DOCSLIB.ORG

Best Practice: Roaming Profiles and Folder Redirection (A.K.A. User State Virtualization)

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Best Practice: Roaming Profiles and Folder Redirection (a.k.a. User State Virtualization) 18/08/2010, 7:00 pm | by Alan Burchill 62,999 views inShare3 Virtualization is currently a buzz word and it seems that Microsoft is falling over itself to brand as many products as possible with the “V” word (e.g. Hyper-V, App-V & Med-V). So “User State Virtualization” is the term that Microsoft now uses to describe what used to be call Roaming Profiles and/or Folder Redirection. The idea is simple… a user can logon to any computer in an organisations and have all their personal files and setting apply to that computer as it was the last time they used a computer. This is really a Win/Win for Users and IT Pros as for a user this is a big time saver as they no longer need to waste time setting up their drives, printers and other personal settings when they have to use another computers. IT Pro’s also benefit when there is an un-expected failure or loss of a computer then they don’t have to go through what could be a lengthily, costly and if not impossible, process of recovering the users data. The video below is part 1 in a 3 part series that give an overview about how Roaming Profiles and Folder Redirection give you User State Virtualisation. Now theoretically User State Virtualization can be totally done with just a Roaming Profile, however this quickly becomes impractical as users often store a LOT of data which can make users profile impossibly large. To get around this Microsoft users folder redirection to essentially redirect parts of a user’s profile to a file share on a server where it is centrally access whenever they logon to a computer. Reference: Managing Roaming User Data Deployment Guide Folder Redirection provides a way for administrators to divide user data from profile data. This division of user data decreases user logon times, and Windows downloads less data. Windows redirects the local folder to a central location, giving the user immediate access to their data when they save it, regardless of the computer they are using. This immediate access removes the need to update the user profile. By redirecting these folders to a server they are only access when needed and therefore very large files do not slow down the profile update process. The obvious disadvantage of doing this is that when a user cannot access the redirected folders (e.g. disconnected laptop users) they lose access to these files. However this restriction is also mitigated by ensuring that the user has a cached copy of these redirected folders. Below I am going to go through a number of tips and tricks to make sure you get the most out of a User State Virtualization setup in your environment and to ensure that you don’t fall into some configuration traps. Before you begin I would also recommend that you read the following articles from Microsoft about User State Virtualization. Choosing an Appropriate User State Virtualization Solution Understanding User State Virtualization Improvements In Windows 7 Note: I am going to mainly focus on Windows Vista/7 setups however most of the setting/principals I do mention below will still apply to Windows XP. Update: Here is a really good video from Darren Mar-Elia (Fellow Group Policy MVP) from TechEd North America 2011. This session is entitled Optimizing Group Policy in Virtual Desktop (VDI) Environments however much of it covers User State Virtualization. Setting up Folder Redirections using Group Policy Below I will show you how to setup folder redirection for you users profiles. It is very important that you realise the impact that redirection some of these folder can have as if users have many GB’s of music of videos on their local computers you could quickly find yourself running out of disk space on the server. Setting up file server share for User State Virtualization When setting up the file server you need to be sure that the permission on the folder are setup so that a user can create a new folder however you also need to ensure that they can only see their own files if they start to snoop about. Below I will go though the setup of a folder to be used for folder redirection and the roaming profiles. Combining a users redirected folders and roaming profile path to the one spot on the network is far easier to manage as it consolidates all the users information in one locations. Note: This consolidated storage of users information can only applies to Windows Vista/7 systems. Otherwise you will need to create a separate share for roaming profiles with offline caching disabled for Windows XP systems. Step 1. Create a folder to be used as a root folder for all the users information (e.g. Users) Step 2. Open the properties of the folder and then go to the Security tab and then click on the Advanced button. Step 3. Now click on the “Change Permissions” button Step 4. Un tick “Include inheritable permission form this object’s parent. Step 5. Click the “Add” button Explanation: We have now setup a folder with no inheritable file permissions from the parent. We do this so we can remove the Read permission from Users for all subfolders and files in a later step. You should now see something like this below. Step 6. Select the Users “Special” ACL and then click the Edit Button. Step 7. Change the Apply to: permission to “This folder only” and press “OK” Step 8. Select the Users “Read & execute” ACL and then click the “Edit” button. Step 9. Again select the “This folder only” option from the Apply to: section and then press “OK” Notice how the two “This folder only” permissions for Users have now combined into one ACL. Step 10. Then press “OK” and “OK” to get you back to the Users Properties screen. Now we need to share the folder… Step 11. Click on the “Sharing Tab” on the Users Properties screen and then click on the “Advanced Sharing” button. Step 12. Tick “Share this folder” and give the type in a share name ending with a $ (e.g. Users$) then click on the “Permissions” Button. Note: The $ symbol at the end of the share name makes it hidden to a users so they cannot browser to the folder. This is not necessary but it is good practice to help stop nosey users. Reference: http://blogs.technet.com/b/askds/archive/2008/06/30/automatic-creation-of-user-folders-for- home-roaming-profile-and-redirected-folders.aspx you should always hide the profile share using a dollar sign ($). Step 13. Tick “Allow” for the Full Control permissions (change should then get automatically ticked) and then press OK then OK then Close. (Optional) Setting up Roaming Profile Folder If you are still using Windows XP then I would recommend configuring the roaming profile folder is the same as the Users folder for the redirected folders except that you need to disable file caching. Simple repeat the steps above for “Setting up file server share for User State Virtualization” instead use the folder name called “Profiles” and a share name called “Profiles$”. After you configure the share permissions (see step 13 above) also click on the “Caching” button and select the “No Files or programs from the share folder are available offline” options then press OK then OK then Close. Reference: http://blogs.technet.com/b/askds/archive/2008/06/30/automatic-creation-of-user-folders-for- home-roaming-profile-and-redirected-folders.aspx You should disable Offline Files Enabling Access Based Enumeration Now we are going to enable Access Based Enumeration for the Users$ share so that any users that manually goes to \\server04.contoso.local\users$ will only see their own folder. This is optional however as it simple stops your snooping users from seeing who else is in the organisation. Reference: http://blogs.technet.com/b/askds/archive/2008/06/30/automatic-creation-of-user-folders-for- home-roaming-profile-and-redirected-folders.aspx This last part is for the former Novell Admins out there. Yes, you could use Access Based Enumeration (ABE) on these new shares; however if there is going to a lot of user folders on any one of these shares you could experience degradation of performance. Enabling ABE on a share does come at a price of performance. Step 1. Open Server Manager and expand Roles > File Services > Share and Storage Management and then highlight the Users$ share Step 2. From the menu click on Action and then Properties and then click the “Advanced” button Step 3: Tick “Enable access-based enumeration” and then click “OK” Step 4. Click OK The folder on your server is now ready for your users roaming profiles (Windows Vista/7) and folder redirections. Tip: You can also also enable a File Screen using the File Server Resource Manager to prevent your users from saving files type of a certain extension (e.g. MP3, AVI or MP4) to their redirected folders. Another option this gives you is the ability to apply an Auto Apply Quota to the users folders and have then get warning email messages whenever they consumer a lot of disk space. How to configured Roaming Profiles for a user using Group Policy Before we begin, take the time to watch part 2 video that shows an example of how Roaming Profiles can be used to give your users a better experience.
Recommended publications
  • Add Administrator to Roaming Profile Group Policy

