23.5 Default Profile for Windows Users | The Official Samba-3 HOWTO and Reference Guide, 2nd Edition

MS Windows 9x/Me and NT4/200x/XP will use a default profile for any user for whom a profile does not already exist. Armed with a knowledge of where the default profile is located on the Windows workstation, and knowing which registry keys effect the path from which the default profile is created, it is possible to modify the default profile to one that has been optimized for the site. This has significant administrative advantages.

23.5.1 MS Windows 9x/Me

To enable default per use profiles in Windows 9x/ME, you can either use the Windows 98 System Policy Editor or change the registry directly.

To enable default per user profiles in Windows 9x/ME, launch the System Policy Editor, then select File -> Open Registry , next click on the Local Computer icon, click on Windows 98 System , select User Profiles , and click on the enable box. Remember to save the registry changes.

To modify the registry directly, launch the Registry Editor ( regedit.exe ) and select the hive HKEY_LOCAL_MACHINE\Network\Logon . Now add a DWORD type key with the name " User Profiles ," to enable user profiles to set the value to 1; to disable user profiles set it to 0.

23.5.1.1 User Profile Handling with Windows 9x/Me

When a user logs on to a Windows 9x/Me machine, the local profile path, HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ProfileList , is checked for an existing entry for that user.

If the user has an entry in this registry location, Windows 9x/Me checks for a locally cached version of the user profile. Windows 9x/Me also checks the user's home directory (or other specified directory if the location has been modified) on the server for the User Profile. If a profile exists in both locations, the newer of the two is used. If the User Profile exists on the server, but does not exist on the local machine, the profile on the server is downloaded and used. If the User Profile only exists on the local machine, that copy is used.

If a User Profile is not found in either location, the Default User Profile from the Windows 9x/Me machine is used and copied to a newly created folder for the logged on user. At log off, any changes that the user made are written to the user's local profile. If the user has a roaming profile, the changes are written to the user's profile on the server.

23.5.2 MS Windows NT4 Workstation

On MS Windows NT4, the default user profile is obtained from the location %System-Root%\Profiles which in a default installation will translate to C:\Windows NT\Profiles . Under this directory on a clean install there will be three (3) directories: Administrator , All Users , and Default User .

The All Users directory contains menu settings that are common across all system users. The Default User directory contains menu entries that are customizable per user depending on the profile settings chosen /created.

When a new user first logs onto an MS Windows NT4 machine, a new profile is created from:

All Users settings.
Default User settings (contains the default NTUser.DAT file).

When a user logs onto an MS Windows NT4 machine that is a member of a Microsoft security domain, the following steps are followed in respect of profile handling:

The users' account information that is obtained during the logon process contains the location of the users' desktop profile. The profile path may be local to the machine or it may be located on a network share. If there exists a profile at the location of the path from the user account, then this profile is copied to the location %SystemRoot%\Profiles\%USERNAME% . This profile then inherits the settings in the All Users profile in the %SystemRoot%\Profiles location.
If the user account has a profile path, but at its location a profile does not exist, then a new profile is created in the %SystemRoot%\Profiles\%USERNAME% directory from reading the Default User profile.
If the NETLOGON share on the authenticating server (logon server) contains a policy file ( NTConfig.POL ), then its contents are applied to the NTUser.DAT which is applied to the HKEY_CURRENT_USER part of the registry.
When the user logs out, if the profile is set to be a roaming profile it will be written out to the location of the profile. The NTuser.DAT file is then recreated from the contents of the HKEY_CURRENT_USER contents. Thus, should there not exist in the NETLOGON share an NTConfig.POL at the next logon, the effect of the previous NTConfig.POL will still be held in the profile. The effect of this is known as tattooing.

MS Windows NT4 profiles may be local or roaming . A local profile will stored in the %SystemRoot%\Profiles\%USERNAME% location. A roaming profile will also remain stored in the same way, unless the following registry key is created as shown:

 HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\Windows NT\CurrentVersion\ winlogon\"DeleteRoamingCache"=dword:0000000

In this case, the local copy (in %SystemRoot%\Profiles\%USERNAME% ) will be deleted on logout.

Under MS Windows NT4, default locations for common resources like My Documents may be redirected to a network share by modifying the following registry keys. These changes may be affected via use of the System Policy Editor. To do so may require that you create your own template extension for the policy editor to allow this to be done through the GUI. Another way to do this is by way of first creating a default user profile, then while logged in as that user, run regedt32 to edit the key settings.

The Registry Hive key that affects the behavior of folders that are part of the default user profile are controlled by entries on Windows NT4 is:

 HKEY_CURRENT_USER \Software \Microsoft \Windows \CurrentVersion \Explorer \User Shell Folders

The above hive key contains a list of automatically managed folders. The default entries are shown in Table 23.1.

