With Windows 10 now into its latest edition, the 1607 “Anniversary” update, it now appears, for better or worse, to be here to stay. It has generated a lot of interest; supposedly the “last version of Windows”, many expected it to be akin to Windows 7 – an improvement following a much-maligned previous Windows version. However, the reality has turned out to be somewhat different from what many were expecting.
Microsoft are now “cloud first, mobile first”, and a lot of this new strategy shows through – sometimes somewhat cynically – in Windows 10. For my sins, I’ve been involved in a Windows 10 deployment since August of 2015, so now, just over a year in, it is maybe time to share the things I’ve learned in the hope that it may give some of you a bit of help when it comes to deploying (or not deploying!) this new version of Microsoft’s flagship operating system.
This set of articles is going to expand at the rate of one a day over the next week or so, and cover a wide range of issues for those of you deploying Windows 10 – whether it be fully virtualized via Citrix XenDesktop or the like, or simply a general physical deployment. Hopefully, it will be everything you need to know!
Don’t forget to read the first parts of this series too – EDITIONS, SERVICING BRANCHES, MODERN APPS, TELEMETRY and THE START MENU.
ROAMING
Dealing with roaming is always fun in Windows 10. According to a lot of Microsoft consultants I’ve spoken to in the last year or so, the original mantra from Redmond was simply “roaming is dead” – everything in Windows 10 was intended to be local to the device, with a few settings synced up into the cloud. Ideal if every user has a dedicated device that’s immune to hardware failure, I guess
With this in mind, though, let’s not forget Windows 10’s “cloud cadence” of fast updates (unless you’re on LTSB). If you’re possibly going to receive two or three full operating system upgrades per year, you don’t really want to be doing in-place upgrades (most IT people are familiar with the reasons why). Ideally, when you upgrade the OS, it should be a wipe-and-reload approach. But that means, to preserve your user’s data and application settings and OS configuration, you need some form of roaming capability, even if you’re not a “traditional” roaming environment – well, either that, or a reliable migration tool. You can’t ask users to lose their personalized settings two or three times a year – not unless you want grumbling to turn into active rebellion. Microsoft may have declared “roaming is dead”, but unless you want to adopt LTSB right across the board, then their very own servicing process may have made it very much alive.
But even aside from this consideration, there are also a huge number of enterprises out there that still have roaming requirements – be it standard hot-desking or full non-persistent VDI. Thankfully, there has been a (little!) bit of backtracking from Microsoft regarding this and now they are trying (over a year from RTM) to accommodate those of us who have this need for roaming capability.
Of course, with the Anniversary Update Microsoft’s own roaming product, UE-V, is actually baked into the operating system (along with App-V), simply waiting to be activated. So it’s not clear whether the initial rejection of roaming solutions was intended to drive people towards their own UE-V product – or even towards the new, Azure-based Enterprise State Roaming (currently only available to customers with a Premium Azure Active Directory subscription). I’m going to discount the Enterprise State Roaming product from this article, because as it stands, ESR only roams settings for the OS, Internet Explorer, and Modern Apps. If you want to roam traditional application settings, Microsoft recommend using UE-V, or the Desktop Bridge (which allows you to convert your applications to Modern Apps and use ESR to roam the settings, but this process looks seriously non-trivial).
For the record, most Windows 10 settings roam fine, but the main one that we’ve all been struggling with is the Start Menu. And this is really annoying, because the Start Menu is the first thing that the user generally interacts with when they use a Windows 10 desktop, and possibly the most “in your face” part of the new OS features. If they personalize it, it’s very annoying to go to another machine and find it has reverted to default, or is showing blank tiles – to the extent that they believe that roaming has failed completely. Roaming Modern App settings is also very difficult, but because (apart from Edge) there isn’t yet a Modern App I’ve seen that has enough settings for the user to even care about roaming, I’m going to consider these (currently) out of scope too. We will look at specifically roaming the Start Menu – if this works, then just about every other OS and application setting should work too.
We are going to look at a number of roaming solutions – some quite “lite”, others quite high-end. Obviously we can’t cover everything, as this is a crowded space, so I will just stick to the few I can provision at short notice:-
- Traditional Microsoft roaming profiles
- Microsoft UE-V
- Citrix User Profile Manager
- FSLogix Profile Containers
- AppSense Environment Manager
PROBLEMS
The issues with roaming the Start Menu are well-documented. Rather than using a flat filesystem, the Start Menu settings are pulled together in a file called vedatamodel.edb which sits in %LOCALAPPDATA%. The operating system has various hooks into this database, which can cause issues when trying to manipulate it for roaming.
To be fair this isn’t the only part of Windows 10 that jumps into a Jet Blue database for storing settings – many Modern Apps do (including Edge), the Notification Center does, and Internet Explorer cookies use this format too (which started in IE10, and which was covered in several articles by my good self). It is, however, the only one that is highly visible to the user – even the IE cookies database only reveals itself when visiting Internet sites.
The 1607 update (fully-patched as of today) is what we are going to use for our testing platform. We will log on, customize the Start Menu by pinning a desktop application, a Modern App, a folder, a website, an RDP connection and changing the name of the groups (see below for an example).
Interestingly, when you pin RDP connections and websites, no matter what the source of the shortcut that you “Pin to Start”, a file representing each of these shortcuts is dropped into the path %APPDATA%\Microsoft\Windows\Start Menu\Programs. These must be captured into roaming in order for them to persist.
If these changes successfully persist when we log on to another device, then we will consider that the method in use is compatible with the latest version of Windows 10. Other Windows 10-specific things, such as Jump Lists hanging from the Start Tiles, seem to roam quite happily provided they are set up correctly in the methods we used in previous OSes (these will be documented in a future article for posterity, but information on pinned items and jump lists are quite easy to find on the Internet).
MICROSOFT ROAMING PROFILES
Now, bear in mind that roaming profiles for different operating systems increment a version number to the profile, as they become incompatible when you try to use them on multiple platforms.
- Windows XP and Server 2003 – v1
- Windows 7, Windows Vista, Server 2008 and Server 2008 R2 – v2
- Windows 8 and Server 2012 – v3
- Windows 8.1 and Server 2012 R2 – v4
- Windows 10 RTM and Windows 10 1511 – v5
- Windows 10 1607 and Server 2016 – v6
We are going to test roaming profiles using a .v6 profile. This suffix is automatically appended to the folder defined in ADUC or GPO when creating and accessing the folder, dependent on the source OS – there is no need to reference it yourself. See here for more information on profile versions.
However, the latest build of Windows 10 currently has a bug, where if you define the GPO for Delete cached copies of roaming profiles, it assigns you a temporary profile every time you log in. I’d normally recommend always having this GPO enabled in a non-persistent environment (obviously this recommendation would be different for mobile devices), but for the purposes of this article, we have turned the GPO off. Microsoft report that it should be fixed towards the end of this month (Sep 2016) – I will update when verified that the fix is in place (now fixed).
Now, those of you with your heads screwed on will be quite aware of where the database that holds the Start Menu sits:-
%LOCALAPPDATA%\TileDataLayer\Database
And of course, a traditional roaming profile doesn’t save anything in %LOCALAPPDATA% – merely %APPDATA%. Using GPOs, you can only exclude directories from a roaming profile, not include them, so adding the database files in is not possible. Therefore, we’d expect our roaming profile to fail.
Indeed it does – although, rather strangely, the RDP and web shortcuts we added are now showing in the Start Menu “All Apps” section, just not in the “Tiles” section. This appears to be because when you add a shortcut for RDP, web or a folder to the Start Tiles, it drops a corresponding shortcut into %APPDATA%\Microsoft\Windows\Start Menu\Programs (see below)
But as you can see, the Start Menu is a mess – it has tried to revert to the default user layout specified in DefaultLayouts.xml and LayoutModification.xml (which is the default behaviour when no database is detected in the user profile), but most of the shortcuts are missing. Suffice to say – for roaming Windows 10 settings, a roaming profile comes up as a FAIL.
Some of you may remember I penned an earlier article which involved using the Export-StartLayout cmdlet to save a copy of the user’s settings, and then importing this into %LOCALAPPDATA%\Microsoft\Windows\Shell at logon. As long as the user didn’t have a profile on the machine, this would reimport the Start Tiles settings. However, I’m not 100% happy with this process as it seems to be a little hit-and-miss, and especially with 1607 now having a bug when the “delete cached copies” GPO is configured, it’s not really suitable for widespread deployment.
MICROSOFT USER EXPERIENCE VIRTUALIZATION (UE-V)
This is Microsoft’s official recommended product for roaming your user state, if you wish to save the settings for legacy desktop applications.
Unfortunately, even though I have it fully enabled in Windows 10 and all of the relevant GPO settings deployed, UE-V never seems to start running! This must be some sort of bug, as it worked fine in the 1511 builds (with the agent installed manually). However, as it cannot even function, we have to regard UE-V as a FAIL also – I will update this if I can find the issue and resolve it.
CITRIX USER PROFILE MANAGER (UPM)
Citrix UPM has always been a solid lightweight profile management tool, and will probably continue to do so even with Citrix’s acquisition of Norskale, as Norskale is a policy rather than personalization tool.
However, with Windows 10, UPM really struggled, necessitating some hacks to unhook the Tile Data Model Server service so the Start Menu database could be copied. However, with the latest version of UPM and the 1607 update to Windows 10, things are looking better – as long as your UPM settings are configured correctly.
The settings for UPM that you need are detailed in this export from my UPM GPO in order to get it to work. Obviously, there are settings included in here that you may not want (streaming, share path, etc.) The main thrust you need are the inclusions and exclusions, which I’ve also reproduced below (obviously these are my entire set of exclusions not just for the Windows 10 OS!)
Citrix | Profile Management | File System | Exclusion list – directories
$Recycle.Bin
AppData\Local\Microsoft\Windows\Burn
AppData\Local\Microsoft\Windows Live
AppData\Local\Microsoft\Windows Live Contacts
AppData\Local\Microsoft\Terminal Server Client
AppData\Local\Microsoft\Messenger
AppData\Local\Sun
AppData\Local\Microsoft\OneNote
AppData\Local\Google\Chrome\User Data\Default\Cache
AppData\Local\Microsoft\Windows\Temporary Internet Files
AppData\Local\Temp
AppData\LocalLow
AppData\Roaming\Sun\Java\Deployment\cache
AppData\Roaming\Sun\Java\Deployment\log
AppData\Roaming\Sun\Java\Deployment\tmp
AppData\Roaming\Sun\Java\Deployment
AppData\Roaming\Citrix\PNAgent\AppCache
AppData\Roaming\Citrix\PNAgent\Icon Cache
AppData\Roaming\Citrix\PNAgent\ResourceCache
AppData\Roaming\ICAClient\Cache
AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys
AppData\Roaming\Macromedia\Flash Player\#SharedObjects
AppData\Roaming\Microsoft\Excel
AppData\Local\Microsoft\Internet Explorer\Recovery
AppData\Roaming\Microsoft\Word
AppData\Roaming\Microsoft\Powerpoint
AppData\Local\Microsoft\Windows Mail
AppData\Local\Microsoft\Office\15.0\OfficeFileCache
AppData\Roaming\Dropbox
AppData\Local\Dropbox
Dropbox
AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
ShareFile
AppData\Roaming\Microsoft\Templates\LiveContent
AppData\Local\Downloaded Installations
AppData\Local\Microsoft\Windows\Themes
AppData\Local\Microsoft\Windows\WER
AppData\Local\Microsoft\Windows\WebCache.old
AppData\Local\ATT Connect
AppData\Roaming\Sharefile\Outlook
AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
AppData\Local\Skype
AppData\Local\Assembly\dl3
AppData\Roaming\Microsoft\Internet Explorer\UserData
AppData\Local\Microsoft\Windows\PriCache
AppData\Local\Packages
AppData\Local\Microsoft\Windows\Application Shortcuts
OneDrive
AppData\Local\Microsoft\CLR-v4.0_32
AppData\Local\Microsoft\GameDVR
AppData\Local\Microsoft\Group Policy
AppData\Local\Microsoft\Media Player
AppData\Local\Microsoft\OneDrive
AppData\Local\Microsoft\PlayReady
AppData\Local\Microsoft\Windows\1033
AppData\Local\Microsoft\Windows\Caches
AppData\Local\Microsoft\Windows\Explorer
AppData\Local\Microsoft\Windows\GameExplorer
AppData\Local\Microsoft\Windows\Notifications
AppData\Local\Microsoft\Windows\Ringtones
AppData\Local\Microsoft\Windows\RoamingTiles
AppData\Local\Comms
Citrix | Profile Management | Filesystem | Exclusion list – files
*thumb*.db
*icon*.db
Citrix | Profile Management | Filesystem | Synchronization | Directories to synchronize
AppData\Roaming\Microsoft\Credentials
AppData\Roaming\Microsoft\Crypto
AppData\Roaming\Microsoft\Protect
AppData\Roaming\Microsoft\SystemCertificates
AppData\Local\Microsoft\Credentials
AppData\Roaming\Microsoft\Excel\XLSTART
AppData\Roaming\Microsoft\Word\STARTUP
AppData\LocalLow\Sun\Java\Deployment\ext
AppData\LocalLow\Sun\Java\Deployment\security
Citrix | Profile Management | Filesystem | Synchronization | Files to synchronize
AppData\Roaming\ShareFile\Outlook\log.txt
AppData\Local\Microsoft\Office\*.qat
AppData\Local\Microsoft\Office\*.officeUI
AppData\Roaming\Microsoft\Excel\Excel*.xlb
AppData\LocalLow\Sun\Java\Deployment\deployment.properties
AppData\Roaming\ShareFile\Outlook\config.cfg
AppData\Local\TileDataLayer\Database\vedatamodel.edb
In my testing, having these inclusions and exclusions configured allows the Windows 10 Start Menu, Start Tiles and all other settings to roam correctly, giving UPM (set up correctly!) a PASS.