    Add Administrator to Roaming Profile Group Policy

    Add Administrator To Roaming Profile Group Policy Imputative and unfashioned Ignacius intruded his waterproofing instigating grump expansively. Shifting and colory Vince burkes while transeunt Tedrick departmentalises her hausfrau long and estranged thenceforth. Carangoid and ex-directory Redford outsum her Gloucestershire pats or annoys disgracefully. Is done to take advantage of horizon agent redirection to administrators group on as the properties panel is created an external network computer settings roaming to profile group policy We have change. The Administrator account so by default the only direction that is enabled Mirroring. The salvage to user store location you define via policy always include AD. Computer group that profile is summoned to add you administrator groups can query and. After checking for roaming policies? By default groups in administrator to a policy is a new gpo icon or implementing new profile version is specified by this is reduce and delegation pane. Not sure if that goal possible can the GUI. System User Profiles Add the Administrators security group to roaming user profiles Enabled. This method allows you to granularly configure a users roaming profile path location however coverage is option lot more laborious process of ensure those they are handsome with your folder redirection policy period is also applied to the users. A junior administrator deleted a GPO accidentally but violet had backed it up. No changes made to statistically evaluate the local credentials from this process more efficient way it allows you to roaming. File share name of roaming. Which adds to administrators can without any policy! Allocate sufficient storage and roaming to add profile group policy provides the footprints and.
  • Windows 7 Operating Guide