Table 23.1. User Shell Folder Registry Keys Default Values

Name	Default Value
AppData	%USERPROFILE%\Application Data
Desktop	%USERPROFILE%\Desktop
Favorites	%USERPROFILE%\Favorites
NetHood	%USERPROFILE%\NetHood
PrintHood	%USERPROFILE%\PrintHood
Programs	%USERPROFILE%\Start Menu\Programs
Recent	%USERPROFILE%\Recent
SendTo	%USERPROFILE%\SendTo
Start Menu	%USERPROFILE%\Start Menu
Startup	%USERPROFILE%\Start Menu\Programs\Startup

The registry key that contains the location of the default profile settings is:

 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ User Shell Folders

The default entries are shown in Table 23.2.

Table 23.2. Defaults of Profile Settings Registry Keys

Common Desktop	%SystemRoot%\Profiles\All Users\Desktop
Common Programs	%SystemRoot%\Profiles\All Users\Programs
Common Start Menu	%SystemRoot%\Profiles\All Users\Start Menu
Common Startup	%SystemRoot%\Profiles\All Users\Start Menu\Programs\Startup

23.5.3 MS Windows 200x/XP

N OTE

MS Windows XP Home Edition does use default per user profiles, but cannot participate in domain security, cannot log onto an NT/ADS-style domain, and thus can obtain the profile only from itself. While there are benefits in doing this, the beauty of those MS Windows clients that can participate in domain logon processes allows the administrator to create a global default profile and enforce it through the use of Group Policy Objects (GPOs).

When a new user first logs onto an MS Windows 200x/XP machine, the default profile is obtained from C:\Documents and Settings\Default User . The administrator can modify or change the contents of this location and MS Windows 200x/XP will gladly use it. This is far from the optimum arrangement since it will involve copying a new default profile to every MS Windows 200x/XP client workstation.

When MS Windows 200x/XP participates in a domain security context, and if the default user profile is not found, then the client will search for a default profile in the NETLOGON share of the authenticating server. In MS Windows parlance, %LOGONSERVER%\NETLOGON\Default User , and if one exists there it will copy this to the workstation to the C:\Documents and Settings\ under the Windows login name of the user.

N OTE

This path translates , in Samba parlance, to the smb.conf [NETLOGON] share. The directory should be created at the root of this share and must be called Default Profile .

If a default profile does not exist in this location, then MS Windows 200x/XP will use the local default profile.

On logging out, the users' desktop profile will be stored to the location specified in the registry settings that pertain to the user. If no specific policies have been created or passed to the client during the login process (as Samba does automatically), then the user's profile will be written to the local machine only under the path C:\Documents and Settings\%USERNAME% .

Those wishing to modify the default behavior can do so through these three methods :

Modify the registry keys on the local machine manually and place the new default profile in the NETLOGON share root. This is not recommended as it is maintenance intensive .
Create an NT4-style NTConfig.POL file that specified this behavior and locate this file in the root of the NETLOGON share along with the new default profile.
Create a GPO that enforces this through Active Directory, and place the new default profile in the NETLOGON share.

The registry hive key that effects the behavior of folders that are part of the default user profile are controlled by entries on Windows 200x/XP is:

 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\

The above hive key contains a list of automatically managed folders. The default entries are shown in Table 23.3

Table 23.3. Defaults of Default User Profile Paths Registry Keys

Name	Default Value
AppData	%USERPROFILE%\Application Data
Cache	%USERPROFILE%\Local Settings\Temporary Internet Files
Cookies	%USERPROFILE%\Cookies
Desktop	%USERPROFILE%\Desktop
Favorites	%USERPROFILE%\Favorites
History	%USERPROFILE%\Local Settings\History
Local AppData	%USERPROFILE%\Local Settings\Application Data
Local Settings	%USERPROFILE%\Local Settings
My Pictures	%USERPROFILE%\My Documents\My Pictures
NetHood	%USERPROFILE%\NetHood
Personal	%USERPROFILE%\My Documents
PrintHood	%USERPROFILE%\PrintHood
Programs	%USERPROFILE%\Start Menu\Programs
Recent	%USERPROFILE%\Recent
SendTo	%USERPROFILE%\SendTo
Start Menu	%USERPROFILE%\Start Menu
Startup	%USERPROFILE%\Start Menu\Programs\Startup
Templates	%USERPROFILE%\Templates

There is also an entry called " Default " that has no value set. The default entry is of type REG_SZ , all the others are of type REG_EXPAND_SZ .

It makes a huge difference to the speed of handling roaming user profiles if all the folders are stored on a dedicated location on a network server. This means that it will not be necessary to write the Outlook PST file over the network for every login and logout.

To set this to a network location, you could use the following examples:

 %LOGONSERVER%\%USERNAME%\Default Folders

This would store the folders in the user's home directory under a directory called Default Folders . You could also use:

 \\  SambaServer\FolderShare  \%USERNAME%

in which case the default folders will be stored in the server named SambaServer in the share called FolderShare under a directory that has the name of the MS Windows user as seen by the Linux/UNIX file system.

Please note that once you have created a default profile share, you MUST migrate a user's profile (default or custom) to it.

MS Windows 200x/XP profiles may be Local or Roaming . A roaming profile will be cached locally unless the following registry key is created:

 HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\Windows NT\CurrentVersion\ winlogon\"DeleteRoamingCache"=dword:00000001

In this case, the local cache copy will be deleted on logout.