USER PROFILES

Previous page
Table of content
Next page

USER PROFILES

A user profile is simply a Registry hive in file format (NTuser.dat) and a set of profile folders (stored in % systemdrive % \Documents and Settings) that contain information about a specific user's environment and preference settings. Profiles include settings such as printer connections, background wallpaper, ODBC settings, MAPI settings, color schemes, shortcuts, Start menu items, desktop icons, mouse settings, folder settings, and shell folders such as My Documents. Profiles are automatically created the first time a user logs on to any NT-based machine, including a terminal server.

NTuser.dat (the file which stores the user's Registry-based preferences and configurations) is loaded by the system during logon and mapped into the Registry under the subtree HKEY_CURRENT_USER. This file can be found at the root of the user's profile location such as C:\Documents and Settings\username\NTuser.dat. The set of profile folders such as Application Data, Cookies, Desktop, and Start Menu are also located at the root of a profile location such as C:\Documents and Settings\ username \Application Data. The Application Data profile folder is where applications and other system components store user data, settings, and configuration files. There are two types of profiles: local and roaming.

Local Profiles

As the name implies, a local profile is a user profile that exists on a single machine. By default, a user will employ a local profile and may have several local profiles on different machines. This type of profile is not very useful for the average user, since it cannot traverse a load-balanced server farm. Local profiles lead to end-user confusion, as applications and environment changes do not follow the users when they log on to different servers in the farm. For example, a user may change their background setting to green on one terminal server, log off, and then log back on to a different terminal server to find that the background is not green. This is caused by having two separate local profiles, with one on each server. Local profiles are useful for administrators or service accounts that do not need their settings to roam from one server to another.

Roaming Profiles

A roaming profile is a centrally stored version of a local profile. The profile is "roaming" in that it is copied to every computer the user logs on to as their "local" profile. There, it is utilized as a locally cached copy until the user logs off, at which point it is saved back to a central storage location for profiles. This is the primary type of profile employed in a Citrix network due to the necessity of having user settings "roam" with the user. A roaming profile can also be mandatory. The corresponding files have an extension specific to the type: NTuser.dat for a roaming profile and NTuser.man for mandatory roaming. Mandatory profiles are covered more in depth in the next section.

Roaming profiles allow users to make changes to their environment. These changes are then recorded in the locally stored copy of the roaming profile. Once a user logs off, the profile changes are copied back to the network share from which it was originally loaded. This profile is then used the next time the user logs on to the on-demand access environment. Another item to remember with roaming profiles is that the last write wins. An example of this can be seen when a user logs on to two different machines simultaneously . The user may change something in his or her profile in one session (such as the background color to green) and proceed to log off. The user then changes the background color to blue in the other session and log off. As a result, the user will end up having a blue background the next time he or she logs on to a machine. This is due to the fact that the last logout causes the profile to be written back to the profile storage location, overwriting any previous writes .

image from book

Roaming profiles have the following advantages:

  • User-specific application settings, such as default file locations, file history, and fonts, are saved to the profile.

  • Users can customize the desktop environment. They can change colors, fonts, backgrounds, desktop icons, and the Start menu.

These are among the default limitations of roaming profiles:

  • Profiles have no restriction on file size , which can lead to rapidly increasing disk space and network bandwidth consumption. This becomes a problem particularly when users drag large documents onto their desktop for easy access.

  • Users are not prevented from making changes that might render their environment unstable or unusable.

Although roaming profiles were designed to allow users to make changes, roaming profiles can be locked down to reduce the changes a user can make to their environment. A review of how to implement roaming profiles with Group Policy to achieve a balance between giving users sufficient rights to change what they need while maintaining control and manageability of the profiles is presented later in this chapter.

Mandatory Roaming Profiles

A mandatory roaming profile is a specific type of roaming profile that is preconfigured by an administrator and cannot be changed by the user. This type of profile has the advantage of enforcing a common interface and a standard configuration. A user can still make modifications to the desktop, Start menu, or other elements, but the changes are lost when the user logs off, as the locally stored profile is not saved back to the network share.

Mandatory roaming profiles are created by renaming the NTuser.dat file in the roaming profile to NTuser.man. Mandatory profiles should be used for kiosk environments or where users cannot be trusted to change settings related to their profiles.

Mandatory roaming profiles have the following advantages:

  • Profile size is fixed and typically small. This alleviates disk storage problems and potential network congestion.

  • Profile network traffic is cut in half, since the locally cached profile is never copied back to the profile server.

  • No user settings are saved. This eliminates some help-desk calls, as it prevents users from inadvertently destroying their environments. If a user has made inappropriate changes to the environment, logging off and logging back on will reset the user to an original configuration.

The following are disadvantages of mandatory roaming profiles:

  • No user settings are saved. This lack of flexibility may lead to the need to create various "standard" mandatory roaming profiles to accommodate different needs.

  • User-specific application settings, such as Microsoft Outlook profile settings, are not saved with the profile. Mailbox settings need to be set each time a user logs on to the system or be configured before the profile is changed to mandatory.