    Windows 7 Operating Guide

    Welcome to Windows 7 1 1 You told us what you wanted. We listened. This Windows® 7 Product Guide highlights the new and improved features that will help deliver the one thing you said you wanted the most: Your PC, simplified. 3 3 Contents INTRODUCTION TO WINDOWS 7 6 DESIGNING WINDOWS 7 8 Market Trends that Inspired Windows 7 9 WINDOWS 7 EDITIONS 10 Windows 7 Starter 11 Windows 7 Home Basic 11 Windows 7 Home Premium 12 Windows 7 Professional 12 Windows 7 Enterprise / Windows 7 Ultimate 13 Windows Anytime Upgrade 14 Microsoft Desktop Optimization Pack 14 Windows 7 Editions Comparison 15 GETTING STARTED WITH WINDOWS 7 16 Upgrading a PC to Windows 7 16 WHAT’S NEW IN WINDOWS 7 20 Top Features for You 20 Top Features for IT Professionals 22 Application and Device Compatibility 23 WINDOWS 7 FOR YOU 24 WINDOWS 7 FOR YOU: SIMPLIFIES EVERYDAY TASKS 28 Simple to Navigate 28 Easier to Find Things 35 Easy to Browse the Web 38 Easy to Connect PCs and Manage Devices 41 Easy to Communicate and Share 47 WINDOWS 7 FOR YOU: WORKS THE WAY YOU WANT 50 Speed, Reliability, and Responsiveness 50 More Secure 55 Compatible with You 62 Better Troubleshooting and Problem Solving 66 WINDOWS 7 FOR YOU: MAKES NEW THINGS POSSIBLE 70 Media the Way You Want It 70 Work Anywhere 81 New Ways to Engage 84 INTRODUCTION TO WINDOWS 7 6 WINDOWS 7 FOR IT PROFESSIONALS 88 DESIGNING WINDOWS 7 8 WINDOWS 7 FOR IT PROFESSIONALS: Market Trends that Inspired Windows 7 9 MAKE PEOPLE PRODUCTIVE ANYWHERE 92 WINDOWS 7 EDITIONS 10 Remove Barriers to Information 92 Windows 7 Starter 11 Access
  • Navigate Windows and Folders

    Navigate Windows and Folders

    Windows® 7 Step by Step by Joan Preppernau and Joyce Cox To learn more about this book, visit Microsoft Learning at http://www.microsoft.com/MSPress/books/ 9780735626676 ©2009 Joan Preppernau and Joyce Cox Early Content—Subject to Change Windows 7 Step by Step Advance Content–Subject to Change Windows 7 Step by Step Draft Table of Contents Overview Front Matter ............................................................................................................................................. 3 Contents ................................................................................................................................................ 3 About the Authors ................................................................................................................................ 3 Features and Conventions of This Book ................................................................................................ 3 Using the Companion CD ...................................................................................................................... 3 Getting Help .......................................................................................................................................... 3 Introducing Windows 7 ......................................................................................................................... 3 Part I: Getting Started with Windows 7 .................................................................................................... 4 1 Explore Windows 7 ...........................................................................................................................
  • Profileunity Release Notes

