Can Microsoft "change the game" with Terminal Services over the next five years?

The annual MVP conference at Microsoft's campus is Redmond is a great opportunity for the twenty-or-so Terminal Server MVPs to spend a few days with Microsoft's Terminal Server product group.

The annual MVP conference at Microsoft's campus is Redmond is a great opportunity for the twenty-or-so Terminal Server MVPs to spend a few days with Microsoft's Terminal Server product group. While most of the conversations are NDA, one cool thing that the TS team has done over the past few years is that they (Microsoft) have asked us (the MVPs) to make a 45-minute presentation to them about where we see the industry going, what's important for Microsoft to do, and what features we'd most like to see in future versions of their products.

This year was no different. Specifically, the Microsoft TS product team asked us "What do we need to do to Terminal Services in the next three-to-five years. How can we improve it? What do we need to focus on?" We MVPs jumped on this opportunity. We set up an email distribution list to share, shape, and discuss our ideas which lead to our presentation.

What's cool is that while a lot of the MVP conference was NDA, our presentation was not. (After all, we MVPs wrote it!) In this article, I'm going to share the elements of the presentation that we gave to Microsoft. (In other words, if the Terminal Server MVPs ran Microsoft, this is what we'd do in the next three-to-five years.)

Before we look at the specifics, I'd like to point out that even though I am the author of this article, all of the Terminal Server MVPs had a hand in shaping its content. And I'd specifically like to call out Tim Mangan and Steve Greenberg (both first-time MVPs!), as they were the two primary folks who put the presentation together.

That said, let's take a look at our world.

Microsoft Terminal Services: our five-year plan (from the Terminal Server MVPs)

We broke our presentation into two pieces:

  • The "short term" 1-3 year plan (Windows Server 2008 R2?)
  • The "long term" 3-5 year plan (Windows Server 2013?)

The first thing I should point out is that we just made up the terms "Server 2008 R2" and "Server 2013." We have no idea if/when/what these things will be called. We just wanted to point out that we're suggesting two types of changes--short-term tactical things and longer-term strategic stuff.

The 1-to-3 year Terminal Server plan

We feel there are three areas that Microsoft should focus on in the near-term for Terminal Services:

  • Get Calista out the door!
  • Clarify app / Vista licensing
  • Many “little” TS Features

Short term: Calista

Microsoft bought Calista in January. Calista was not a shipping product at the time of the acquisition. But we really, really want this technology to be built into the core RDP protocol that's available from Microsoft. And we want this as soon as possible. (For those who don't know, Calista has the potential to add full multimedia support to RDP. Read the analysis of it here.)

Short term: Licensing

We feel that Microsoft has done a great job with Terminal Server licensing in Windows 2008. So no problems there. But we put "licensing" on our short-term tactical list because there are still a lot of "ecosystem" licensing challenges. Things like Office 2007 on Terminal Server--how is that licensed? And the whole super-confusing VECD thing. So even though these aren't Terminal Server licensing problems per se, they definitely affect the practical usage of Terminal Server in the real world. Maybe there's something the TS team can do to help clarify all of this?

Short Term: Little Featurettes

The last short term goal for Microsoft with regards to Terminal Server should be just to continue to make the Terminal Server features better. It's not even really worth listing everything here since they're listed ad-nauseam elsewhere on the web. (Plus the list is endless. Millions of people want millions of features!)

The 3-to-5+ year Terminal Server strategic plan

We blew through the first part of our presentation in just about five minutes because to us, the 1-to-3 year plan is just "business as usual," and really they don't need us MVPs to feed them the laundry list of "feature-level" improvements.

Instead, we asked Microsoft WHY they were trying to add all these features into the core product? If you look at Windows Server 2008, it has new features like TS RemoteApp, session brokering, TS Gateway, TS Web Access--these are all things that people initially get very excited about. But when you actually dig in to these features, you see that they're so basic that they're not really usable, and what Citrix, Quest, Ericom, and the other third-party companies offer are much, much better.

So why is Microsoft wasting time and energy developing TS features on their slow multi-year product cycle which best case are not even as good as the features that are available by third parties today? How does that help the customer?

Is this what Microsoft should be doing?

To us MVPs, we broke posed this in the form of a question that Microsoft has to answer. We called it "core versus third party." What features should Microsoft add to the core Windows product, and what features should Microsoft leave to third parties?

