Exploring User Profiles
Windows loads users' profiles when they log on to a computer and unloads their profiles when they log off. A user profile contains a registry hive with per-user settings and folders, which contain documents and data files. The next section, “Profile Hives,” describes the registry hive that the operating system loads. The section “Profile Folders” describes the folders in a user profile.
Before delving into the contents of user profiles, knowing their location on the file system is useful. The default location is different than it was in Microsoft Windows NT 4.0 or other operating systems of that era. Remember that Windows NT 4.0 stored user profiles in %SystemRoot%\Profiles, but this location made it difficult to secure the operating system files while allowing access to users' data. Windows 2000, Windows XP, and Windows Server 2003 store user profiles in a different location, which enables you to pull user data out from under an operating system folder: %SystemDrive%\ Documents and Settings, C:\Documents and Settings on most computers. This is the case only with a clean installation of Windows, however.
If you upgrade from a version of Windows earlier than Windows 2000, the profiles remain where they were in the previous operating system. For example, if you upgrade from Windows NT 4.0 to Windows XP or Windows Server 2003, the profiles remain in %SystemRoot%\Profiles. The location of user profiles after upgrading from Windows 2000 to Windows XP or Windows Server 2003 depends on whether you installed Windows 2000 cleanly or upgraded from an earlier version of Windows. In other words, the setup program never moves user profiles during an upgrade.
Windows creates and stores a list of user profiles. Table 12-1 shows the locations of user profiles depending on the scenario. The key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList corresponds to the list you see in the User Profiles dialog box. To open the User Profiles dialog box, from Control Panel, launch System, and in the System Properties dialog box, on the Advanced tab, click Settings in the User Profiles frame. Each subkey is a user profile, and the subkey's name is the Security Identifier (SID) of the account that owns the profile. Each profile in ProfileList contains the REG_SZ value ProfileImagePath that points to a user profile folder in %SystemRoot%\Documents and Settings. Figure 12-1 illustrates the relationship between the ProfileList key and the user profile folders. This relationship is the reason that you shouldn't just remove a user profile from the file system. Instead, use the User Profiles dialog box to remove user profiles, which cleans the user profile out of the ProfileList key as well as off the file system.
Scenario | Location |
Clean installation | %SystemDrive%\Documents and Settings |
Upgrade from Windows 2000 | %SystemDrive%\Documents and Settings |
Upgrade from Windows NT 4.0 | %SystemRoot%\Profiles |
Upgrade from Windows 98 | %SystemDrive%\Documents and Settings |
Figure 12-1 The subkeys of ProfileList contain a wealth of information about the user profiles that Windows has created, including their paths on the file system.
NOTE
In enterprises that use Windows NT 4.0, IT professionals sometimes move profiles to %SystemRoot%\Profiles when deploying Windows because managing the profiles is often easier if they are in the same location regardless of the platform. Windows answer files offer a setting that enables you to do that. The setting is ProfilesDir, and it's in the [GuiUnattended] section. Set ProfilesDir to the path of the folder in which you want to store profiles. You should begin the path with either %SystemRoot% or %SystemDrive%; otherwise, the setup program ignores it.
Advantages of User Profiles
The primary goal of user profiles is to keep each user's settings and data distinct from that of other users as well as from the computer's settings. This separation has several advantages for enterprise environments and makes Windows more convenient to use at home, too. User profiles enable stateless computing. A company can configure Windows to store key user settings and data separately from the computer. This makes backing up and replacing computers much easier because users' data is stored on the network and maintained separately from the computer's configuration. The first time users log on to a replacement computer, the operating system copies their settings from the network, allowing them to get back to work more quickly.
Roaming user profiles also allow users' settings to follow them from computer to computer. They don't have to reconfigure settings at each computer. When they log on to a network that supports roaming user profiles, the operating system downloads their settings from the network. When they log off the computer, the operating system copies users' settings back to the network. Roaming user profiles make sharing computers more feasible because each user has his or her personalized configuration. Roaming user profiles are a must-have in environments such as call centers, where users aren't guaranteed to sit down at the same computer twice. You learn about roaming user profiles in the section “Using Roaming User Profiles,” later in this chapter.
Profile Hives
The first half of a user profile is the profile hive: NTUSER.DAT. You learn about the second half in the next section, “Profile Folders.” This profile hive is in the root of users' profile folders. Chapter 1, “Learning the Basics,” and Chapter 2, “Using Registry Editor,” describe hive files and how to work with them. Users' operating system and application settings are stored in profile hives. For example, you find all the per-user settings for Windows Explorer and persistent network connections in profile hives. Profile hives also contain per-user taskbar, printer, and Control Panel settings. Accessories that come with Windows store per-user settings in the profile hive.
