Microsoft Windows XP Professional Resource Kit 2003
ISBN: N/A
EAN: N/A
EAN: N/A
Year: 2005
Pages: 338
Pages: 338
A user profile is a group of settings and files that defines the environment that the system loads when a user logs on.
A user profile contains:
A portion of the registry that stores registry settings such as Windows Explorer settings, persistent network connections, taskbar settings, network printer connections, user-defined Control Panel and Accessories settings, and application settings.
A set of profile folders that store information such as shortcut links, desktop icons, and startup applications.
User profiles are located by default on the local computer; one profile is created for each user who has logged on to that computer. When administrators configure profiles to roam, the data and settings in a user s profile are copied to a network server when the user logs off of the computer. The data and settings are then available to the user no matter where he or she next logs on to the network.
While useful for mobile users, roaming user profiles are also beneficial for users who always use the same computer. Roaming user profiles provide a transparent way for such users to back up their profiles to a network server, thus protecting the information from individual system failure. If a user s primary workstation needs to be replaced, the new computer receives the user s profile from the server as soon as the user logs on.
You can use roaming user profiles together with Remote OS Installation and Software Installation and Maintenance when you replace a computer. If a computer system fails and loses its data, you can use Remote OS Installation to install Windows XP Professional, use Software Installation and Maintenance to restore applications, and use roaming user profiles to restore critical information. Because a network copy of the data exists, you can easily reestablish links to critical information.
Roaming user profiles are configured by means of the user object contained in the Active Directory directory service or the domain controller. For more information about configuring roaming user profiles on Microsoft Windows 2000 Server see the Distributed Systems Guide of the Microsoft Windows 2000 Server Resource Kit.
The following guidelines can be used when planning profile configurations for users of mobile computers:
If the user regularly connects to the network via fast link, consider using a roaming user profile.
If the user rarely connects via fast link, use a local profile. By default, roaming user profiles do not roam over slow links. For example, if a user in the field generally connects via a dial-up connection, but comes into the office twice a year and connects via the LAN, a roaming profile offers little advantage, as the server copy would only be up-to-date on those two occasions.
If the user roams to LAN-connected computers in the domain and also has a laptop computer, use a roaming user profile for the user. For the laptop computer, enable the Group Policy setting Only allow local user profiles. Note that a Computer Configuration Group Policy setting takes precedence over a User Configuration setting, so the user will receive his or her User setting on desktop computers, but will receive the Computer setting on the laptop computer.
Windows XP Professional includes new Group Policy settings, support for Windows XP Professional fast network logon, and more robust roaming. These features increase the usability, resilience, and performance of roaming user profiles.
The Group Policy settings that you use to manage user profiles have been moved to their own folders in the Group Policy snap-in, under Computer Configuration\Administrative Templates\System\User Profiles and User Configuration\Administrative Templates\System\User Profiles. In addition, three new Computer Configuration settings are available with Windows XP Professional.
Determines whether changes users make to their roaming profiles are merged with the server copy of the profile. If this policy is set, users receive their roaming profiles when they log on, but any changes they make to their profiles will not be merged to their roaming profiles when they log off.
In Windows XP Professional, the default file permissions for newly generated roaming profiles are full control for the user, and no file access for the Administrators group. By default, an administrator must take ownership of a user s profile folder in order to gain access to it. Because taking ownership is an audited event, this increases the security of the profile folder. This policy allows the Administrators group to have full control of the user s profile directories, as in Windows NT 4.0.
Determines whether roaming user profiles are available on a particular computer. By default, when a roaming profile user logs on, his or her roaming profile is copied from the server to the local computer. If the user has already logged on to this computer in the past, the roaming profile is merged with the local profile. Similarly, when the user logs off this computer, the local copy of his or her profile, including any changes that have been made, is merged with the server copy.
Using the Group Policy setting, you can prevent users configured to use roaming profiles from receiving their profile on a specific computer.
To speed the startup and logon process, Windows XP Professional does not require that the network be fully initialized before a client computer can start up or before a user can log on. If a user has previously logged on to a particular client computer, he or she is subsequently logged on using credentials cached on that computer.
When a user switches from using a local profile to using a roaming profile, Windows XP Professional copies relevant portions of the user s registry from the server instead of from the local computer, to prevent an older local copy from overwriting the server copy. Thereafter, whenever the roaming user logs on, the computer always waits for the network, so the profile can be downloaded from the server.
When fast network logon is enabled (as it is by default in Windows XP Professional), if administrators remove the profile path from a user s object, it is recommended that they also either rename or delete the corresponding profile folder. If they do not, and an administrator later reenters the same path, the user will receive the older copy of the registry from the server.
In Windows 2000, certain applications and services keep registry keys open after the user logs off, preventing Windows from unloading the user s registry. When this occurs, profiles become locked and changes that users have made to their profiles are not saved to the server. This situation creates three problems for users:
The user experience is impacted, as users might wonder why changes have not been saved when they log on to another computer.