This question is important to us because in reality, many of the "hard" problems that we've been dealing with for years are still there, even in 2008. So why isn't Microsoft tackling these hard problems that affect 100% of their user base? Why are they wasting time building super basic featurettes that only probably 5% of their customers care about?

So what "hard problems" are we talking about? Things like application integration, user profiles, application-specific user data, application (in)compatibility, and simultaneous user sessions on multiple servers.

Because these problems remain unsolved, today's Terminal Sever-based solutions are never-ending brute force attacks on the problems. We endlessly and haphazardly cobble together solutions including:

  • Layering SoftGrid application virtualization on Terminal Server
  • Complex configuration for OS/server builds
  • Custom scripting for application installation
  • Custom scripting for application run-time
  • Complex profile management

All of this affects complexity, performance, ease of management, adoption rates, and the general sanity of Terminal Server SEs.

Our Vision

So what do we MVPs think Microsoft should focus on? It's quite simple. Forget making all these lame featurettes and instead focus on the hard problems that have been at the core of our world for the past ten years. We broke the hard problems down into three "specific revolutions" that we'd like to see from Microsoft:

  • Virtualization at the session level
  • Inherent separation of machine, OS, application, and user data
  • Universal presentation virtualization

Virtualization at the session level

When we say that we'd like virtualization at the session level, it's first important to define and understand what a "session" is. In the world of Windows, anytime a user logs onto a system in an interactive way, they have a session. A session includes a shell, a user profile, an HCKU registry hive, user security tokens, etc. Furthermore, a session always runs on a Windows OS, which has drivers, an HKLM registry, program files, etc.

When you logon to your Windows XP laptop, you're running a session. But when you connect to a seamless windows published application through Web Interface, you're running a session on that remote Terminal Server too. (Even though you don't see it, you're running a shell, you have an HKCU registry loaded on that remote system, you have a user profile, etc.)

The problem today is that a user session has too many dependencies on shared system components and configurations. It depends too much on the underlying OS. It depends too much on the applications that are installed on that OS. And it's too tightly tied to the host system, since one “greedy” session can ruin a lot of good ones

So when we say "virtualization at the session level," we'd like Microsoft to properly isolate and protect the user session, whether that's a single user logged into a Vista workstation or one of hundreds of users logged into a Terminal Server. We'd like "SystemGuard-like" behavior at the session level instead of the application level. ("SystemGuard" is the technology that SoftGrid uses to isolate and virtualize applications into their own little bubbles.) And we'd like to have session-level performance controls.

Inherent separation of machine, OS, application, and user data

Continuing the thinking that we began to outline for the previous item, we'd like Microsoft to ensure that all the various "layers" of a session are properly isolated and separated from each other. Think of it like this: Right now, you start with hardware. You install an OS which is "locked" to that hardware. (i.e. you typically can't just drop that installed OS onto a different piece of hardware without problems.) Then you install apps onto that OS, and again, they're locked there. Then users logon and get their profiles and environment set up, but that's again highly dependent on the lower layers.

Machine virtualization (hypervisors and VMMs) do a great job separating the OS install from the underlying hardware. Application virtualization (SoftGrid, Thinstall, Altiris SVS, etc.) do an OK job separating apps from the OS layer, although they don't all work all the time because some apps are too tightly tied to the OS too. (After all, why's an app asking for a reboot?)

And then when you get up to the user layer, the profile problem is just laughable. Again, a lot of this happens because the user profiles are specifically tied to the lower layers (apps and even OS), so it's all very complex.

Instead, if Microsoft was able to ensure that each of these layers was truly self-contained and separated, we could start to do some amazing things. App compatibility would be a thing of the past. We could easily "flow" between multiple sessions on multiple devices, grabbing elements of each layer from wherever we needed them. One user could have multiple instances, multiple session types, and multiple execution locations. (And in fact, something like LUFlogix becomes a reality too.)

Universal presentation virtualization

Finally, we asked Microsoft to create what we termed "universal presentation virtualization." What this means, quite simply, is that we want a consistent application experience--regardless of the app's core technology, regardless of what rendering technology the app uses, and regardless of how it's accessed.

For example, today Vista Aero glass is only available for application / user sessions that are local. You don't get it via RDP. Oh wait, ok, well yes, you can get it through RDP to a VDI solution, just not a TS solution. Well, ok, it only works with VDI solutions based on blades, not based on VMs...

