrators prefer not to redirect it, or if they do, they combine the policy with quota limits and clear rules.
Folders like Music, Pictures, Saved Games, or Videos are rarely redirected in corporate environments, except for very specific users who work with audio or video. These folders can grow enormously, and They do not usually contain critical business dataTherefore, it is usually best to block its use for personal content via GPO and keep that data out of corporate storage.
However, folders like Favorites, Contacts, Links, Searches, or Start Menu usually remain within the roaming profile (if you use it), because They are small in size but are consulted very frequentlyIf you redirected them, you would be generating more constant calls to the remote disk and could introduce annoying latency into the user experience.
What's wrong with AppData\Roaming and why is it causing so many problems?
Folder AppData \ Roaming It's in a gray area. Technically, it can be redirected, and many profile solutions do so partially or granularly. But redirecting it completely could be... severely impacting the performance and traffic of your file server.
Many applications store their settings, temporary files, user profiles, and even caches in AppData\Roaming. This means that if you redirect this folder, Each read or write will go against the shared resource.crossing the network. In a VDI or RDS environment with many users, this translates into a flood of I/O on the server that can slow down both applications and the infrastructure itself.
There are also applications that require exclusive file locks Regarding items in AppData\Roaming: If the same user opens the application on two different computers, or if the application is not properly designed to work with UNC paths, you may encounter strange errors, crashes, and data corruption.
For these reasons, many managers opt for a mixed strategy: Try initially with AppData\Roaming redirected In a pilot group, monitor performance and, if problems appear, undo it or use third-party tools (such as Citrix Profile Management or other profile managers) that allow include or exclude specific subfolders instead of redirecting it all at once.
Also remember that AppData\Local and AppData\LocalLow They are never redirected in the classic Windows model, because they contain caches, temporary files and data closely tied to the specific computer.
Impact on performance: slow logons, large profiles, and how to mitigate it
One of the first symptoms of a bad combination of mobile profiles and redirection is that users tell you that “The computer takes forever to log in”It's no coincidence: a mobile profile with several gigabytes can turn every login and logout into a small move across the network.
Folder redirection helps to reduce that impact, because Remove the largest folders from your mobile profile. (Documents, Desktop…) and keeps them synchronized in another way. Thus, the roaming profile only carries what is truly necessary for personal configuration, and the rest is handled with Offline Files and background synchronizations.
In addition, there are specific GPOs that allow adjust how the system behaves with roaming profilesFor example, in Computer Configuration → Policies → Administrative Templates → System → User Profiles you can find the policy to configure “Wait for network for maximum… seconds” in 0, reducing the time the system waits for the network to be fully available before proceeding with the logon.
Other good practices include Educate users not to save large files within their profile. (especially on the Desktop), distribute profiles across multiple servers in large environments to avoid bottlenecks at certain times (such as 8:00 AM) and carefully monitor the size of profiles and shared resources.
Microsoft published very detailed guides on how analyze and speed up login times with mobile profiles, including diagnostic and profile weight reduction techniques, which are worth reviewing when you start seeing disparate or intermittent logon times.
Combined use in VDI and remote desktops
In virtualized desktop environments (VDI) or Remote Desktop Services, roaming profiles and folder redirection are almost mandatory if you want to offer a consistent user experience across non-persistent desktops.
In these scenarios, the virtual desktop often It is destroyed when you log out.Therefore, any data or settings that you haven't centralized are lost. That's why administrators often define a home folder or personal drive on a server (often mapped to a letter, like H:, P: or I:) and combine it with Folder Redirection so that Documents and Desktop go to that same central location.
It's important to understand that a traditional home folder (for example, a drive H: mapped to the login) is not the same as folder redirection, even though the final path may be the same. The home folder is simply a shared resource assigned to a drive letterWhile redirection changes the "native" location of the profile folders. From a Windows and storage perspective, the underlying principle may be the same, but The way users and applications access that data changes.