When Windows loads a user profile, the operating system loads the hive file NTUSER.DAT into the subkey HKU\SIDSID, where SID is the user's SID. (See Chapter 1, “Learning the Basics,” for more information about SIDs.) Then Windows links the root key HKCU to HKU\SIDSID. Figure 12-2 shows this relationship. Windows and most applications reference users' settings through HKCU, not HKU\SIDSID, because HKCU resolves which subkey of HKU contains the console user's settings. HKU contains a second hive file, HKU\SIDSID_Classes, which contains per-user file associations and class registrations. You learn about this in Appendix A, “File Associations.”
Figure 12-2 Windows loads NTUSER.DAT into HKU\SIDSID and then links HKCU to it.
The list of profile hives is in the key ProfileList, which you learned about in the previous section. It contains one subkey for each user profile. The subkey's name is the name of the hive in HKU or the account's SID. The REG_SZ value ProfileImagePath is the path of the profile hive file NTUSER.DAT for that user profile. ProfileList does not contain a value for the SIDSID_Classes hives, however. HKLM\SYSTEM\CurrentControlSet\ Control\hivelist contains one REG_SZ value for each hive in HKLM and HKU that the operating system is currently using. The difference between the values ProfileList and hivelist is that ProfileList contains a list of all user profiles that Windows knows about, loaded or not, and hivelist contains a list of all currently loaded hive files.
TIP
You can load and edit profile hives in Registry Editor (Regedit) without logging on to the computer using the account that owns that user profile. This is one of the techniques that you use later in this chapter to build default user profiles.
Profile Folders
The folders in a user profile contain per-user application files. For example, Microsoft Office 2003 Editions installs templates and custom dictionaries in the user profile. Microsoft Internet Explorer stores its cookies and shortcuts in the user profile. The most interesting folder in a user profile is the Application Data folder. Figure 12-3 shows a user profile in Windows Explorer. Some of the folders are hidden; show the hidden files in Windows Explorer if you want to see the following folders for yourself:
This folder contains application files, such as mail files, shortcuts, templates, and so on. Each application's vendor chooses what files to store here. You can redirect this folder to a network location using Group Policy.
This folder contains Internet Explorer cookies.
This folder contains files, folders, and shortcuts on the desktop. Users see the contents of this folder on the Windows desktop. You can redirect this folder to a network location using Group Policy.
This folder contains Internet Explorer favorite shortcuts. Users see the contents of this folder on Internet Explorer's Favorites menu. Group Policy doesn't support redirecting this folder, but you can redirect it manually as shown in Chapter 18, “Fixing Common IT Problems.”
This folder contains application files that do not roam with the profile. The files you find in this folder are either per-computer or too large to copy to the network. This folder contains four interesting subfolders:
This subfolder contains computer-specific application data.
This subfolder contains Internet Explorer history.
This subfolder contains per-user temporary files.
This subfolder contains Internet Explorer offline files.
This folder contains the default location for users' documents. Applications should save users' documents to this folder by default, and this is the location to which the common dialog boxes open by default. This folder also contains the My Pictures folder, which is the default location for users' pictures, and optionally the My Music folder, which is the default location for users' music files. You can redirect this folder to a network location using Group Policy.
This folder contains shortcuts to objects on the network. Users can browse the folders to which these shortcuts are linked in the My Network Places folder.
This folder contains shortcuts to printer objects. Users see the contents of this folder in the Printers folder.
This folder contains shortcuts to the most recently used documents. Users see these shortcuts on the My Recent Documents menu, which is on the Start menu.
This folder contains shortcuts to drives, folders, and applications that are copy targets. Users see the contents of this folder when they right-click an object and then click Send To.
This folder contains shortcuts to program items. Users see the contents of this folder on the Start menu and on the Start menu's All Programs menu. IT professionals can redirect this folder to a network location using Group Policy.
This folder contains template files. Users see the contents of this folder when they right-click in a folder and then click New.
Figure 12-3 The user profile folders that you see in this figure are the default folders in a clean installation of Windows.
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders is the key where Windows stores the location of each folder that's part of a user profile. Each value in this key represents a folder, as shown in Table 12-2. These are REG_EXPAND_SZ values, so you can use environment variables in them. Use %UserProfile% to direct the folder somewhere inside users' profile folders and %UserName% to include users' names, particularly when you want to redirect a profile folder to a network location. Redirect users' Favorites folders to the network by setting Favorites to \\Server\Share\%UserName%\FavoritesServer\Share\%UserName%\Favorites, where \\Server\Share is the server and share containing the folders, for example. Windows does not use the similar key Shell Folders.