    Profileunity Release Notes

    Release Notes ProfileUnity™ and ProfileUnity FlexApp™ Change Log/Release Notes Version Table V 6.8.4.7654, RELEASED DECEMBER 16TH, 2020 .................................................................................................. 2 V 6.8.4.7647, RELEASED DECEMBER 9TH, 2020 .................................................................................................... 6 V 6.8.3.7468 R2, RELEASED JUNE 17 TH, 2020 .................................................................................................. 17 V 6.8.3.7311, RELEASED JANUARY 8TH, 2020 .................................................................................................... 25 V 6.8.2.7074, RELEASED MAY 17TH, 2019 ........................................................................................................ 35 V 6.8.1.7044, RELEASED APRIL 17TH, 2019 ....................................................................................................... 40 V 6.8.0.6886, RELEASED NOVEMBER 28TH, 2018 ............................................................................................... 48 V 6.7.7.6701, RELEASED MAY 8TH, 2018 ........................................................................................................... 57 V 6.7.6.6684, RELEASED APRIL 23RD, 2018 ....................................................................................................... 61 V 6.7.5.6663, RELEASED APRIL 4TH, 2018 ......................................................................................................... 65 V 6.7.0.6422,
  • Enable the Always Offline Mode to Provide Faster Access to Files

    Enable the Always Offline Mode to Provide Faster Access to Files

    Enable the Always Offline Mode to Provide Faster Access to Files 13 out of 16 rated this helpful - Rate this topic Published: April 18, 2012 Updated: July 3, 2013 Applies To: Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2 This document describes how to use the Always Offline mode of Offline Files to provide faster access to cached files and redirected folders. Always Offline also provides lower bandwidth usage because users are always working offline, even when they are connected through a high- speed network connection. In this document Prerequisites Enabling the Always Offline mode Prerequisites To enable the Always Offline mode, your environment must meet the following prerequisites. An Active Directory Domain Services (AD DS) domain, with client computers joined to the domain. There are no forest or domain functional-level requirements or schema requirements. Client computers running Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012. (Client computers running earlier versions of Windows might continue to transition to Online mode on very high-speed network connections.) A computer with Group Policy Management installed. Enabling the Always Offline mode To enable the Always Offline mode, use Group Policy to enable the Configure slow-link mode policy setting and set the latency to 1 (millisecond). Doing so causes client computers running Windows 8 or Windows Server 2012 to automatically use the Always Offline mode. Note Computers running Windows 7, Windows Vista, Windows Server 2008 R2, or Windows Server 2008 might continue to transition to the Online mode if the latency of the network connection drops below one millisecond.
  • Using the Windows 7 User Interface

    Using the Windows 7 User Interface

    08_0789741997_ch04.qxd 8/5/09 10:13 AM Page 115 4 USING THE WINDOWS 7 USER INTERFACE Who Should Read This Chapter? Many readers might wonder why an advanced book such as this includes coverage of something as basic as the Windows user interface (UI). The decision was primarily driven by the knowledge that many users of Windows 7 will be upgrading from Windows 2000, XP, and even Vista. For those users, savvy as they might be with Windows concepts, the Windows 7 UI is different enough that they’ll need a roadmap to get started. When you are familiar with it, you’ll wonder how you ever got around in those old clunky environments. In addition to the newer look of Windows 7, many new functions are woven into the fabric of the new UI—we don’t want you to miss out on them. We’ve also included some UI tips and tricks that you might not know about. So even if you con- sider yourself a Windows veteran, at least take the time to skim through this chapter before you move on. Don’t just take our word for it. Experiment with the new UI as you read this chapter. We’ve found that nothing can substitute for direct hands- on operation to get an understanding and a feel for the new user envi- ronment. Most of the information in this chapter is not of a level or type 08_0789741997_ch04.qxd 8/5/09 10:14 AM Page 116 116 Using the Windows 7 User Interface ART P II that can damage your system, but whenever caution is needed, we spell it out clearly.
  • Microsoft | MCSE Certified Solution Expert

