Maintaining User Profiles

A profile is an environment specifically customized for a user. The profile contains the desktop and program settings for the user. Every user has a profile, whether the administrator configures one or not, because a default profile is automatically created for each user who logs on to a computer. Profiles offer a number of advantages:

  • Multiple users can use the same computer, with the settings for each user restored at logon to the same state as when he or she logged off.
  • Desktop changes made by one user do not affect any other user.
  • If user profiles are stored on a server, they can follow users to any computer on the network running Windows 2000 or Windows NT 4.

From an administrator's standpoint, the information in the profile can be a valuable tool for setting up default user profiles for all users on the network or for customizing default profiles for different departments or job classifications. You can also set up mandatory profiles that allow a user to make changes to the desktop while logged on but not to save any of the changes. A mandatory profile always looks exactly the same every time a user logs on. The types of profiles are as follows:

  • Local profiles Profiles made on a computer when a user logs on. The profile is specific to a user, local to that computer, and stored on the local computer's hard disk.
  • Roaming profiles Profiles created by an administrator and stored on a server. These profiles follow a user to any Windows 2000 or Windows NT 4 machine on the network.
  • Mandatory profiles Roaming profiles that can be changed only by an administrator.

Real World

What's Stored in a Profile?

All profiles start out as a copy of the Default User profile that is installed on every computer running Windows 2000. Registry data for Default User is in the Ntuser.dat file contained in the Default User profile. Inside each profile are the following folders:

  • Application Data Program-specific settings determined by the program manufacturer plus specific user security settings
  • Cookies Messages sent to a Web browser by a Web server and stored locally to track user information and preferences
  • Desktop Desktop files, folders, shortcuts, and the desktop appearance
  • Favorites Shortcuts to favorite locations, particularly Web sites
  • Local Settings Application data, History, and Temporary files
  • My Documents User documents and My Pictures, which contains user graphics files
  • NetHood Shortcuts to My Network Places
  • PrintHood Shortcuts to items in the Printers folder
  • Recent Shortcuts to the most recently accessed folders and files
  • SendTo Items on the Send To menu
  • Start Menu Items on the user's Start menu
  • Templates Application templates

By default, only the Cookies, Desktop, Favorites, My Documents, and Start Menu folders are visible in Windows Explorer. The other folders are hidden; to see them you'll need to select Folder Options, click the View tab, and select Show Hidden Files And Folders.

Local Profiles

Local profiles are created on computers when individual users log on. On a computer upgraded from Windows NT 4, the profile is stored in the Profiles folder on the system root partition. On a computer with a new installation of Windows 2000, the user profile is in the Documents And Settings folder (Figure 9-17).

Figure 9-17. A user's local profile.

The first time a user logs on to a computer, a profile folder is generated for the user, and the contents of the Default User folder are copied into it. Any changes made to the desktop by the user are saved in that user's profile when he or she logs off.

If a user has a local account on the computer as well as a domain account and logs on at different times using both accounts, the user will have two profile folders on the local computer: one for when the user logs on to the domain using the domain user account and one for when the user logs on locally to the computer. The local profile will be shown with the logon name. The domain profile will also be shown with the logon name but will have the domain name appended to it.

Roaming Profiles

Roaming profiles are a great advantage for users who frequently use more than one computer. A roaming profile is stored on a server and, after the user's logon is authenticated in the directory service, is copied to the local computer. This allows a user to have the same desktop, application configuration, and local settings at any machine running Windows 2000 or Windows NT 4.

Here's how it works. You assign a location on a server for user profiles and create a folder shared with users who are to have roaming profiles. You enter a path to that folder in the user's Properties dialog box. The next time the user logs on to a computer, the profile from the server is downloaded to the local computer. When the user logs off, the profile is saved both locally and in the user profile path location. Specifying the user profile path is all it takes to turn a local profile into a roaming profile, available anywhere in the domain.

When the user logs on again, the profile on the server is compared to the copy on the local computer, and the more recent copy is loaded for the user. If the server isn't available, the local copy is used. If the server isn't available and this is the first time the user has logged on to the computer, a user profile is created locally using the Default User profile. When a profile isn't downloaded to a local computer because of server problems, the roaming profile is not updated when the user logs off.

Put user profiles on a member server rather than on a domain controller to speed up the process of authentication and to avoid using a domain controller's processing power and bandwidth for the downloading of profiles. In addition, place the profiles on a server that is backed up regularly so that copies of roaming profiles are as recent as possible.

Setting Up Roaming Profiles

Setting up roaming profiles is very easy. Simply assign a location on a server and complete the following steps:

  1. Create a shared folder for the profiles on the server.
  2. In the Profile tab in the user account Properties dialog box, provide a path to the shared folder, such as \\server_name\shared_profile_folder\%username%.

Figure 9-18 shows an example of a path for a roaming profile. When you use the variable %username%, Windows 2000 automatically replaces the variable with the user account name.

Figure 9-18. Setting a path for a roaming profile.

Once you've created a shared profile folder on a server and supplied a profile path in the user account, a roaming profile is enabled. The user's configuration of his or her desktop is copied and stored on the server and is available to the user from any computer. Most of the time, though, you won't want to send your users off to fend for themselves. Life is easier for users and for you if they are assigned a customized profile that is already set up with appropriate shortcuts, network connections, and Start menu items. For this, you'll need to set up customized profiles.

Creating Customized Roaming Profiles

Creating customized roaming profiles is a simple—albeit multistep—process:

  1. Create a user account with a descriptive name such as District Managers or Sales Staff. This is just a "blank" user account that you'll use to create a template for the customized configuration.
  2. Log on using the template account and create the desktop settings you want, including applications, shortcuts, appearance, network connections, printers, and so forth.
  3. Log off the template account. Windows 2000 creates a user profile on the system root drive in the Documents And Settings folder. Figure 9-19 shows the user account named Editors that has been created to be a template.

    Figure 9-19. Creating a template for configuring profiles.

  4. Log on using an administrator account. Launch Active Directory Users and Computers, and find the account for which you want to assign the customized roaming profile.
  5. Right-click the account and choose Properties from the shortcut menu. Click the Profile tab.
  6. In the Profile Path box, type \\server_name\profile_folder\username. (Figure 9-20 shows an example.) Click OK.

    Figure 9-20. Providing a path to the roaming profiles folder.

  7. In Control Panel, open System.
  8. Click the User Profiles tab, and highlight the template profile. Click Copy To.
  9. In the Copy To dialog box, type the path of the profiles folder on the server, such as \\server_name\shared_folder_name\username.
  10. In the Permitted To Use area, click Change to give the user permission to use the profile (Figure 9-21). Click OK to copy the template profile.

    Figure 9-21. Copying a template profile to a user's profile folder.

Using Mandatory Profiles

If you're going to all the trouble of assigning customized profiles, you'll undoubtedly want to make the profiles mandatory. A mandatory profile can be assigned to multiple users. When you make a change to a mandatory profile, that change is made to the environments of all of the users to whom you've assigned the mandatory profile. To change a profile into a mandatory profile, you must rename the hidden file Ntuser.dat to Ntuser.man.

If you don't see the Ntuser file in the individual's Profiles folder, choose Folder Options from the Tools menu and click the View tab. In Advanced Settings, select Show Hidden Files And Folders.

Assigning a Logon Script to a User Profile

Logon scripts can be assigned by profile or through Group Policy. (Group Policy is covered later in this chapter.) To assign a script to a profile, follow these steps:

  1. Launch Active Directory Users and Computers from the Administrative Tools folder.
  2. In the console tree, click Users. Right-click the user account and choose Properties from the shortcut menu.
  3. Click the Profile tab and enter the name of the logon script in the Logon Script box.
  4. Click OK when you're finished.

Windows 2000 always looks for logon scripts in the same place—on the authenticating domain controller at the path %SystemRoot%\SYSVOL\sysvol\domain_ name\scripts. Scripts in this folder can be entered in the Logon Script path by name only, as shown in Figure 9-22. If you use folders inside the Scripts folder, you must show that part of the path in the Logon Script path (Figure 9-23). Table 9-7 shows the special variables that can be used when creating logon scripts. Logon scripts can also be created in VBScript and JScript. Replication of logon scripts to all domain controllers is automatic on NTFS volumes on Windows 2000 servers. Other types of files, such as FAT files, must be replicated manually.

Figure 9-22. A logon script located inside the Scripts folder.

Figure 9-23. A logon script in subfolders inside the Scripts folder.

Table 9-7. Logon script variables

Variable Description

%homedrive%

Letter of the drive containing the user's home directory on the user's local workstation

%homepath%

Full path of the user's home directory

%os%

User's operating system

%processor_architecture%

Processor type on the user's workstation

%processor_level%

Processor level of the user's workstation

%userdomain%

Domain where the user's account is defined

%username%

Account user name



Microsoft Windows 2000 Server Administrator's Companion
Microsoft Windows 2000 Server Administrators Companion
ISBN: 0735617856
EAN: 2147483647
Year: 2003
Pages: 320

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net