Because locked profiles are never unloaded, they use excessive memory on computers on which many users must log on (such as terminal servers).
Profiles that are marked for deletion when users log off (to clean up the computer or for temporary profiles) are not deleted.
Windows XP Professional provides the following solutions to these problems:
Sixty seconds after a user logs off, Windows XP Professional saves the user s registry and roams the profile correctly. In Windows 2000, if the profile is locked when a user logs off, Windows polls the profile for 60 seconds, and then quits.
When the application or service closes the registry key that unlocks the profile, Windows XP Professional unloads the user s registry, freeing the memory used by the profile.
If a profile is marked for deletion when the user logs off, it is deleted when the reference count drops to zero. If the application does not release the registry key, Windows XP Professional deletes all profiles marked for deletion the next time the computer starts.
The Folder Redirection feature of IntelliMirror allows an administrator to redirect the location of certain folders in the user profile to a network location. Combining Folder Redirection with roaming user profiles allows you to decrease logon and logoff times for roaming and mobile users. A common practice is to redirect My Documents and My Pictures, and allow Application Data, Desktop, and Start Menu to roam with the profile. In addition to the benefits of improved availability and secure backup that having the data on the network provides, users also realize performance gains over low-speed network connections and in subsequent logon sessions. Because only some of their documents are copied, performance is improved when users profiles are copied from the server. Not all of the data in the user profile is transferred to the desktop each time the user logs on only the data that user accesses during a session.
When you combine the use of Folder Redirection and roaming user profiles, you can also provide fast computer replacement. If a user s computer needs to be replaced, the user s data can quickly be reestablished from the server location(s) to a replacement computer.
| Note | When implementing roaming user profiles or Folder Redirection for users of laptop computers, keep in mind that the user must log on at least once over a fast link in order for these features to apply. If an administrator configures the laptop in the office, he or she should make sure the user of the laptop logs on to it while still connected via fast link before taking it into the field. An alternative is to use Group Policy to change the slow link speed temporarily. |
Note that Folder Redirection can be used with all types of user profiles: local, roaming, or mandatory. Using Folder Redirection with local profiles can provide some of the benefits of roaming profiles (such as having a user s data available at any computer, and maintaining data on the server) without the need to implement roaming profiles. Using Folder Redirection with a local profile, however, means that only the user s documents and files are available from all computers. To allow settings and configurations move with the user, you need to use roaming profiles.
For more information about using Group Policy to configure Folder Redirection on a Windows 2000 Active Directory network, see the Step-by-Step Guide to User Data and User Settings link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources For more information about alternate means of configuring Folder Redirection for non-Active Directory environments, see Managing Files and Folders in this book.
Table 7-2 lists the folders in a user profile, provides the default behavior for each folder, and indicates whether the folder can be redirected using Folder Redirection. For more information about selecting which folders to redirect and which to leave in the profile, see Managing Files and Folders in this book.
| Folder Name | Description | Roams with Profile by Default | Can Be Redirected Using Folder Redirection |
|---|---|---|---|
| Application Data | Stores application state data, such as toolbar settings and other non-registry-based settings. Application vendors decide what to store here. | Yes | Yes |
| Cookies | Contains user s Microsoft Internet Explorer cookies. | Yes | No |
| Desktop | Contains user-specific contents of the desktop. | Yes | Yes |
| Favorites | Contains user s Internet Explorer favorites. | Yes | No |
| *Local Settings | Contains temporary files and per-user non-roaming application data. It is a container for application settings and data that do not roam with the profile, and cannot be redirected. This information is usually computer-specific, or too large to roam effectively. Application vendors can also opt to store temporary data here, in addition to or instead of in the Application Data folder. | No | No |
| History* | Contains the Internet Explorer history. This is a subfolder under Local Settings. | No | No |
| Temp* | Contains temporary files. A subfolder under Local Settings. | No | No |
| Temporary Internet Files* | Contains the Internet Explorer offline cache. A subfolder under Local Settings. | No | No |
| My Documents (and its subfolders My Pictures, My Music, My Videos) | The default location for documents that the user creates. Applications need to be written to save files here by default. | Yes | Yes |
| NetHood* | Contains shortcuts to My Network Places items. | Yes | No |
| PrintHood* | Contains shortcuts to printer folder items. | Yes | No |
| Recent* | Contains shortcuts to the most recently used documents, such as Most Recently Used (MRU) lists in applications. | Yes | No |
| Send To* | Contains shortcuts to document storage locations and applications. | Yes | No |
| Start Menu | Contains shortcuts to program items. | Yes | Yes |
| Templates* | Contains shortcuts to per-user customized template items, such as templates that a user creates in Microsoft Word or Microsoft Excel. | Yes | No |
| *These folders are hidden by default. | |||
To view hidden folders
In My Computer, on the tools menu, select Tools, then click Folder Options.
Select the View tab, and click Show Hidden Files and Folders.