Benny Tritsch: "Things You Always Wanted to Know About Windows Profile Management"

Immidio's Benny Tritsch (we also know him as one of a handful of people who've presented at all eight BriForums!) has posted a white paper entitled "Things You Always Wanted to Know About Windows Profile Management" today on his blog.

Immidio's Benny Tritsch (we also know him as one of a handful of people who've presented at all eight BriForums!) has posted a white paper entitled "Things You Always Wanted to Know About Windows Profile Management" today on his blog. During BriForum last month, Benny, Kevin Goodman, and Shawn Bass gave a similar presentation with the goal of getting all the information out in the open at one time, rather than listening to fragments here and there. This white paper builds on that session in an attempt to get it all down on paper. In it, he talks about:

  • How Windows profiles work (both v1 profiles of anything pre-Windows 2008 & Vista, and v2, which are used in Windows 2008/Vista and beyond)
  • The headaches that profiles can introduce
  • Solutions for these headaches that are provided by Microsoft, including folder redirection and migrating between v1 and v2 profiles
  • A detailed overview of the two prevalent third-party profile management techniques--Profile Streaming and Profile Segmentation

Here's an excerpt from the white paper:

If a user profile is corrupted or if it grew to an unmanageable size, it may become necessary to delete it. But this is not as simple as it seems to be. In Windows Vista, Windows 7 and Windows Server 2008 (including R2), deleting a user profile in the %USERPROFILE% folder results in an error message the next time the user logs on, saying that he was logged on using a temporary profile. The bad news is that upon logoff a temporary profile is deleted and all personal profile data is lost. Using temporary profiles in such a case can be seen as an emergency procedure initiated by Windows when the user profile cannot be loaded, but resulting in an undesired system behavior. All this is due to the fact that Windows keeps track of local profiles in the registry key HKLM \SOFTWARE \Microsoft \Windows NT \CurrentVersion \ProfileList. For each profile a subkey with the name set to the profile owner’s SID is maintained in this list, which is keeping track of the corresponding profile directories. Before creating the temporary profile, Windows renames the original ProfileList subkey to SID.bak.

Windows XP and Windows Server 2003 are more simplistic here. If a ProfileList registry subkey exists but the corresponding profile path is not accessible, they simply create a new local profile. As a result the data in the ProfileList key is overwritten, making the original profile useless without logging a corresponding error message in the Windows event log. For proper profile clean-up it is recommended to open the control panel applet “System Properties” (by running sysdm.cpl) and deleting the profile from there.

At this point you may ask yourself why Microsoft does not completely change the way profiles are working. The primary reason is compatibility. For all their operating system modifications and enhancements, Microsoft needs to make sure that they work for a large range of users, applications and computers. User profiles are such a critical component hooking into so many other operating system components that the underlying architectural concepts cannot be changed so easily. This is why there is enough room for several third-party vendors providing user profile management solutions addressing specific technical challenges or market segments.

Thanks, Benny, for putting together this objective look at Windows profile management. This is sure to be valuable to anyone who needs a little direction when making a profile management decision. In case you missed the link, you can download the white paper here.


Join the conversation


Send me notifications when other members comment.

Please create a username to comment.


Great read, although Benny IMO got it wrong with his definition of Profile streaming. The whitepaper states

"Profile streaming – also referred to as profile virtualization – redirects all local profile read and write operations to an alternative location in the network."

Now, this might be what his own product does, but hardly what people usually associate with the word "streaming".



our own product - Immidio Flex Profiles - and some other profile management solutions do what is referred to profile segmentation or profile granularity. Products like RTO Virtual Profiles (now VMware Virtual Profiles) or Citrix User Profile Management do profile streaming or profile virtualization. In a nutshell they use file system filter drivers to redirect profile data streams in pretty much the same way as App-V also does it for applications isolation and streaming.

I know that Kevin Goodman from RTO/VMware was happy with this naming convention when we did our joined BriForum session together with Shawn Bass. User profile segementation and user profile streaming are two fundamentally different methods to fix user profile issues.



Can I call it personality forwarding?


Thanks Benny,

If Imidio FlexProfiles is (still) exclusively a profile segmentation based solution, then why did I get this answer from RW: “Yes we do profile streaming in combination with profile segmentation” on direct question?

Further, I agree with you that Citrix UPM and, perhaps more significant, VMware Virtual Profiles (or whatever the new name is) do streaming a lot similar to App-V – but, even if Kevin Agrees to the term

“../redirects all local profile read and write operations to an alternative location in the network”

it’s by quite some stretch to define streaming profiles in those words. In all essence the requested file parts are fetched from the network by demand but computed locally.

So, you see I’m a bit confused here :) It surely would be nice for Kevin and Helge to add  a comment or two in this thread.


Streaming is a term that's being overused a lot in this industry because somehow it seems to convey the notion of coolness.  And everyone loves to be cool. Now I'm not saying that Benny's product isn't streaming-based because I'm not familiar with it, and I certainly haven't had a reason to use a third-party profile management product in my environment thus far. We're fairly stateless when it comes to the application portfolio we're delivering to our 500 users.

I think for a product to qualify as a streaming product, it must deliver content on demand using a streaming protocol. Softricity uses (or used to use) RTSP as their streaming protocol, while CPS uses a proprietary UDP-based protocol.

As far as profile management products are concerned, I assume for such product to be streaming-based, it would have to function in such a way that when a user logs on, the profile isn't loaded into the session in its entirety. Instead, individual components of the profile are "streamed" down to the session on an as-need basis, per the Windows OS's request.

And that should certainly be differentiated from the segmentation-based products.



If people even pose the question "segementation OR streaming" it is because their products cannot do both. Putting those marketing aspects aside, both segmentation and streaming have their merits. The ideal product does both.

Streaming can greatly reduce logon times and also (depending on configuration) reduce the amount of data transferred from the file server hosting the profiles to the machine the user is logging on to.

Segmentation simplifies troubleshooting and enables what I like to call "partial profile reset" - if there are problems with some application and the technician suspects "inconsistent data" (reminder: corrupt profiles exist mainly in theory: he or she can easily delete only the settings from the affected application.

As to the question how to define streaming:

1) Reducing streaming without a "real" streaming protocol like RTSP to marketing talk obviously does not help.

2) Equating streaming with redirection (an old and not so hot technology) does not correctly reflect how streaming works either. Instead, it is an on-demand fetching of files inside the profile just when they are needed (accessed for the first time in a session).

This just in time (JIT) population method has the drawback that initial application launches can be delayed because first a potentially large number of files need to be copied down from the fileserver. The upside of JIT population is that only those files are transferred that are required during the session (which is bandwidth-friendly).

I personally prefer another method, which can be described as full asynchronous background copy. It works just like a regular logon, i.e. all profile files are transferred to the local machine, but in contrast to roaming profiles that does not happen synchronously but asynchronously in the background - the user does NOT have to wait for the process to finish.



RTSP was merely mentioned to illustrate the on-demand nature of a typical streaming protocol. As I said in my previous post, the only thing a profile product has to do in order to qualify as streaming-based is to deliver profile components on demand. This is what you referred to as JIT population. You can use an transfer method you want, and it would still be called streaming. CPS is a typical example of a no-name/non-standard streaming protocol.



We do seem to have the same understanding of what should be called streaming after all ;-)



Must be the 25% German blood in me. :)


For those interested, sepago has its own white paper on profile management. It is more extensive with 19 pages on traditional Windows roaming and local profiles and 7 pages on Citrix Profile Management. It can be downloaded here:


Opportunities USMT (USMT) disclosed in the automation of migration. With the help of scripting or such instruments as a means of desktop deployment (Business Desktop Deployment 2007), we can automate the migration process during installation of Windows Vista ®. The following list describes the capabilities of automation.You can run USMT using various scripting tools, including Microsoft ® Visual Basic ® Scripting Edition (VBScript) and batch files with scripts. Using the appropriate command line parameters, you can automate the migration process to collect and restore user state data without the need for user intervention. For more information about using scripts, you can get in the Script Center.