    Microsoft | MCSE Certified Solution Expert

    Microsoft | MCSE Certified Solution Expert MCSE MCSA Introduction to Windows Compare windows editions Install windows from DVD and Iso File Intro vmware Workstation Hardware Requirment Network adapter setting in vmware Install windows on VHD Dual Boot BCDEdit Deploying windows Explain installation over network Intro install wim boot wim File Create Winpe Boot Create Custom Windows image Sysprep Deplying Image using WDS server Managing Drivers and Devices Sign and unsign drivers Device management Utilities verifier sigverif pnputil driverquery msinfo dxdiag Managing Application and Group policy Local Group Policy Software restriction Applocker Networking IPv addressing Subneting VLSM Network profile Easy Transfer USMT Home group Network discovery Network Adapter properties Name resolution cache flushdns IPv Troubleshooting Security Windows firewall Create Firewall Rules Firewall Command line tools Netsh Security Policy User Right Assignment Remote Management Remote desktop Remote assistance Remote management with WinRM Resource Sharing Share permission NTFS permission EFS Recovery agent Branchcache Offline File File Protection Work Folders Disk Management MBR vs GPT Basic vs Dynamic Create Primary and Extended Partitions Create Volumes Mount Partition File Systems Disk Quota Disk CleanUP Disk Defragmenter Bitlocker Storage Space Configure authorization and authentication Acount policy and Password Policy User account control credential Manager Configure system and data recovery Configure system restore Windows Backup And Restore Configure
  • Windows 10 Rollout Programme

    Windows 10 Rollout Programme

    Windows 10 Rollout Programme Key decision points for consideration 1. Folder Redirection 2. Admin Rights 3. Roaming Profiles 4. Data Ownership W10 - Key Decision 1 - Folder Redirection We are consulting with College and Service Group Representatives on Folder Redirection for Windows 10 as follows: 1) Please respond by accepting the only offered solution option 1 below 2) Or by rejecting with reasons for that response. Options: Option 1 – Folder redirection ON for desktop clients but OFF for mobile clients. This is the same as the existing SD7 “Windows 7” and “MDSD Windows 8” folder redirection configuration. This “option” is recommended by the service team. W10 - Key Decision 2 - Admin Rights 1) Please respond by choosing one or more from the options presented below. 2) Or by rejecting all options with reasons for that response. Option 1 – Admin rights for end users are enabled on request, are not reviewed, and are rarely revoked. This is the current solution. Enables users to install any application they want, which means that: The estate is vulnerable to threats posed by Potentially Unwanted Applications (PUAs). Applications which install to provide some stated function but modify the OS in unknown ways, e.g. install as search toolbar but harvest web activity. The estate is vulnerable to threats from unmanaged applications. E.g. Applications dependant on insecure versions of Java, Flash or .Net. End user’s files, data and information is unprotected. E.g. PUA’s which inspect html traffic on client and inject paid advertisements. Enables users to change a range of setting on a device, which means that: The state of estate is uncontrolled and unknown.
  • Prism Suite 13.0 Deployment Guide

    Prism Suite 13.0 Deployment Guide

    ® Prism Deploy Guide published June, 2012 This publication could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. New Boundary Technologies may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time. Copyright 2001-2012 by New Boundary Technologies, Inc. All rights reserved. This manual, as well as the software described in it, may only be used or copied in accordance with the terms of the license agreement included with the Prism Suite installation and product. Trademarks The following trademarks apply to this volume: NEW BOUNDARY TECHNOLOGIES, the New Boundary Technologies logo, Prism Suite, Prism Patch Manager, and Prism Asset Manager are registered trademarks of New Boundary Technologies, Inc. LANOVATION, Smart Update, Prism Deploy, and the Prism Deploy logo are trademarks of New Boundary Technologies, Inc. Express Inventory technologies are copyright Express Metrix, LLC 2012 Microsoft and Active Directory are registered trademarks of the Microsoft Corporation. Windows, Windows NT, Windows 2000, Windows XP, Windows Vista, and Windows 7 are trademarks of the Microsoft Corporation. All other products and companies are trademarks or registered trademarks of their respective companies. Patent Prism Suite is protected under US patent numbers 7,707,571, 7,568,018, and 6,564,369 Additional Notes Unless otherwise noted, all names of companies, products, and persons contained herein are part of a completely fictitious scenario or scenarios and are designed solely to document the use of the product. New Boundary Technologies, Inc.
  • Understanding Device Configurations | 3

