iTunes

Last modified by Sebastian Marsching on 2022/05/29 12:14

Excluding iOS backups from roaming profiles

iTunes saves iOS backups in the AppData\Roaming\Apple Computers\MobileSync\Backup folder of the user's profile. As iOS backups can be quite large (10+ GBs), synchronizing the user profile when using roaming profiles can get very slow. Unfortunately, iTunes does not provide any means to specify a different path. However, there are two approaches (which can be combined if desired) to solve this problem:

Solution 1: Exclude the folder from the roaming profile

There is a group policy which allows to exclude specific paths from the roaming profile. These paths will not be copied from the client computer to the network server and vice-versa. This policy can be found under User ConfigurationPoliciesAdministrative TemplatesSystemUser Profiles and is called Exclude directories in roaming profile.

Solution 2: Create a symbolic link to redirect the backup folder

Solution 1 has the disadvantage that the backups are only kept on the local computer. This can be undesirable because local data might not be included in backups. However, it is possible to create a symbolic link to store the data in a different directory (e.g. on a network drive). Use the mklink command for this purpose. For example:

mklink /D "C:\Users\<username>\AppData\Roaming\Apple Computers\MobileSync\Backup" "\\server\path\to\user\share\<username>\Documents\iOS Backup"

The command has to be run with administrative privileges (unfortunately, normal users cannot create such links). The backup folder should be moved to its new location before running this command. Using a symbol link has the advantage that it can point to a network share (a junction point cannnot).

Unfortunately, this step has to repeated on every computer on which iTunes is used to synchronize iOS devices because the symbol link is not synchronized as part of the roaming profile. Maybe, someone has a clever idea about how to automate this (it is not easy because administrative privileges are required). However, when combined with solution 1, even if the symbol link is not created, the backup will not be stored as part of the roaming profile (however, this means that backups will differ between different computers).

On a side note, the privilege to create symbolic links can be given to other uses than administrators through a group policy setting (Computer ConfigurationPoliciesWindows SettingsSecurity SettingsLocal PoliciesUser Rights AssignmentCreate symbolic links). However, one should be careful with assigning this privilege to broadly, because it might have security implications. The documentation for the group policy setting says: “WARNING: This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them.”

Further resources

I found the following resources helpful in figuring out these two solutions: