What is a user profile?

User profiles include the option to modify settings such as the start menu and taskbar appearance, background and colors within a virtual desktop. For example, a left-handed user would be frustrated if their virtual desktop presented a right-handed mouse. Being able to designate the left or right mouse setting is not only important for user productivity, but it may also be a legal requirement.

When users request a nonpersistent virtual desktop, they generally just access the base OS. The user profile strategy determines which settings the user can access and how the virtual desktop applies these settings.

3 user profile options

There are three types of basic user profiles.

• Local. Temporary settings that the user makes on the virtual desktop but are not permanent are considered local profiles. The virtual desktop platform creates a local profile at logon based on a copy of the default profile. Users may become frustrated with local profiles because they require them to adjust the same settings at the start of each session. For example, left-handed mouse users will need to modify the left/right mouse setting at each logon. While local profiles are the default setting, they're often not optimal, and IT administrators should avoid them.
• Mandatory. When the environment forces a profile upon users and users cannot permanently modify it, this is a mandatory profile. For example, a call center may deploy a mandatory profile for all agents that provides the corporate colors, streamlined presentation of application icons, and more. That left-handed user can modify the left/right mouse setting, but the virtual desktop will not write this into the mandatory profile. While these profiles are easy for IT admins to install and manage, mandatory profiles often frustrate users because they cannot customize the virtual desktops.
• Roaming. This type of profile enables users to modify and customize settings. When the left-handed user changes the left/right mouse setting, the desktop writes it to the roaming user profile, and the virtual desktop saves it. Therefore, the left-handed mouse setting is in effect at the next virtual desktop session, and the user doesn't need to modify the setting again. From an administrative standpoint, roaming profiles have higher overhead and require more storage, but the UX is optimized and users are generally happier.

With both mandatory and roaming profiles, the user profile is applied to the virtual desktop before the user accesses it. As a result, logon time may increase slightly while the environment loads the profile into the session.

In addition to the basic user profile types, numerous third-party user profile management offerings are available. FSLogix profile containers are also a common Microsoft option for virtual desktop and Azure Virtual Desktop environments. IT departments often use these tools when they need faster sign-ins, better support for nonpersistent desktops, Microsoft 365 app data or more advanced profile-management features than traditional roaming profiles provide.

Why use roaming profiles for virtual desktops?

Of the three inherent user profile types, roaming profiles provide the best UX because settings are personalized based on user modifications. Users typically only modify a few settings for their desired level of personalization, and this level of customization is important for usability, accessibility and productivity. 

That benefit still matters, but IT should balance it against the operational cost. Roaming profiles require careful storage planning, profile-size control and attention to sign-in and sign-out performance. In modern virtual desktop environments, especially nonpersistent desktops, profile containers or third-party profile-management tools might provide a better UX with less profile-copying overhead.

Administratively, roaming profiles require more work effort -- mainly configuration and storage. Configuration is via the roaming profile's Group Policy Object (GPO). User profiles can become quite large, thus affecting storage requirements and load times.

A roaming profile can become corrupted, in which case IT will need to restore the profile from storage. One common risk is using the same roaming profile across multiple Windows versions or builds without validating profile-version compatibility. Mixed Windows environments require careful planning because profile formats, Start menu behavior and user customizations might not roam cleanly across every OS scenario.

Organizations often implement roaming profiles with folder redirection to centralize user data and reduce roaming profile size. Folder redirection is especially useful for keeping large user folders, such as Documents and Desktop, outside the roaming profile. IT should configure folder redirection before enabling roaming profiles so user files do not become part of the profile and increase sign-in and sign-out times.

How to deploy roaming profiles via Group Policy Objects

Before configuring roaming profiles through GPOs, IT should confirm that roaming profiles are still the right profile-management option for the environment. For Azure Virtual Desktop, sessions that rely heavily on Microsoft 365 app data or large nonpersistent VDI deployments, FSLogix profile containers or another profile-management tool might be a better fit.

Once the IT department determines that roaming profiles are the best option for the virtual desktop environment, setting them up through the roaming profiles GPO is straightforward. Many organizations enable roaming profiles only for virtual desktops and use a centralized profile-management approach to deliver a more consistent user experience.

Keep in mind there are two possible ways to configure roaming profiles: a roaming profile for all user sessions or a roaming profile that applies only to remote desktop sessions. These instructions apply only to remote desktops. Also, if both a standard roaming profile and a remote desktop roaming profile are in place, the remote desktop roaming profile will apply itself to the remote sessions.

IT administrators should configure GPOs within Active Directory Group Policy Management. The organization unit where the virtual desktops reside should be the basis for the roaming profiles' GPO designation. IT should also assign the appropriate security group or groups. In addition, IT must designate a file share location with ample storage to house the roaming profiles.

IT administrators should enable roaming profiles for virtual desktops as a computer GPO. Specifically, they should configure this within this GPO: Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Profiles. 

Then, choose Set path for Remote Desktop Services Roaming User Profile. Within the Profile path box, administrators should designate the storage location. In addition, IT should append %username% to provide a unique profile directory for each user (Figure 1).

Within many organizations, virtual desktop administrators may not have security clearance to configure roaming profile GPOs. Organizations should ensure that admins have a lab environment to thoroughly test roaming profile GPO settings before creating a change control order for production rollout.

After deployment, IT should monitor profile size, sign-in duration, sign-out duration, storage consumption and profile-corruption incidents. Those metrics can help determine whether roaming profiles are still meeting user needs or whether the environment should move to FSLogix or another profile-management approach.

Editor's note: This article was updated to reflect current Windows profile-management considerations, including Windows 11, profile versioning, folder redirection and FSLogix profile containers.