As in any computing environment, home folders (previously known as "home drives" or "home directories") in Terminal Server environments provide a private location where users can store their personal files and data. In Terminal Server, home folders can also be used in addition to user profiles for storage of application configuration information.
The first rule for home folders in a Terminal Server environment is this: the more users store in their home folders, the less they are forced to store in their user profile. This is crucial, because a user's entire roaming profile must be copied on to the Terminal Server when they log on, and copied off of the server when they log off.
The second rule for home folders in a Terminal Server environment is that all users should have a home folder configured to allow not only for the first rule to be followed but also for ease of configuration. With a home folder, individuals have a location to store data, and administrators have a destination for redirected folders. The home folder is used in Terminal Server environments as a location to store windows and system information within the Windows subfolder of a user's home folder.
Traditionally, users' home folders are network shares mapped to drive letters when the users log on. In some Terminal Server environments, users won't need to save their own files, so you won't need to make use of explicit home folders for each user. However, users in these environments will still technically have a home folder location, even though they wouldn't have an explicit drive letter mapped to it. To understand this, let's take a look at how Windows 2003 home folders work.
How Windows Home Folders Work
Whenever a user logs on to a Terminal Server, the server designates a specific folder to be the user's "home folder." You can specify the exact location of the folder that becomes a user's home folder via the user account properties in the Users and Computers MMC snap-in (or in the Computer Management snap-in for single-server, non-AD environments).
Similar to a user's profile path, you can specify two home folder locations per user—one that is used when users log on to regular computers and one that is used when users log on to Terminal Servers. In either case, the home folder can be a local path on the computer where the user logs on or a drive letter that is mapped to a UNC share.
Configuring a user's home folder as a property of his user account is an easy way to give each user his own private storage space while ensuring that drive letters will be mapped properly and permissions will be set correctly. Other than that, there's really nothing special about home folders configured as part of the user's account—they simply provide a location for users to store personal files and data.
When a user logs on to a Terminal Server, the server contacts a domain controller to retrieve the user's home folder location. It first checks for a Terminal Services home folder (as configured in the "Terminal Services Profile" tab of a user's account properties). If no home folder is specified, the server will then check for a regular home folder location (as configured in the "Profile" tab of a user's account properties). If no home folder is specified in either place, the server will use the user's local profile as the home folder location. This process is outlined on the next page in Figure 6.10.
Figure 6.10: Home folder Mapping Process
Whenever a user logs on, the server sets two system variables to indicate the path of the home folder: %homedrive% and %homepath%. These variables allow Windows applications to locate a user's home folder wherever it's located. For example, let's assume that a user's home folder can be found in the following location: h:\home\. In Windows 2003 environments, the %homedrive% variable would be set to "h:" and the %homepath% variable would be set to "\home".
Breaking up the home folder into two variables allows you to map directly to a folder even if it's not the root of the share. If the home folder is the root of the share (such as "h:"), %homedrive% would be set to "h:" and %homepath% would be set to "\."
If you're not sure what the %homedrive% and %homepath% variables are in your environment, you can always check them from the command prompt by typing "echo %homedrive%" or "echo %homepath%." You can also view all of the environment variables that are set by typing "set."
How are Home Folders Used?
Most people think incorrectly that home folders are only used to store users' personal files. While this is a primary use for them in Terminal Server environments, home folders also serve a few other important purposes. In Terminal Server, home folders are used for:
- Windows system configuration information.
- Application data and configuration information.
- Personal files.
Windows and System Configuration Information
By default, the system creates two folders in each user's home folder: windows and windows\system. Any application looking for the server's windows or system directories to read or write .INI or configuration files is transparently routed to the appropriate directory in the user's home folder. That way, each user has his own configuration for applications.
These two folders are the only items automatically created in a user's home folder and should not be removed. Most users will create many more folders on their own.
Application Data and Configuration Information
Many applications require configuration folders to store user settings and data. Often these folders are created in addition to the windows and system folders. By putting this data in the user's home folder, an application can ensure that its settings will be unique for each user.
Perhaps the most important use for home folders is to store users' personal files. In addition to the data files that users store directly in their home folders, many administrators configure a policy that redirects users' "My Documents" and "Application Data" folders into their home folders (as described previously in this chapter).
By utilizing a user's home folder for personal data storage, you can leverage the advantages of roaming profiles without them growing too large since all personal files would be located in the home folder instead of the roaming profile.
Why should you care about Home folders?
There are several factors impacted by the way the home folder system is designed in Terminal Server. Because home folders are used throughout users' sessions, it's important that they're designed to support the needs of the users. Areas that are specifically impacted include:
- Logon speed
- File open/save speed
- User data integrity
If the home folder is part of the user's profile that must be copied down to the Terminal Server every time the user logs on, logons will be slow. On the other hand, if the home folder is located on a separate network share, allowing the profile to be small, user logons will be fast.
File Access Speed
Many files will be read from and written to the user's home folder throughout the course of the user's session. If that home folder is located across a slow WAN link from the server running the user's Terminal Server session, opening and saving files will be slow.
User Data Integrity
A well-designed home folder environment will protect the data and the files that users store on their home folders. If the home folder design is sloppy, or worse yet, if home folders are kept on Terminal Servers, user data could be lost in the event of a problem.
What are the Home Folder Design Options?
There are a few options that you need to think about when deciding how home folders will be used in your Terminal Server environment. These options include:
- Home folder size
- Home folder location
- Number of home folders
- Methods of specifying home folders
Home folder Size
Remember the golden rule to roaming profiles? (Hint: Keep them as small as possible.) Home folders make this rule attainable. In order to shrink the size of a profile you need a place to store what you took out of the profiles.
While roaming profiles should always be kept as small as possible, there is nothing wrong with a home folder that is several gigabytes or more. They're only limited by the amount of hard drive space you have on the server that stores the home folders and how much data you can handle via your backup. From the network bandwidth standpoint, large home folders do not pose a problem since data is only copied across the network as it is needed (just like any network share).
So far, everything we've mentioned about home folders reduces to the idea that it's fine if they are large. However, there may be situations in which you actually need to limit the size of users' home folders. In Windows 2000/2003 environments, it's possible to limit the size of home folders using disk quotas.
Disk quotas allow you to specify the maximum drive space that a user can consume on an NTFS volume. Users are only "charged" for files and folders they own. You can set two limits per user per disk volume. A "soft" limit produces an event log and a warning for users that they are nearing their disk limit. A "hard" limit is the actual disk limit. When this limit is reached, users receive an "out of disk space" error if they try to copy anything else to their home folder.
In many environments, politics prevent disk quotas from "officially" being used. Even so, you might want to set quotas anyway. Set them high, just in case a slick user decides to store his entire MP3 collection in his Terminal Server home folder.
Advantages of Disk Quotas
- Helps prevent servers from running out of space.
- Different users can have different quota sizes.
Disadvantages of Disk Quotas
- Users are charged per volume, not per directory.
- Requires Windows 2000 or newer on the file server.
- Hastily-configured quotas could prevent users from doing their jobs.
- Disk space is cheap, and quotas might be more trouble then they're worth.
Procedure for Implementing Disk Quotas
Disk quotas only work on NTFS volumes on Windows 2000 and 2003. On both versions they're managed through the "Computer Management" MMC plug-in (Administrative Tools | Computer Management | Storage | Disk Management | Right-click on Disk Volume | Properties | Quota Tab).
Configuring disk quotas is fairly easy. You can set both the limit and warning levels for new users. You can also click the "Quota Entries" button to configure a custom list for existing users. Interestingly, the drop down box for the quota limit starts at "KB" and goes all the way up to "EB," which is one billion Gigabytes, in case you have users that you want to "limit" to a certain number of EB's.
You can also implement disk quotas on a file server via a GPO (Computer Configuration | Administrative Templates | System | Disk Quotas).
Location of Home Folders
In addition to home folder size, you also need to decide where your home folders will be located. Be careful when choosing the locations of home folders in relation to your network. While home folders must be located on a server that has the storage and processing capacity to support them, they should also be located in close proximity to the Terminal Servers so users have quick access to their data from their Terminal Servers sessions.
When you specify the location of your users' home folders, it's important that you not put them inside your users' profiles. This does not mean home folder can't be on the same server as the profiles, it just means that home folders should not be part of the directory structure that is copied to and from the Terminal Servers as part of a user's profile. If you put the home folders in the user profile, then all the work you do to minimize the size of the roaming profile is wasted.
When it comes down to the actual physical location of home folders, there are two choices:
- UNC share
- Local drive on the Terminal Server
Option 1. Home Folders Accessed via UNC Shares
In most environments, the appropriate home folder location will be on a server that is available to all Terminal Servers. The home folder is accessed through a UNC share name, and a drive letter is automatically mapped when the user begins his Terminal Server session.
Advantages of UNC Share-Based Home folders
- The home folder server can be built with redundancy, including Windows Clustering and RAID or SAN-based storage volumes.
- Individual Terminal Servers can be taken offline without affecting the availability of user data.
Disadvantages of UNC Share-Based Home folders
- A file server is required in addition to your Terminal Servers.
Procedure for Creating UNC Share-Based Home Folders
To create a home folder for a user, specify the home folder in the user's profile configuration (via the Users and Computers MMC snap-in). From the "Terminal Server Profile" tab, choose the "connect to" drive letter and type the full UNC path to the home folder location. You may use the %username% variable. If you specify the home folder as "\\server\share\%username%," then the system will automatically create the home folder and set the appropriate permissions. (Be sure to double-check that the selected drive letter is not in use for that user. If it is, you will not receive any error messages, but the home folder will map to a local drive (see below), not the UNC path.)
Option 2. Home Folders Stored on Terminal Servers
In some situations, you may choose to store users' home folders on the Terminal Server. This is usually done in small environments in which the Terminal Server is only one server.
Advantages of Storing Home folders on Terminal Servers
- Cheap and easy.
Disadvantages of Storing Home folders on Terminal Servers
- The contents of users' home folders are not available when they log on to another server.
- A new home folder will be created on each server where a user logs on.
Procedure for Creating Home Folders on Terminal Servers
A local home folder is also configured in the user account properties in the "Local Path" section. The entry takes the form of "c:\path1\path2\ %username%." Again, using the %username% variable will cause the drive to be set up automatically the first time a user logs on.
Number of Home Folders
In most environments, each user will only have one home folder. However, there's no reason that each user needs to be restricted to only one home folder, or that multiple home folders for one user have to exist in the same physical location. Consider the following environment.
There are specific reasons that the user in Figure 6.11 must run his applications from Terminal Servers in two different locations. This company will never have both applications installed on the same Terminal Server because the databases are in two different locations. There is no reason that the user's personal data for the application should be in one single location. The user can have one home folder at each location—each containing files that are needed for that location.
Figure 6.11: Some users need data in multiple locations
Multiple home folders would make sense from a network standpoint, allowing the user to always have fast, local access to personal files from within sessions on both Terminal Servers. However, if you use multiple home folders, be careful. Don't try to make both home folders look the same to the user. You should probably not have both home folders mapped to the same drive letter (each in its own respective session). While there is nothing technically wrong with doing so, it is confusing for the user to have a P: drive in two different sessions that maps back to two different network locations. Users may switch back-and-forth between applications on different Terminal Servers. They won't understand, for example, drive P: from Microsoft Word has one set of files and drive P: from the data warehouse application has another. Using multiple drive letters gives the user an idea that there are multiple network locations.
Advantages of Multiple Home folders
- Local data access from sessions on remote Terminal Servers.
Disadvantages of Multiple Home folders
- Can be confusing if both drives have the same letter.
Procedure for Configuring Multiple Home Folders
In Windows 2003 environments, you can override a user's default home drive by applying a policy to a Terminal Server. (In case you skipped the policy section of this chapter, this override can be found in the following location within a policy object: User Configuration | Administrative Templates | Windows Components | Terminal Services | TS User Home Directory).
Home Folder Replication
Instead of having multiple local home folders for each user throughout your enterprise, it's possible to configure directory replication so that the contents of one home folder are replicated to multiple servers throughout the environment.
Home folder replication may sound good in theory, but it turns out to be a nightmare in real life. Data in home folders usually change frequently, making bad candidates for replication. Also, the replication process takes time, so a user simultaneously using sessions on two Terminal Servers that are far apart might have different versions of the same data if the replication process has not completed.
Home folder data replication is mentioned here for the sake of thoroughness and because it has been used with limited success in some cases. In general, it is more trouble than it's worth.
Advantages of Replicating Home folders
- The same user data is locally available to a user's session throughout the enterprise.
Disadvantages of Replication Home folders
- Data can get out of sync.
- Replication times can be long.
- Bandwidth is wasted during the replication process.
- Additional management is required.
- Replication software costs money.
Methods of Specifying Home Folders
So far, we've focused on how home folders are configured as part of a user's domain account properties. While this is the main method of specifying home folders, there are other methods that can be useful in certain situations. In this section, we'll take a look at all the methods you can use to specify a home folder for a user, including:
- User account properties configured in the domain or Active Directory.
- Home folder configuration via a GPO.
- Logon script.
- Folder redirection via a GPO.
- Do nothing (let the system create a home folder automatically).
Method 1. User Account Home Folder Configuration
Before we look at some of the "alternative" methods of configuring home folders, let's review the official way of doing it. In Active Directory or Windows NT 4.0 domains, domain users can be configured with a home folder that will be automatically mapped upon logon as part of their user account. Then, when-ever that user logs on to a Terminal Server, his home folder is mapped and set to the specified location without any extra configuration or scripting.
Advantages of Specifying Home Folders via User Properties
- Easy to do.
- The "homedrive" and "homepath" variables are automatically set.
- This is the "official" method of creating home folders.
- The home folder is created and permissions are set automatically.
- Easy way to specify different home folders for Terminal Servers and non-Terminal Servers.
Disadvantages of Specifying Home Folders via User Properties
- No flexibility.
- The home folder settings apply to the user regardless of the computer that he logs onto.
Procedure for Specifying Home Folders via User Properties
In Active Directory environments, you configure home folders with the Users and Computers MMC (MMC | User Properties | Profile tab | Home Folder | Connect X: to UNC or local path).
You can use the following procedure to create home folders in Windows 2000 or 2003:
- Create and share a root folder to use for your home folders in the location of your choice.
- Give the "Everyone" group "Change" permissions on this folder.
- For each user, specify the home folders as "\\your folder\%username%."
In this case, you should literally type "%username%" in the box (a percent sign, the word "username," and another percent sign). Do not substitute the user's real user name for the %username% variable.
When the user logs on for the first time, the system will automatically create the subdirectory for the username and give it the appropriate permissions. (Administrators get special access at the directory level only, the user maintains full control.) The windows and windows\system directories will also be automatically created, with administrators having full control.
Method 2. Group Policy Home Folder Configuration
As we discussed in the policies section of this chapter, you can use policy objects (either Group Policy or local policies) to specify home folders on a site, domain, OU, or local server basis. (Can't quite remember where that setting was? From within the policy editor MMC snap-in: User Configuration | Administrative Templates | Windows Components | Terminal Services | TS User Home Directory.)
The advantages and disadvantages of specifying home folders via a policy object are the same as specifying any setting via a policy object.
Method 3. Logon Script Home Folder Configuration
Another way to specify a home folder is to use a logon script to map a drive to a network share and then to execute a command that sets the home folder environment variable to point to that drive. (See the below for more information about logon scripts.)
Advantages of Specifying Home folders via Logon Scripts
- Extremely flexible implementation of home folders.
Disadvantages of Specifying Home folders via Logon Scripts
- Scripts must be manually configured.
- "Homedrive " and " homepath " variables must be manually set.
- Permissions must be manually configured.
Procedure for Configuring Home folders via Logon Scripts
Specifics of this method are addressed in the logon script portion of this chapter.
Method 4. Group Policy Folder Redirection
Active Directory group policies can be used to redirect local folders to network locations on computers running Windows 2000 and participating in Active Directory domains. For example, a user's "My Documents" folder can be redirected to a network share location that is centralized, so that no matter what computer the user logs on to, he would have access to the same data in his "My Documents" folder. Because this is a function of group policy, it can be applied only to the specific organizational units containing Terminal Servers.
While redirecting the "My Documents" folder to a static network point can eliminate the storage of too much data in a user's profile, this is not technically a "real" home folder. In addition to a location for storing personal files, a home folder also contains certain system information, and a home folder is the target of the %homedrive% and %homepath% variables. That being said, if your users will store all of their files in their "My Documents" folder, you can probably get away with redirecting that folder and not worrying about the "official" home folder location. (You could always manually reconfigure the %homedrive% and %homepath% variables to point to the My Documents folder.)
Advantages of Specifying Home folders via Folder Redirection
- Folder redirection can be used in addition to "official" home folders.
- Easy way to keep data out of profiles. (Isn't that the only reason we really care about home folders anyway?)
Disadvantages of Specifying Home folders via Folder Redirection
- Not a "real" home folder.
- "Homedrive" and "homepath" variables will point to other locations unless you manually set them.
Procedure for Specifying Home folders via Group Policy
Detailed information about folder redirection can be found in the User Profiles segment of this chapter.
Method 5. Do nothing. Let the system create a Home folder.
Finally, the "do nothing" approach is also a valid option with home folders. If no home folders are specified anywhere, the system will automatically create a user's home folder in their local user profile (by creating a windows directory and setting the %homedrive% and %homepath% variables).
This solution can work in small environments where users will not store their personal files in the home folder. However, there can also be several problems with this method. If a Terminal Server is configured to delete cached copies of roaming profiles at logoff, or if the local profile is overwritten by a roaming profile at logon, the data in the home folder will be lost.
Advantages of Doing Nothing.
- Least amount of work.
- Might be sufficient in small, single-server environments.
Disadvantages of Doing Nothing.
- If local profiles are not cached, home folder data will be lost.
- If local profiles are overwritten by roaming profiles at logon, home folder data will be lost.
- The "doing nothing" approach will not work in multi-server environments.
Things to Consider when Designing Home Folders
Now that you know all of the options, answering the following two questions should get your home folder design headed in the right direction:
- Does each user need to store personal files?
- Will users be logging on to multiple Terminal Servers at different physical locations?
User File Storage
If your Terminal Server environment is used for specific applications only, it's possible your users will never need home folders during their sessions. Of course, if your users are running applications that only open and save files, or applications that rely heavily on personalized configuration (such as email), then it will be important to ensure that users have fast, reliable access to their home folders.
Single Users with Multiple Server Locations
If users will be connecting to Terminal Servers in multiple physical locations requiring access to home folders, your design will need to reflect this. The result will be a much more complex design than if each of your users only connects to one Terminal Server.
When placing home folders, you also need to consider whether users will be using them just from Terminal Servers sessions or if users will need to access them from anywhere on the network.