Many of the same beneficial restrictions of mandatory roaming profiles can be accomplished using a standard roaming profile without compromising flexibility. For this reason, mandatory profiles are not often utilized in the on-demand access environment.

Profile Mechanics

Two separate roaming profile locations can be specified in an Active Directory domain. Both are configured from within the Active Directory Users and Computers administration program.

  • Terminal Server Profile Path This profile path is used when a user logs on to a server with Terminal Services running. It is configured from the Active Directory Users and Computers administration program on the Terminal Services Profile tab, as shown in Figure 15-1. This setting is strongly recommended in an on-demand access environment to keep users' terminal server profiles separate from their standard client OS profile. Alternatively, the profile path can be enforced globally via the applicable Group Policy assigned to the Organizational Unit (OU) that contains the server object as shown in Figure 15-2.

    image from book
    Figure 15-1: Terminal Services Profile path (via Active Directory Users and Computers)

    image from book
    Figure 15-2: Terminal Services Profile path (via Active Directory Group Policy)

    Note 

    Windows Server 2003 Active Directory environments can use Group Policy to set the Terminal Server profile path. With the advent of Service Pack 1 for Windows Server 2003, significant additional options are available for controlling the "Terminal Services" (underlying Microsoft services) behavior through Group Policies.

  • User Profile Path This profile path is used when a user logs on to a computer without Terminal Services running (such as a local workstation or laptop) or when no specific Terminal Server profile path is specified. This profile path is configured from the Active Directory Users and Computers administration program on the Profile tab, as shown in Figure 15-3.

image from book
Figure 15-3: User Profile path

The importance of these two profile paths is critical in setting up an optimized on-demand access and is illustrated in the following example. Users located at the CME-EUR site log on to Windows 2000 Professional desktops before launching Citrix applications. They have a value for User Profile Path populated for their user accounts, which points to a local server (\\frankfurtsrv\profiles\ %username% ). This keeps the profiles for their local workstation close to their workstation for optimal retrieval. The same users log on to a Citrix Presentation Server are located back at CME-CORP in Chicago, Illinois. The Terminal Services profile path for these users points to a server located in the corporate network in Chicago (chicagosrv\profiles\ %username% ). This is done to avoid having profiles copied from the Frankfurt file server over the WAN links to the Chicago Citrix Presentation Server and avoids user confusion that may arise from having a common profile for both their local workstation and Citrix Presentation Server sessions.

Profile Processing

The process that occurs when a user logs on to a Terminal Server is as follows . The Terminal Server contacts a domain controller to determine where the roaming profile is located as specified in the Terminal Services Profile text field in the user's account. If this field exists, the profile is copied down to a locally cached version of the profile. If the Terminal Services Profile field is left blank, the Terminal Server will look at the Profile Path text field and download that profile if it exists. If both fields are blank, the Terminal Server will use a local profile (if one already exists) or create one if it does not exist by copying settings from the default users profile on the machine they are logging on to. This process is illustrated in Figure 15-4.

image from book
Figure 15-4: Profile processing

Home Directory

Like the profile path settings, two different home directories can be specified. Terminal Services Home Directory (shown in Figure 15-5) specifies the directory used when a user logs on to a server running Terminal Services. The Home folder (shown earlier in Figure 15-3) specifies the user's home directory when they are not utilizing a machine with Terminal Services.

image from book
Figure 15-5: Terminal Services Home directory (via Active Directory Group Policy)
Note 

The Terminal Services Home directory can be specified with Group Policy.

Windows 2000 and 2003 will default the home directory location to the user's profile if no other location is specified, causing a profile's size to swell as users store information at this location. Since a user's profile is copied across the network every time the user logs on to, or off of, another computer, the goal is to minimize the size of the profile. Home directories accomplish this by giving the users a location to store their personal information outside of the profile.

Note 

Support for legacy applications that were not designed appropriately still may require the use of application compatibility scripts. The data from the application compatibility scripts are stored in the home directory. Chapter 13 has more information on the use of application compatibility scripts.

Home directories should be placed on network file servers that are co-located with the terminal servers in order to facilitate the efficient transfer of files. In relation to our case study CME Corporation, we recommend creating a home directory share called "Home" on the local enterprise file server closest to the user and storing the home directories in this share.


Previous page
Table of content
Next page
Citrix Access Suite 4 for Windows Server 2003. The Official Guide
Citrix Access Suite 4 for Windows Server 2003: The Official Guide, Third Edition
ISBN: 0072262893
EAN: 2147483647
Year: 2004
Pages: 137
Authors: Steve Kaplan, Tim Reeser, Alan Wood
BUY ON AMAZON
Image Processing with LabVIEW and IMAQ Vision
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
The Java Tutorial: A Short Course on the Basics, 4th Edition
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Python Programming for the Absolute Beginner, 3rd Edition
Understanding Digital Signal Processing (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy