Roaming profiles?

[Tooru]

Hello. This is my first post so please bear with me.

 

I'm having some difficulty deciding what to do in our company, we recently had a break in where only 1 of the computers(the only laptop) got stolen. So now I've decided that I want to roll out some kinda roaming profiles with a server.

 

I do know how to set up roaming profiles and that part, but I've heard that Microsoft is facing out roaming profiles here https://tweaks.com/windows/67273/just-say-no-to-roaming-profiles/

As we only have about 5-10 computers here in the office then I dont see the bigger issue regarding their files taking abit of time before it loads in.

 

All the documents they edit are being saved on a NAS.

They use Outlook 2016 and dont want to switch to an online version of it.

 

I've heard that Azure is the future in terms of this, but I really dont know where to start with this.

 

Please give me some advise I can use towards this issue.

 

Thanks.

[leadeater]

What you actually want by the sounds of it is Folder Redirection not Roaming Profiles, both work together well and Roaming Profiles should never be used without Folder Redirection. That said if you are concerned with data protection neither will do this, it's not what they are for really.

[Tooru]

@leadeater will Folder Redirection with Roaming profiles allow the users to login on different computers with all their documents, and files?

[leadeater]

34 minutes ago, Tooru said:

@leadeater will Folder Redirection with Roaming profiles allow the users to login on different computers with all their documents, and files?

Yes. Folder Redirection does what it says, you can configure it to point the User directories like Documents and Desktop to a UNC path on a server/NAS. Each folder can be configured so only the ones you want, say you don't want to do it for Music due to iTunes etc.

 

Roaming Profiles without Folder Redirection will copy the entire User directory to and from a UNC path each login and logout, you can't be selective in any way. Roaming Profiles with Folder Redirection changes how Roaming Profiles handles the User directories/files and will not copy them on login and logout, even if you don't redirect them to a UNC path.

 

Together Roaming Profiles only handles configuration type settings, basically the ntuser.dat, and nothing else. Folder Redirection handles that actual files and folders, even the AppData ones. This means login and logout times are not effected and all files are stored on a NAS how you wish to configure that and will follow to any computer that you login to.

 

For mobile devices like laptops you can enable Offline Files which caches files that are stored on a server/NAS to the laptop and will sync them next time the computer is back on the network.

 

The sort of modern way that this can also be done is using OneDrive which can configure the Folder Redirection for you to store the files in OneDrive, this also uses a local cache but for all computers. This means you have a copy of the data on the computer and in Azure/OneDrive and will also be visible on any computer you login to on the network as well as being able to manually access them through configuring the OneDrive application on a computer (any computer) or using the website access.

[tech.guru]

First, if devices get stolen its not just the data thats lost thats a concern but also who has access to it.

that can ruin companies reputation and open themselves up to litigation.

You have a duty to protect your customers data and you can receive fines also if you are not following rules and regulations for your industry.

 

it can also give competitors and edge and be part of corporate espionage or evem state sponsored attacks.

its your R&D of your company that holds so much value.

 

your number one concern should be protecting that data,

                 implement disk encryption on the local disks, Bitlocker can be a good choice.

                 limit use of external usb drives. use only encrypted usb drives.

 

second part is actually recovering the data from backups or storing it on file server where it can be retrieved

               - this could be folder redirection to file share

               - this could be user profile disks

              -  this could be fslogix new solution (profile containers)

 

however moving the data to the file server will not elevate concerns. people will want to work on documents offline and may copy outside or some solutions even have sync ability to work offline. you need encryption and a data loss prevention strategy to implement this correctly.