FSLOGIX PROFILE CONTAINERS
FSLogix provide a simple profile management solution based around a similar concept to Microsoft’s User Profile Disks (more on these in an article after the Windows 10 series). Simply, a virtual disk is mounted from a network share to replace the user’s profile.
There’s very little configuration to be done, the entire %USERPROFILE% area is replaced by a junction point. So let’s see if it works with Windows 10…
Colour me very impressed…no muss, no fuss, works straight out of the box. FSLogix gets itself a PASS too!
APPSENSE ENVIRONMENT MANAGER
I have tested one of the higher-end UEM solutions for roaming as well, and not surprisingly it is AppSense Environment Manager, using the Personalization Server aspect to achieve this. I’ve also used version 10, because it isn’t really that radically different from version 8, and configurations should be easily portable between the two.
In order to configure AppSense Personalization Server to work correctly, we need to save the following settings into our Windows Settings Group:-
- {CSIDL_PROGRAMS} (to capture pinned folders, RDP items and websites)
- {CSIDL_LOCAL_APPDATA}\TileDataLayer\Database\vedatamodel.edb
- {CSIDL_LOCAL_APPDATA}\Microsoft\Windows\appsFolderLayout.bin
This, when configured, should allow us to capture the settings required to roam around the Start Menu settings.
However – there is a slight issue currently, in that the hook into the system services is not released at the time the Personalization Server attempts to copy the data. According to AppSense, this is due to be resolved in the next update to the Environment Manager software, once this released I will test and update the article.
For the moment, what you need to do is use the Policy Configuration area of EM to stop a couple of system services as the user logs out (in the Logoff trigger) so that the hook is released and the Personalization Server can copy out the required data. This is much easier in AppSense than it is in simpler UEM solutions, because AppSense supports running the command in the SYSTEM context and therefore providing easy check-box elevation. Here’s the command you need – I’ve done it in PowerShell, but you could easily leverage net.exe to do this as well:-
Obviously, don’t forget the elevation, or this isn’t going to work…
With Personalization Server and Policy configured in this way, AppSense EM works seamlessly to roam the Windows 10 Start Menu settings.
It’s a bit disappointing that the functionality isn’t fully native as yet, but as we are assured that the functionality is just around the corner, and that it can be enabled easily by leveraging AppSense’s policy tools, we will grade Personalization Server as a PASS for roaming Windows 10 settings.
WRAP-UP
It’s worth mentioning that with Windows 10 1511 and 1607 being distinctly different operating systems, that the simpler roaming solutions like FSLogix Profile Containers and MS roaming profiles wouldn’t work across both platforms. You’d need something like AppSense or RES or one of the other high-end UEM vendors if you wanted to get true cross-platform capability between 1511 and 1607.
But it is also worth mentioning that, in my opinion, the Start Tiles area of the Start Menu is really the one you need to deal with to achieve smooth roaming. Microsoft’s roaming profiles can’t manage it, but all of the UEM vendors appear to be catching up, which is good news.
Besides the Start Tiles, a lot of Windows 10 settings roam just fine. There are a few notable exceptions (file type associations and IE/Edge home pages spring to mind here, which are really something for a different and more detailed article), but if you can succeed with the “in your face” Start Tiles, you should be close to achieving smooth roaming for Windows 10 users.
In my opinion you absolutely need either a roaming capability or at the very least a migration tool that can deal with user settings, because unless you’re an LTSB adopter you could be potentially reloading your operating system two or three times a year, and in-place upgrades are, in my opinion, a very bad idea.
I’m still a bit confused as to why UE-V doesn’t function at all on 1607 – I have a few pointers and will test them out as soon as possible. It is now native, so you’d expect it to work, but I will update the article as soon as I can find out what the issue is.
But the main takeaways here are:-
- You definitely need a roaming or migration capability if you’re going to adopt the Current Branch for Business model of Windows 10
- Technologies like UPM, Profile Containers and AppSense can now manage the Windows 10-specific roaming much better than they did previously
- Built-in Microsoft tech like roaming profiles or UE-V don’t currently seem to work on 1607 builds
The next part of this series will discuss the slightly-related subject of PROFILES.
CREDITS
Thanks to David Ott, Rene Bigler and Trond Erik Haavarstein for their help with some of the areas covered in this article.
The post Everything you wanted to know about virtualizing, optimizing and managing Windows 10…but were afraid to ask – part #6: ROAMING appeared first on HTG | Howell Technology Group.