Name | Default Path |
AppData | %UserProfile%\Application Data |
Cache | %UserProfile%\Local Settings\Temporary Internet Files |
Cookies | %UserProfile%\Cookies |
Desktop | %UserProfile%\Desktop |
Favorites | %UserProfile%\Favorites |
History | %UserProfile%\Local Settings\History |
Local AppData | %UserProfile%\Local Settings\Application Data |
Local Settings | %UserProfile%\Local Settings |
My Pictures | %UserProfile%\My Documents\My Pictures |
NetHood | %UserProfile%\NetHood |
Personal | %UserProfile%\My Documents |
PrintHood | %UserProfile%\PrintHood |
Programs | %UserProfile%\Start Menu\Programs |
Recent | %UserProfile%\Recent |
SendTo | %UserProfile%\SendTo |
Start Menu | %UserProfile%\Start Menu |
Startup | %UserProfile%\Start Menu\Programs\Startup |
Templates | %UserProfile%\Templates |
Special Profiles
The profile folders you saw in Figure 12-1 contain more than the standard user profiles that Windows creates when users log on to the operating system. The following describes four special user profiles about which any IT professional should learn:
This profile folder contains settings that apply to all users who log on to the computer. This profile folder contains a profile hive, NTUSER.DAT, which the operating system doesn't load. Also, this profile folder contains the shared documents and music folders, shared Start menu shortcuts, and so on. The key User Shell Folders in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ Explorer contains the linkages to the subfolders in the All Users profile folder.
This profile folder contains the default user profile that Windows copies when it creates new user profiles. It contains most of the files and folders that you learned about in the previous section. Customizing this folder is a good way to start each user who logs on to the computer with the same settings. Windows first checks for a Default User folder on the NETLOGON share of the server and uses the local Default User folder only if the network copy isn't available. Customizing this folder is a good way to deploy settings that you don't want to manage. You learn how to customize it in the section “Deploying Default User Profiles,” later in this chapter.
This profile folder is for the built-in LocalService account, which Service Control Manager uses to host services that don't need to run under the LocalSystem account. This is a normal user profile with limited data. You don't see it in the User Profiles dialog box, and the LocalService folder is super-hidden.
This profile folder is for the built-in NetworkService account, which the Service Control Manager uses to host network services that don't need to run under the LocalSystem account. This is a normal user profile. You don't see it in the User Profiles dialog box, and the NetworkService folder is super-hidden.
In the previous list, the first two profile folders are far more interesting than the last two. IT professionals often customize the All Users profile folder on disk images. The customization, such as a shortcut on the Start menu, affects all users who log on to the computer. However, IT professionals more frequently customize the Default User folder. Doing so is a great way to create custom settings that you don't want to manage. In other words, it's one method for deploying common user preferences while still allowing users to change those preferences if necessary. As you'll learn throughout this chapter, customizing the Default User folder on a disk image isn't necessarily the most efficient means to deploy default user settings. Instead, create a customized Default User folder on the server's NETLOGON share. See the section “Deploying Default User Profiles,” later in this chapter.
TIP
Many programs install themselves for use by a single user when you really want all users who share the computer to use them. You can tell when a program is installed per-user because its shortcut is in the profile folder belonging to the account you used to install it. If the program re-creates missing settings as it starts, you can change the program from per-user to per-computer by simply moving its shortcut from the user profile folder in which it installed the shortcut to the All Users profile folder. This works the other way, too. You can move a shortcut from the All Users profile folder to a specific user's profile folder so that only a single user sees the shortcut.
Improvements to User Profiles
In Windows 2000, poorly written applications and services that keep registry keys open during logoff prevent Windows 2000 from unloading the user's registry hive. When this occurs, changes that a user made to his or her profile are not saved to the server. This has three symptoms:
The user experience is affected because changes are not saved when users log on to another computer.
Because locked profiles never get unloaded, they end up using a lot of memory on a terminal server that has many users logging on to it.
If a profile is marked for deletion at logoff (to clean up the machine or for temporary profiles), profiles do not get deleted.
The three symptoms are solved as follows:
In Windows, when a user logs off and the profile is locked, the operating system polls the profile for 60 seconds before giving up. Windows then saves the user's profile hive and roams the profile correctly.
When the application or service closes the registry key and unlocks the profile, Windows unloads the user's profile hive, freeing memory used by the profile.
If a profile is marked for deletion, when the reference count drops to zero, Windows unloads and deletes it. In the event that the application never releases the registry key, Windows deletes all profiles marked for deletion at the next machine boot.