    Understanding Device Configurations | 3

    Understanding Device LESSON 1 Configurations OBJECTIVE DOMAIN MATRIX TECHNOLOGY SKILL OBJECtIVE DOMAIN DEsCRIPtION OBJECtIVE DOMAIN NUMBER Configuring Device Options Configure device options 1.1 • Understanding Microsoft Accounts • Configuring Control Panel • Configuring System Options • Changing Date and Time • Managing Devices Configuring Desktop Settings Configure desktop settings 1.2 • Configuring the Start Menu • Configuring User Profiles • Configuring Display Settings • Configuring Shortcuts • Understanding Group Policy Configuring Drive Encryption Configure drive encryption 1.3 • Preparing for File Encryption • Configuring BitLocker Configuring Updates Configure updates 1.4 • Understanding Windows Update • Understanding App Updates • Understanding Device System Updates COPYRIGHTED MATERIAL KEY TERMS Action Center Computer Configuration node encryption Active Directory accounts decryption Group Policy Administrative Tools device driver Group Policy objects (GPOs) BitLocker Drive Encryption Device Manager Internet Protocol Security (BDE) Devices and Printers folder (IPsec) Cortana domain‐based accounts Jump List Control Panel Encrypting File System (EFS) live previews 1 MOAC_Exam_98-368_c01.indd 1 12/26/2015 2:29:42 PM 2 | Lesson 1 live tiles Recycle Bin user account local user accounts resolution user profile local user profile roaming user profile User State Migration Tool mandatory user profile shortcut Windows Easy Transfer Microsoft accounts Secure Sockets Layer (SSL) Windows Server Update Microsoft Management Transport Layer Security (TLS) Service (WSUS) Console (MMC) Trusted Platform Module Windows Update Patch Tuesday (TPM) pin User Configuration node You work as an IT technician for the Contoso Corporation, which has hundreds of computers with a good mix between desktop computers and laptop computers. In addi‑ tion, several users use smartphones and tablets to access their emails and documents. As an administrator, you need to ensure that your computers are fully functional and secure.
  • Managing User Settings with Group Policy

    Managing User Settings with Group Policy

    Module 6: Managing user settings with Group Policy Lab: Managing user settings with Group Policy (VMs: 20742B-LON-DC1, 20742B-LON-CL1) Exercise 1: Using administrative templates to manage user settings Task 1: Import administrative templates for Microsoft Office 2016 1. On LON-DC1, on the taskbar, click the File Explorer icon. 2. In File Explorer, in the navigation pane, expand Allfiles (E:), expand Labfiles, and then click Mod06. 3. Double-click admintemplates_x64_4390-1000_en-us.exe. 4. In The Microsoft Office 2016 Administrative Templates dialog box, select the Click here to accept the Microsoft Software License Terms check box, and then click Continue. 5. In the Browse for Folder dialog box, click Desktop, and then click OK. 6. In The Microsoft Office 2016 Administrative Templates dialog box, click OK. 7. In File Explorer, in the navigation pane, click Desktop, and then in the content pane, double-click admx. 8. Press Ctrl+A to select all files, right-click, and then click Copy. 9. In the navigation pane, expand Local Disk (C:), expand Windows, right-click PolicyDefinitions, and then click Paste. 10. Close File Explorer. Task 2: Configure Office 2016 settings 1. On LON-DC1, in Server Manager, click Tools, and then click Group Policy Management. 2. Switch to the Group Policy Management window. 3. In the navigation pane, expand Forest: Adatum.com, expand Domains, expand Adatum.com, and then click Group Policy Objects. 4. Right-click Group Policy Objects, and then click New. 5. In the New GPO dialog box, type Office 2016 settings and then click OK. 6. In the contents pane, right-click Office 2016 settings, and then click Edit.
  • Vmware User Environment Manager Administrator's Guide

    Vmware User Environment Manager Administrator's Guide

    User Environment Manager Administrator’s Guide ® VMware User Environment Manager V E R S I O N 8 . 7 .0 You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. Copyright © 2015 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com User Environment Manager Contents 1 Welcome ............................................................................................ 9 1.1 VMware User Environment Manager ................................................ 10 1.1.1 Application Configuration Management ....................................... 10 1.1.2 User Environment settings ........................................................ 10 1.1.3 Personalization ........................................................................ 11 1.1.4 Application Migration ................................................................ 11 1.1.5 Dynamic Configuration ............................................................. 11 2 Planning your deployment ............................................................... 12 2.1 VMware User Environment Manager terminology ............................... 12 2.2 User profile scenario considerations ................................................. 13 2.2.1 Mandatory profiles ................................................................... 13 2.2.2 Roaming profiles .....................................................................