Many corporate desktops combine both approaches: the user has their network drive with their home folder and, at the same time, sees their Documents and Desktop folders redirected to that same path via Folder Redirection. This covers both the traditional way of working (drive H:) and a more seamless integration into the user profile.
Correct order to configure Roaming Profile and Folder Redirection
If you're going to use roaming profiles and folder redirection simultaneously, the deployment order is critical. The general recommendation is First configure Folder Redirection and then enable Roaming Profiles.
The reason is simple: if you first enable roaming profiles, the user's folders (Documents, Desktop, etc.) will be integrated into the profile on the server from the start. If you later implement folder redirection, You'll be mixing old data that's already in the roaming profile with new data that will go to the redirected folder., generating possible inconsistencies.
However, if you first configure Folder Redirection, the data in those folders will be saved directly to the specific share for each user, and when you activate roaming profiles Those folders will already be outside the scope of the roaming profileThe mobile profile will focus on the configuration and non-redirected parts, which better fits the recommended model and reduces the overall size of the profile.
When defining redirection policies, it is common to use the advanced configuration option and the destination “Create a folder for each user under the root path” in the GPO (User Configuration → Policies → Windows Settings → Folder Redirection). This way, each user automatically receives their personal folder on the shared resource you have defined.
When you combine all of this with a personal directory, you can also point the redirection to the home directory pathWhat doesn't usually make sense in a VDI or non-persistent desktop environment is redirecting back to the local location of the profile, because that profile is discarded in each session.
Using Primary Computers to limit which computers use roaming and redirection
Windows includes a very useful feature called Primary Computers (primary computers) that allows you to define, for each domain user, on which specific computers the roaming profile and folder redirection are applied.
The idea is that you can say: “This user should only have their roaming profile and redirected folders on their desktop and laptop, but not on the training room PC or the shared meeting room computer.” You limit the spread of sensitive data and prevent heavy profiles from being downloaded to machines where the user only logs in occasionally..
Technically, this is governed by the attribute msDS-Primary-Computer in Active Directory and some specific GPOs: “Download roaming profiles on primary computers only” y “Redirect folders on primary computers only”When these policies are enabled, Windows, during logon, checks if the computer from which the user is logging in is listed as primary for that user.
If the device is one of the primary devices, the roaming profile (if any) will be downloaded and the corresponding redirection policies will be applied. If it is not, Windows will handle it. It will load a cached local profile, or create a new one. if it doesn't exist, and also will remove folder redirection according to the deletion action defined above in the Folder Redirection GPO.
This approach offers several advantages: Greater control over where private data is downloaded, less risk of leaving traces of information on shared PCsand faster logons on non-primary machines, since the roaming profile is not downloaded and heavy redirected folders are not synchronized.
Best practices and modern alternatives (OneDrive KFM, Work Folders)
Although roaming profiles and Folder Redirection still work and are widely used, many organizations today are migrating some of that functionality to cloud solutions such as OneDrive with Known Folder Move (KFM) or Work Folders, especially when they already have Microsoft 365 licenses.
With KFM you can redirect Documents, Desktop, and Pictures directly to the user's OneDrive, taking advantage of OneDrive's synchronization technology, which is More modern and robust than the old Offline ArchivesThe behavior is similar to that of traditional Folder Redirection, but supported by OneDrive and with additional advantages such as file versions, integration outside the corporate network, etc.
Another possibility in on-premises environments is to use Work FoldersIt offers a very similar experience to OneDrive but hosts the data on your own servers. Microsoft promotes it as a more modern alternative to Offline Files, although Offline Files is still useful if you need compatibility with NAS not Windows where Work Folders does not work.
In any case, even when you use these alternatives, the conceptual logic is the same: decide which data should reside on the network (or in the cloud) and travel with the user, and which should be avoided to prevent overloading the network and storageThat's where experience and monitoring your environment make all the difference.
By sensibly combining roaming profiles, Folder Redirection, primary teams, home folders, and, where appropriate, solutions such as OneDrive KFM or Work Folders, it is possible to enable users Keep your essential documents and settings on any device without penalizing performance or unnecessarily complicating domain administration.
