Managing User Data and Profiles with ConfigMgr 2012

This week I want to devote a post to something new in ConfigMgr 2012 SP1, which is still in BETA, called User Data and Profiles Configuration Items. These configuration items contain settings that can manage folder redirection, offline files and roaming profiles via ConfigMgr 2012! This means that another Group Policy setting is coming to ConfigMgr.

Prerequisites

ComSetUseDatProEven though this sounds, to me, really promising for the future of ConfigMgr, there is a small catch. That small catch is the second bullet of the prerequisites, following now:

  • Configuration Manager 2012 Service Pack 1
  • Windows 8, or Windows Server 2012
  • Configure Enable User Data and Profiles to Yes in the Compliance Settings, via either Default Client Settings or a Custom Client Device Settings (see picture).

Configure

UseDatProProWhen all the prerequisites are met, let’s start with configuring. In my configuration I tested it with configuring Folder Redirection (see picture) and Offline files. These settings will be the input for the next steps:

  • In the Configuration Manager Console navigate to Assets and Compliance > Overview > Compliance Settings > User Data and Profiles.
  • On the Home tab, in the Create group, click Create User Data and Profiles Configuration Item and the Create User Data and Profiles Configuration Item Wizard will popup.
  • On the General page, fill in with Name <aName>, select with Select user data and profiles to configure Folder Redirection and Offline files and click Next.
  • On the Folder Redirection page, select On any device, select with Folder Documents as Action Redirect to remote, select Redirect to users home folder and click Next.
  • On the Offline Files page, select Enable offline files and click Next.
    • Note: There is also a Roaming Profiles page, but that will only show when on the General page with Select user data and profiles to configure Roaming user profiles was also selected.
  • On the Summary page click Next.
  • On the Completion page click Close.

Deploy

DepUseDatProNow the configuration item is created, it can be deployed. By the deployment there is one important thing to keep in mind and that’s that by default these settings are “just” compliancy settings. So to deploy and remediate the configuration item follow the next steps:

  • In the Configuration Manager Console navigate to Assets and Compliance > Overview > Compliance Settings > User Data and Profiles.
  • Select the new item <aName> and on the Home tab, in the Deployment group, click Deploy and the Deploy User Data and Profiles Configuration Item popup will show.
  • On the Deploy User Data and Profiles Configuration Item popup, browse to a user collection, select Remediate noncompliant rules when supported (see picture) and click Ok.

Check

Then how does ConfigMgr handles these settings? Well, partly via Compliance Settings (during logon!) and partly via Local Policies. There are lots of log files and registry keys to look for a success of the deployed configuration item. Most of the log files are still the old “DCM” –named log files, but there is one important new log file named CcmUsrCse.log. This log files will show important information about the actions during logon:CcmUsrCse

Another good place to look is a Resultant Set of Policy (Rsop.msc). This will immediately show whether, or not the Enable User Data and Profiles –setting is done via a local policy:UseStaLocPol

The last obvious place to check, that I want to show, is the registry. The following key will show the new location of the redirected folder: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell FoldersPerRegKey

Result

Now there is only one thing left to show, the end result of the folder redirection and offline folders settings via ConfigMgr. It might be surprising, probably not, but it looks exactly the same as with group policies.

Before After
DocBefore DocAfter

10 thoughts on “Managing User Data and Profiles with ConfigMgr 2012”

  1. Hi Peter, nice article, I must have overlooked this feature. Although I don’t know if I would configure this in ConfigMgr.
    I tend to keep things where they belong and IMHO this is a Group Policy /GPP which should be configured in GPMC.
    I don’t know if enterprises will like the thought of splitting up configurations of the same thing into different consoles. Meaning some Policies need to be configured in GPMC and others in the ConfigMgr console.

    Regards,
    David

    Reply
    • Thanks for the comments guys!
      I personally don’t see this function be used by many organizations yet, but I do see ConfigMgr moving more to being a “real” and “complete” desktop management tool. That being said, I also posted this to create a small discussion of which tool we can use for managing which settings. Until now it seems to trigger people and I hope more people will follow.

      Peter

      Reply
  2. The more settings in ConfigMgr the better. Group Policy in most organisations is a mess due to a lack of discipline in naming and management. Having this stuff in ConfigMgr allows for a clean, well-logged deployment of all the more pertinent configurations when moving to a managed end point, without having to dig around to find erroneous settings in “Daves_Test_Policy”.

    Reply
  3. I agree with Carl. I’ve worked in many environments and in every one their AD was a mess and their GPOs were worse. One place some people were waiting 30 minutes to logon. Anything we can do to delete GPOs, called “my fixes”, “test” etc. is welcome to me. I know this is the fault of management, but it is a grim IT reality.

    From what I’ve seen, the difference with CM is that very few people have access and they are normally very organised.

    The product name is after all “Configuration Manager”, not “Software Deployer”, “OS Pusher” or “Patch filler” which is about as far as some companies go with it.

    Reply
  4. One major benefit of this feature now being available in SCCM is user based targeting without having to use security groups which can be messy.

    Reply

Leave a Reply to Peter van der Woude Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.