MSP User profiles

Hello!

I work for a pretty disorganized MSP. Our most common client are schools where the staff utilize windows 10 laptops. I am looking to find some sort of common standardization for most of our clients. The first thing on my list is finding the best most optimal way of storing user profiles.

Most of our clients have active directory. Some utilize folder re-direction through GPO’s, roaming profiles, or even local profiles. I’ve dealt with various issues dealing with both roaming profiles and folder redirection especially when trying to re-build their profile on a new device. I like the idea of storing their profiles on a server so that we can back up the server and have the ability to restore their files in case they delete something or loose a file. However long login times, profile corruption, and file server issues are a pain for me which is making me want to store the profiles locally on their machines.

I was looking at setting a standard where each client would have a Synology nas where their profiles are stored locally on their machine. I would then setup the Active Backup Synology software on each users machine and perform bare metal / file level backups. I like the Active Backup software because I can see who is being backed up. I’ve tried file level backup services such as Google Back up & Sync and I can’t really manage who is backing up and who isn’t. There is no management interface to track the backups.

I was just curious if anyone had an opinion on this process or maybe even a better solution for managing user profiles. Ideally the solution would make it easy to transfer data from one machine to another in the event of a computer failure, and have a backup solution. We re-image machines almost every summer so the easier it will be to get the data back on their machine the better.

Thanks!

Only 1 school , but we have local profiles and then a few shared drives , anything they want backed up has to be saved on the shared drive otherwise it simply doesn’t get backed up.

But schools usually qualify for free o365 so if you setup SharePoint or one drive properly that could be their backups and then no need for roaming profiles.

Should be noted i do not work in EDU space much at all now. I pretty much agree, we long have moved away from Roaming profiles and i sure don’t miss it, it just became impractical and unreliable. We still leverage folder redirects but mostly this is phased out with modern cloud environments and strict file it or lose it policy. User logs in with their AD account, they get all their GPO/Intune settings, resources presented in file explorer etc. If they are “roaming” on a computer we say that you must use M365/GSuite portal for email etc. no local setup of Outlook.

Also we mainly do not use endpoint backup at scale. Their are a very small subset of users that have cloud backup of specific laptop data.

Life is mainly good.

I work for a pretty disorganized MSP

Depending on how big or small your company is, consider leading up the chain. Good reference

Our most common client are schools where the staff utilize windows 10 laptops. I am looking to find some sort of common standardization for most of our clients. The first thing on my list is finding the best most optimal way of storing user profiles.

Cool, consider using Microsoft Intune (the service delivery is second to none in my opinion). Otherwise this would be a lengthy discussion. As it’s just because the way Microsoft is built there isn’t really “optimal” options, just options that work and sometimes break. I’ve seen some people get past this with Ansible automation but it still eventually becomes a mess. I honestly think this is the same whether Windows, Mac or Linux. Your mileage may vary.

Most of our clients have active directory. Some utilize folder re-direction through GPO’s, roaming profiles, or even local profiles. I’ve dealt with various issues dealing with both roaming profiles and folder redirection especially when trying to re-build their profile on a new device. I like the idea of storing their profiles on a server so that we can back up the server and have the ability to restore their files in case they delete something or loose a file. However long login times, profile corruption, and file server issues are a pain for me which is making me want to store the profiles locally on their machines.

I haven’t fixed this issue myself as I still don’t have a bullet proof solution other than just make it work. From a VM point of view as long as your not saving your stuff to the AD server, and to a File Server, then you can honestly just backup the server to another vm host and offiste to handle making sure your backups are in order.

I was looking at setting a standard where each client would have a Synology nas where their profiles are stored locally on their machine. I would then setup the Active Backup Synology software on each users machine and perform bare metal / file level backups. I like the Active Backup software because I can see who is being backed up. I’ve tried file level backup services such as Google Back up & Sync and I can’t really manage who is backing up and who isn’t. There is no management interface to track the backups.

If each client has access to a NAS and their profiles are stored there, that becomes a point of failure. Which takes a while to restore too I might add. So you would end up needing 2 (at least) NAS’es on site. Might as well buy a server or two at that point.

Honestly this is one of those things where Google Chrome OS doesn’t have that issue. Nothing is really on their machines, the data is backed up every second in the cloud, you could use a 3rd party provider and provide another layer on top of that back up and never really touch it other than monitor it daily.

At scale, it’s easier to just have everyone point to a shared drive for storage. You will still have Nancy who will still leave things on their actual computer. Folder redirection for basic things would work, again not pretty but works. That way if you login to another system you don’t have to deal with a profile that takes 100 years to login. An alternative could be is that you setup artificial limits to each profile so maybe they don’t grow past 500 Mb to 1 Gb. Honestly I fa vor that approach better and then big stuff goes to a shared drive.