The point is that the experience a user has with an application (the performance, the look and feel, the interface) today is highly dependent on how that application is being delivered. In the future, we want full visual fidelity across all use cases. We want Win32, WPF, Java, Silverlight, AIR, .NET, Gears, etc. apps all look, feel, and behave the same.

So how do we get there?

What we're asking for won't be easy. Microsoft asked us MVPs to suggest some future directions for Terminal Server, and instead we came to them and said "We think you should fundamentally change many core aspects of Windows that have been in place for fifteen years."

The biggest challenge is the fact that even though we presented this to the Terminal Server team, what we're suggesting is much bigger than "just" Terminal Services. It would be a major cross-group initiative that would have to come from much higher up within the organization. And really, it would involve so many different groups, including:

  • Terminal services
  • Hardware virtualization
  • User session
  • SoftGrid / app virtualization
  • Security
  • Kidaro
  • Probably more that we’re forgetting here

Can Microsoft do it? Should Microsoft do it? Will Microsoft do it?

Join the conversation


Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

You mention "SystemGuard-like" behavior at the session level.  Could you elaborate on this idea a bit further?  Sessions are sessions in that they are individual and unique session to session.  One session does not share elements of identity with another session (other than HKLM).

Session level performance?  Could you elaborate a bit here?  Third party tools offer this feature.

As to the inherent separation of machine, OS, application and user data....:-).  It took some time....but I have come around to this Hybrid approach to profile management...:-).  Mandatory profiles are really an art form.  No two engineers create them in the same way.  It would really be quite nice to download a bonafide MS mandatory profile representing current SP for use in our profile management schemes.

Universal presentation is the work of managing the shell environment.  Worst-case scenario an application references a hard coded shell configuration (explorer.exe), rather than a variabilized/dynamic configuration for presentation via the shell of our choosing.  This shell management issue turns a bit toward the third party as well?  What can MS do to encourage the market for presenation layer delivery to the end user?

With RES Workspace Extender and Citrix Alice project it is entirely possible at this time to present an integrated shell environment to the end user, the application can be locally installed and run "seamlessly" within the user workspace.  It's getting the integration of sessions within a single user workspace that can be a bit challenging.  One of the third party tools above gets this done, the other is in development....:-)

The core versus third party dialog is timely.  I see the attempt at the CORE OS release as an effort in your direction, focusing on the problems that impact 100% of users (lack of user shell environment is also appealing).  This is the long way of saying that "less is more".  The recent rewrite of the SMB protocol by Microsoft references the work of re-engineering a protocol which had not been touched in 15 years.  So, it seems MS is working to re-tool the internals a bit.

Sessions are far too reliant on information traversing the network.  The security, policy, and scripting framework within the network is cumbersome, and impedes perceived performance for the end user.  Slow logon times impact the profiling environment (corruption due to latency within the network fabric), percieved performance (how can it be any good when it takes so long), and is a pain to get to (why do I have to type so many key strokes).  Users want their sessions to be more rapidly provisioned, and a lowering of the complexity required to get the whole thing started.

Not quite a rant...or too planned out...but I had time over coffee this morning...  Thanks for the post Brian.



I can't wait to quit the Citrix bloatware gouging game.

Terminal Server is getting closer to the main features of Presentation Server and they never had to change the name once. Ericom is pretty close to Presentation Server. MS-Application Virtualization is a much more complete independent solution to Citrix App Streaming. (They are screwing us by forcing us to buy their annual subscription)

Do you still buy the expensive $20 music Album because you just want to hear 2 songs on the Album or do you simply download the 1 or 2 singles you really want @ .99 each? We all love this and benefit from this. This is new school and benefits the consumer.

As long as Citrix forces the customer to buy Advanced Access Control, Password Manager, Provisioning Server, Streaming Applications when all they want is one of the more advanced features of Presentation Server they will continue to lose customers. I call this Citrix Gouging or Citrix Bundling/Bungling. This is old school and gouges the customer.

The individual songs and individual products must stand on their own merits.

What advanced feature of Presentation Server can't you buy individually?


Thank you for sharing this presentation with us.

Interestingly a year ago, before the previous MVP summit, you called on the community to propose features for the future version of Terminal Services. My suggestions were:

True, WPF remoting is less than Universal Presentation Virtualization, but it's also more achievable. Given that WPF is the future of UI development on Windows, that in itself may be enough and certainly a huge step forward (with Calista for video and end-point devices that can't do WPF).

Separation of machine, OS, application, and user data has been an evolutionary process in IT for over 40 years. I do agree we need to pick up steam. Current OSs, including both Windows and Linux, are still very much grounded in the 70s and 80s. A lot has changed since then.



Two short term featurettes that would add a little more value to Windows Terminal Services, for me, are:

- Improved software restriction policies, so I wouldn't need AppSense Application Manager

- Built in performance tuning like CPU \ Memory optimisations offered by TScale, similar to how Citrix integrated it.

Two minor things, I know, but they'd help add a little more value. Of course, if the TS RemoteApp, TS EasyPrint, etc, etc, features were more beefed up, this would help too.



Edgesight, Smart Auditor, etc...

Do a google search for the "Presentation Server 4.5 Comparative Matrix"

You can buy EdgeSight separately can't you?


Of all the advanced features of Presentation Server, Smart Auditor is the only one that can't be bought seperately.


You are not forced to keep buying subscription.  If you don't want it, don't keep buying it.

Platinum is a complete package of Citrix products.  You don't have to buy platinum.  If you want to buy Password Manager or Edgesight on their own, go ahead and do that.

Many customers choose to buy everything together with Platinum but they don't have to.

We seem to have this topic come up every other month.

There was a reason you weren't invited to the MVP summit.  It could you be your constant use of "my" and "I" in your posts or the fact that you like to link back to your blog.  I am not sure which.

Hey Brian,

Nice post—thanks for sharing the insights of the TS MVP team!  The
suggestions outlined in the 3-5 year plan boil down to virtualization. 
And, with the level of virtualization you describe, it begs the question: will
we even need the OS as we know it in 5 years?

As could be expected, the Gartner analysis of MS and Windows tipped off a
whole debate on the topic.  But, it seems relevant to this
discussion.  Don't web apps address many of the issues outlined in your

Before computers were capable of running multiple applications, the user
experience was closely tied to the application.  Then, with advances in OSes,
the user experience became more about the OS (like the good 'ol Mac vs. PC
debate).  Now, the user experience is moving more towards the Web (if it
wasn't, would Macs really have experienced their recent resurgence?)

As that trend continues, the OS is becoming more of a front-end for a
browser, which is becoming the front-end for more applications.  So if the
Web is the front-end for the app, what is the OS?  I know, OSes currently have
a lot of other functions.  But as we've seen with the advances in
virtualization, much of their functionality is being pulled into other
technologies.  The web is a form of virtualization itself because—as long
as you're using a compliant browser—it doesn't care about what OS or hardware
you're using (I know, there are proprietary protocols, development tools,
plug-ins, etc., but theoretically...).  

With hypervisors acting as the device broker and the browser acting as the
application broker, what's next?  I think we'll see more base OS
functionality rolled into the hypervisor, which blurs the distinction between
the hypervisor and the OS.  Heck, the hypervisor eventually will be part
of the chipset.  And on the application front, web apps will continue to
evolve.  So, the question then is, in 5 years, will we really need the
session- and presentation-layer virtualization you described?

If your 3-5 recommendations were 1-3 year recommendations, I think they
would be excellent advancements for TS and the OS in general.  But other
technologies aren't going to stand still, which makes me wonder if at least
some of the recommendations you and the other MVPs outlined won't be moot
points in 5 years...


So your idea is to have the entire stack delivered by MS so that you could bury the little hard-working companies that are bringing you all this cool functionality?


This sounds like the feather-weight VM comment posted by some Peter Ghostine in an article by Ron Oglesby almost 2 years ago.


If I had a nickel for every one of the thousands of apps I've worked on that were "going to completely web-based any day now" over the last 13 years since the web took off I'd be rich.  While more applications are taking on web-based deployment methods, I'm seeing an increase in client UI richness with support for offline modes (i.e. local data sync).  Those applications may eat into the number of apps that will be deployed on a SBC/TS environment.  But trust me, the pure Web approach isn't really doing that today.  I've been at lots of customers that have a number of "web apps" that they are running on Citrix, because developers don't seem to get the concept that something being web-based means that it should be lightweight with intelligent amounts of data exchange.  Just because it runs in browser does not make it a web application.



I wasn't invited for the simple reason that I'm not a Microsoft MVP. But I am glad that some of my ideas match those of that prestigious group of people.

And since you seem to be an ardent follower of my posts, let me provide you with a bit of useful info about web links: you don't have to click them if you don't want to.


This bashing of Dan is getting out of hand he is a very good contributor but people keep jumping on his ass for no reason. If this was school I would say there is bullying going on so people please stop you are adults supposedly. Just to note he is entitled to his opinions just like anyone else. If he wants to use I and my so what dont read what he says if it is such a headache for people.

BTW I dont know Dan but bullying is not tollerated by me.

I'm guessing you're either the 'Guest' who moaned in an earlier posting, or you work for AppSense.  All I said was that it'd be cool to have those two features as part of Windows, for free, to save me having to shell out extra money for them.  In fact, the Restriction Policies is there now, but just not as sophisticated as it could be. Not an idea, as such. The vendors mentioned offer other products besides these types of tools too. So are you in favour of breaking some bits off the OS and use more third party tools - maybe ACME EventViewer perhaps, requiring more money and another agent?

I think the original poster was referring to MS with the annual subscription. S/He is right - you cannot buy MAV-Microsoft Application Virtualization without buying the MS annual subscription software maintenence. I think MS should change this too.


Where the heck does the "OS" stop and the "management sophistication" start? When does an OS stop being just an OS with core features and start usurping on the features of the management tool sets built by AppSense and others?

Provided MS adds the sophistication you're yearning for, will you not then call for them to add the functionality in these "other products" you referred to? Is AppSense and others not giving you the ROI you so want and need?

Do you want to go back to the single-vendor days where everything was being shoved down your throat?

The two features I highlighted are pure and simple security and performance measures, and yes, I see no reason why they should not be part of the OS.  Should security and performance be a luxury you have to get by buying another product or would you not consider it a fundamental part of the OS?  My original post purely said that these would add more value to the OS  - do you think they wouldn't then?

So, we continue to bash our least favorite!  Whether its for "forcing" competitors out,  or "gouging" customers with so-called underhanded tactics like "bundling," there are actually1-2 companies that have figured it out.  When the "little hard-working companies" learn to take off their technology blinders and realize or admit that they must balance their vision with a little business sense, then the market will be filled with real competitors whose technology will be backed by a solid business strategy.  There is nothing more frustrating than buying/licensing technology from a company that's not going to be around next year.  The old saying still applies... "You get what you pay for!"  After all, we have to protect our businesses too.

Chuck from the desert 



Why does Password Manager, Citrix Streaming Apps, and other products depend on XenApp? Can't they stand alone?



"Security" is a multifaceted and broad subject. "Software restrictions" is definitely a luxury item, rather than an essential security feature, because you could surely achieve the same result by way of NTFS permissions. Sure, locking down access to apps via NTFS permissions is tedious and somewhat impractical, but it's "part of the OS" :)  As for performance management, it too is a luxury item because most organizations have done reasonably well without it, just like they have without the need for software restrictions.

Microsoft should simply focus on delivering a more robust platform, i.e., a more PC-like display protocol as opposed to the antiquated, behind-the-times RDP.  They should provide better session isolation a la "feather-weight" VM discussed in one of the comments posted in the article mentioned below (  In other words, Microsoft should simply do the things that partners cannot touch, leaving the work of delivering management add-ons to their partners.

Honestly, by focusing their efforts on RemoteApp, Easy Print, TSGateway, etc, I think the TS group at Microsoft has demonstrated bona fide shortsightedness and a serious lack of understanding of the pains that plague the widespread adoption of TS.  No wonder VDI has emerged as a viable alternative!  In all fairness, PnP redirection is just about the only good decision they've made. As far as most everything else, they've effectively usurped their partners' bread and butter and pushed their backs against the wall.

That's my $.02. I'm sure you 're not going to agree.




 I thought you were already rich ;)

So they could shove a "bundle" down your throat and meet their numbers.

Well, I agree with some of what you say, but not all.  Personally I think the security and performance 'tools' I need third party products for would be of benefit in the OS.  The security one is in place in the OS partly, and the performance one is in place in Citrix. So I'm not being completely outrageous.  The other features listed - sure, they seem pointless when you compare with the Citrix (and others) alternative, but even then, I think you are overlooking the fact that smaller farms may make use of them.  Perhaps we agree to disagree and move on.  The differing opinions is no bad thing anyway.  One thing's for sure, a more robust platform is key beneath all this.



If this was school, you would get an "F" for that last post due to bad grammer and use of run on sentences.


They don't depend on XenApp. They can stand alone. Buying them together is cheaper than buying them seperately.
Regarding "Session virtualization".  If you consider a world in the future in which a user may be running applications in serveral different "windows instances", possibly at the same time, the separation of the user's sessions state from the OS, and the ability to "layer" that state information between sessions, is very important.  The restrictions of mandatory profiles and complications of roaming and hybrid like profiles that we have today are simple to what we will end up with in the future.  And I guess I should note that TS does not fully protect one user from another or one user from the OS - and it should.

"BTW I dont know Dan but bullying is not tollerated by me."

I agree that bullying is bad, but I must say, that comment is rather funny coming from an anonymous user...  


Hey Shawn,

Yeah, I thought about clarifying my timeline a little bit, but figured I had
written enough at that point. :-)  To be clear, I don't think the desktop
OS is going away anytime soon.  In fact, I don't think it necessarily will
be going away further down the road either--I just think our definition of the
OS might change.  

Brian suggests that incremental improvements to existing technologies will
overcome the limitations and problems with those technologies.  Makes
sense, that's how things work, right?  My point, though, is that in 5
years, there might be a new paradigm-shifting technology that inherently
overcomes the limitations of previous technologies.

Take something like Provisioning Server.  It solves the same problems
as SBC, VDI, etc., but does so using a completely different paradigm.  So,
the specific limitations to each of the alternatives may not even apply to
Provisioning Server. 

My point isn't that web apps are the future; like you said, they have their
own pros and cons.  Instead, I just used them as an example of how some
computing models make the underlying OS and platform less important.  Take
even XPe thin clients with a Citrix client: the OS mainly serves as the
hardware broker instead of the application runtime environment--users would
access all their apps remotely through XenApp.  With web apps, the
multiuser capabilities of the OS become less relevant.

Each technology has its own pros and cons and there probably will be use
cases for all them for a while to come.  I guess my real question is: in 5
years, will we really be looking for advancements in existing technologies to
solve existing pain points, or will there be newer technologies to solve those pain



You stated that most of the session's content with the TS team is NDA, I'm curious to the initial respons from the team. Was the content of the presentation a great shock to them or did they see this coming in some way or another.




They cannot stand alone. Have you ever tried?

You cannnot manage Citrix streaming apps by itself.

You cannot manage Password Manager without Citrix PS. This is a problem.

Speaking of F's, the word you were searching for is grammar...

Not only have I tried it. I have customers who do it.

All app streaming requires is a Presentation Server Enterprise Edition 5 pack. That enables you to stand up as many Presentation Servers as you need. That costs around $2K without discounts. Big whoop! That's a drop in the bucket when compared to the up front costs Microsoft requires to be enabled to run their Softricty product. Then you can buy as many Citrix app streaming licenses as you need. Whether it be 10, 100, 1000, 10000, or whatever. These run between $60 to $75 a peice depending on who you buy from. No users ever consume a $450 Presentation Server Enterprise license when they use app streaming. They just consume the cheap streaming license because it's the only Citrix "feature" they use. It easily stands on it's own. The only basis for arguing that it can't stand on it's own is those 5 $450 Enterprise licenses that aren't being used. Again, Big whoop! Even if they never get used, is $2000 to stand up a streaming server really that big of a deal? And odds are an environment is going to have a use for those 5 Enterprise licenses, unless the business is close to being a mom and pop shop, which are really the only businesses that have a good reason to complain about this model.

The same holds true for Passwords Manager.

I have to say im a programmer and my biggest gripe is the user level registry hive it was probably a good efficient idea when created but now contains so much information and is so hard to find what you need and fix it especially considering possibly hundreds or thousands of users. at work they use super mandatory profiles as well so currently to fix problems I have to have a bootup script for all users to fix their registry settings as they will not be saved at logoff. .NET solves this for me usually as if we do folder redirecting properly even with mandatory profiles I can get the user settings to remain over logins. I hope all microsoft products start to make an effort not to use the registry at least for user settings in the future even if it means a small performance hit.