Holy cow, I wrote a book!
Earlier, we learned about
roaming user profiles,
wherein the master copy of the user's profile is kept on a central server
(which for the purpose of discussion I will call the "profile server")
and is copied around to follow the user as she logs onto computers
throughout an organization.
In the comments, many people said that what they really want is for
the files to be stored in a central location without any copying.
That is what
redirected folders gives you.
Redirected folders are a way for a domain administrator to specify
that selected folders in the user profile
(for example, the Desktop, the Start menu, the My Documents directory)
are not stored in the user profile but rather on a separate server
(which for the purpose of discussion I will call the "folder server").
this feature can be turned on independently of roaming user profiles.
Roaming user profiles copies the user profile around;
redirected folders let you pull folders out of the user profile.
There are four combinations of these two settings, and each of them
has its merits.
If you've been following along so far,
you already see how they interact, but I'll spell it out in pictures
The diagrams are color-coded as follows:
For illustration purposes, I've shown only two redirectable folders,
although in reality there are plenty more.
A common gotcha for
keeping the files entirely on a folder server
is that if the folder server becomes unavailable,
you lose access to your documents.
This is particularly painful in laptop scenarios
where the computer spends a lot of its time not connected to
the network that houses the folder server.
You can use
offline files, however, to make these scenarios
much more tolerable.
What is the lesson here?
First, as we already noted when we discussed roaming profiles,
one reason why you can't manipulate the profile of a user that
is not logged on is that the profile you may happen to find
might not be the master copy,
and what's worse,
modifying the local copy can result in it becoming the master,
ultimately resulting in data loss when the two versions are
Second, even if you somehow manage to get the user to log on
so that the local copy is the master,
and even if you are running as local administrator,
the user's files may have been redirected to another server
where the local computer's administrator account do not have access.
The upshot is that you simply cannot manipulate another user's
profile without actually running in the context of that user.
You need to be aware of these other scenarios where the
user's data is simply not accessible.