ASD's Blueprint for Secure Cloud

Profiles, personalisation, and folder redirection

This section describes the design decisions associated with profiles and personalisation on Windows 10 and 11 endpoints configured according to guidance in ASD's Blueprint for Secure Cloud.

Estimated reading time: 3 minutes

Profiles are a collection of data and settings for each user of a Windows computer. Examples of data captured as part of a user’s profile are user settings, desktop shortcuts, and application settings.

Profile configuration values are specific to a single user and are stored in a single folder known as the ‘User Profile’. These configuration parameters (themes, window colour, wallpapers, and application settings) determine the look and feel of the operating environment for a specific user.

Microsoft includes several standard options for user profiles. Alternatively, technologies such as Microsoft UE-V or FSLogix can be used to address user profile and personalisation requirements. If no user profile is configured, a desktop local profile is used, which does not backup options but performs well.

Microsoft provide the following profile management solutions:

  • Local Profiles – Local user profiles are stored on the workstation. When the user logs on for the first time, a local user profile is created for the user and stored by default in C:\Users\%USERNAME%. Whenever a user logs on to the workstation, the user’s local user profile is loaded. When the user logs off the workstation, any configuration changes made to the user’s profile are saved in the user’s profile
  • Mandatory Profiles – Mandatory profiles are a profile that does not save profile changes and are enforced at each logon
  • Roaming Profiles – Roaming user profiles are stored in a central location on the network, which is generally a shared folder on a server. When the user logs on to a workstation, the roaming user profile is downloaded from the network location and loaded onto the workstation. When the user logs off the workstation, any profile changes are saved to the network share. In addition to maintaining a copy of the roaming profile on the network share, Windows also keeps a locally cached copy of the roaming profile on each workstation that the user logs on.

Windows 10 and 11 provides two main roaming profile technologies in User Experience Virtualization (UE-V) and FSLogix. FSLogix is now the preferred Roaming Profile option as it provides a consistently higher performance than UE-V and can provide a cloud-based roaming profile when configured with suitable Azure cloud storage blobs.

Cloud native deployments

Known Folder Redirection Configuration applicable to organisations leveraging a cloud native implementation.

FolderPath
AppDataNot Configured
ContactsNot Configured
DesktopC:\Users\%username%\OneDrive\Desktop
DocumentsC:\Users\%username%\OneDrive\Documents
DownloadsNot Configured
FavouritesNot Configured
LinksNot Configured
SearchesNot Configured
MusicNot Configured
PicturesC:\Users\%username%\OneDrive\Pictures
VideosNot Configured

Hybrid deployments

Known Folder Redirection Configuration applicable to organisations leveraging a hybrid implementation.

FolderPath
AppDataNot Configured
ContactsNot Configured
Desktop\\\\server\share\Users\%username%\OneDrive\Desktop
Documents\\\\server\share\Users\%username%\OneDrive\Documents
DownloadsNot Configured
FavouritesNot Configured
LinksNot Configured
SearchesNot Configured
MusicNot Configured
Pictures\\\\server\share\Users\%username%\OneDrive\Pictures
VideosNot Configured

Security & Governance

  • None identified

Design

  • None identified

References

  • None identified

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at blueprint@asd.gov.au

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra