Scense

Full Version: Roaming cookies in IE10 and IE11
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
We just solved an issue at a customer where cookies (for IE10 or IE11) were not roaming for VDI. After several hours with tech support from Microsoft finally a solution (actually: it already exists) was found.

It appears that this issue is originating as 'we' administrators were frustrating Microsoft with the case that cookies generate to many tiny files, which impact for example (backup) performance or logon/logoff (roaming, copying it to/from the server). Also the large amount of files require a lot of file IO when accessing these cookies.

As a solution Microsoft introduced with IE10 a new concept, a database that is stored in the local appdata part of a user profile. The downside to this is that the database is exclusive locked when Internet Explorer is active, and even minutes after it is closed. This also is the case if an IE window is integrated in another application (and this is often, I can assure to you). This means that the database is locked most of the time and prevents backing it up using for example Scense Live Profiles (or any other solution). And as it is in local appdata, it also does not roam.

The solution would be a setting like "Enable roaming cookies".

The funny thing: This setting exists! It is just called a bit different, like "Delete cached copies of roaming profiles". The official description: https://support.microsoft.com/en-us/kb/274152. Why didn't i interprete it this way?!?

The description so it is available even if the link ever goes down:
If you enable Group Policy, any local copy of a user's roaming profile is deleted when the user logs off. However, the roaming profile still remains on the network server that stores it.

You can configure a Group Policy Object (GPO) to perform the preceding behavior by performing the following steps:
1.Edit the GPO that you want to modify.
2.Locate the following section: Computer Configuration \ Administrative Templates \ System \ User Profiles.
3.Double-click Delete cached copies of roaming profiles (the Group Policy setting).
4.Click Enabled.


After setting this policy (and allowing it to be distributed among your domain controllers and become active... give it some time), you will see the following behavior:

In the folder "%APPDATA%\Microsoft\Windows\INetCookies" (Win 8/10/2012) or "%APPDATA%\Microsoft\Windows\Cookies" (Win 7) besides the common .TXT files there will be additional .DAT files. These contain the information to be able to rebuild the cookie database.

Good luck using this information and make sure it does not cost you weeks (like it did in our case)!