Managing User ProfilesUser profiles contain settings for the network environment, such as desktop configuration and menu options. Problems with a profile can sometimes prevent a user from logging on. For example, if the display size in the profile isn't available on the system being used, the user might not be able to log on properly. In fact, the user might get nothing but a blank screen. You could reboot the machine, go into Video Graphics Adapter (VGA) mode, and then reset the display manually, but solutions for profile problems aren't always this easy and you might need to update the profile itself. Windows Server 2003 provides several ways to manage user profiles:
Local, Roaming, and Mandatory ProfilesIn Windows Server 2003 every user has a profile. Profiles control startup features for the user's session, the types of programs and applications that are available, the desktop settings, and a lot more. Each computer that a user logs on to has a copy of the user's profile. Because this profile is stored on the computer's hard disk, users who access several computers will have a profile on each of them. Another computer on the network can't access a locally stored profile, called a local profile , and, as you might expect, this has some drawbacks. For example, if a user logs on to three different workstations, the user could have three very different profiles, one on each system. As a result, the user might get confused about what network resources are available on a given system. To solve the problem of multiple profiles and reduce confusion, you might want to create a profile that other computers can access. This type of profile is called a roaming profile . With a roaming profile, users can access the same profile no matter which computer they're using within the domain. Roaming profiles are server-based and can only be stored on a server running Windows Server 2003. When a user with a roaming profile logs on, the profile is downloaded, which creates a local copy on the user's computer. When the user logs off, changes to the profile are updated both on the local copy and on the server.
As an administrator, you can control user profiles or let users control their own profiles. One reason to control profiles yourself is to make sure that all users have a common network configuration, which can reduce the number of environment- related problems. Profiles controlled by administrators are called mandatory profiles . Users who have a mandatory profile can make only transitory changes to their environment. Here, any changes that users make to the local environment aren't saved, and the next time they log on they're back to the original profile. The idea is that if users can't permanently modify the network environment, they can't make changes that cause problems. A key drawback to mandatory profiles is that the user can log on only if the profile is accessible. If, for some reason, the server that stores the profile is inaccessible and a cached profile isn't accessible, the user won't be able to log on. If the server is inaccessible but a cached profile is accessible, the user receives a warning message and is logged on to the local system using the system's cached profile. Creating Local ProfilesIn Windows 2000 or later, user profiles are maintained either in a default directory or in the location set by the Profile Path field in the user's Properties dialog box. The default location for profiles depends on the workstation configuration in the following way:
If you don't change the default location, the user will have a local profile. Creating Roaming ProfilesRoaming profiles are stored on servers running Windows Server 2003. When users log on to multiple computers and use EFS, they'll need a roaming profile to ensure that the certificates necessary to read and work with encrypted files are available on computers other than their primary work computers. If you want a user to have a roaming profile, you must set a server-based location for the profile directory by completing the following steps:
Creating Mandatory ProfilesMandatory profiles are stored on servers running Windows Server 2003. If you want a user to have a mandatory profile, you define the profile as follows :
Note Ntuser.dat contains the registry settings for the user. When you change the extension for the file to Ntuser.man, you tell Windows Server 2003 to create a mandatory profile. Using the System Utility to Manage Local ProfilesTo manage local profiles, you'll need to log on to the user's computer. Afterward, you can use the System utility in the Control Panel to manage local profiles. To view current profile information, start the System utility, click the Advanced tab, and then under User Profiles, click Settings. As shown in Figure 10-8, the User Profiles dialog box displays various information about the profiles stored on the local system. You can use this information to help you manage profiles. The fields have the following meanings:
Note If you delete an account but don't delete the associated profile, you might also see an entry that says Account Deleted or Account Unknown. Don't worry, the profile is still available for copying if you need it, or you can delete the profile here.
Figure 10-8. The User Profiles tab in the System Properties dialog box lets you manage existing local profiles.
Creating a Profile by HandIn some cases you might want to create the profile by hand. You do this by logging on to the user account, setting up the environment, and then logging out. As you might guess, creating accounts in this manner is time-consuming . A better way to handle account creation is to create a base user account. Here, you create the base user account, set up the account environment, and then use this account as the basis of other accounts. Copying an Existing Profile to a New User AccountIf you have a base user account or a user account that you want to use in a similar manner, you can copy an existing profile to the new user account. To do this, you'll use the System Control Panel utility. You do that by completing the following steps:
Copying or Restoring a ProfileWhen you work with workgroups where each computer is managed separately, you'll often have to copy a user's local profile from one computer to another. Copying a profile allows users to maintain environment settings when they use different computers. Of course, in a Windows Server 2003 domain you can use a roaming profile to create a single profile that can be accessed from anywhere within the domain. The problem is that sometimes you might need to copy an existing local profile over the top of a user's roaming profile (when the roaming profile is corrupt) or you might need to copy an existing local profile to a roaming profile in another domain. You can copy an existing profile to a new location by doing the following:
Deleting a Local Profile and Assigning a New OneProfiles are accessed when a user logs on to a computer. Windows Server 2003 uses local profiles for all users who don't have roaming profiles. Generally, local profiles are also used if the local profile has a more recent modification date than the user's roaming profile. Because of this, there are times when you might need to delete a user's local profile. For example, if a user's local profile becomes corrupt, you can delete the profile and assign a new one. Keep in mind that when you delete a local profile that isn't stored anywhere else on the domain, you can't recover the user's original environment settings. To delete a user's local profile, complete the following steps:
Note You can't delete a profile that's in use. If the user is logged on to the local system (the computer you're deleting the profile from), the user will need to log off. In some instances Windows Server 2003 marks profiles as in use when they aren't. This is typically a result of an environment change for the user that hasn't been properly applied. To correct this, you might need to reboot the computer. Now the next time the user logs on, Windows Server 2003 does one of two things. Either the operating system gives the user the default local profile for that system or it retrieves the user's roaming profile stored on another computer. To prevent the use of either of these profiles, you'll need to assign the user a new profile. To do this you can
Changing the Profile TypeWith roaming profiles, the System utility lets you change the profile type on the user's computer. To do this, select the profile and then click Change Type. The options in this dialog box allow you to
Note If these options aren't available, the user's original profile is defined locally. |