|< Day Day Up >|| |
A profile is an environment specifically customized for a user. The profile contains the desktop and program settings for the user. Every user has a profile, whether the administrator configures one or not, because a default profile is automatically created for each user who logs on to a computer. Profiles offer a number of advantages:
Multiple users can use the same computer, with the settings for each user restored at logon time to the same state as when he or she logged off.
Desktop changes made by one user do not affect any other user.
If user profiles are stored on a server, they can follow users to any computer on the network running Windows Server 2003, Windows XP Professional, Windows 2000, or Windows NT 4.0.
Administrators can also set up mandatory profiles that allow a user to make changes to the desktop while logged on but not to save any of the changes. A mandatory profile always looks exactly the same every time a user logs on. There are three types of profiles:
Local profiles Profiles created on a computer when a user logs on. The profile is specific to a user, local to that computer, and stored on the local computer’s hard disk.
Roaming profiles Profiles created by an administrator and stored on a server. These profiles follow a user to any computer on the network running Windows Server 2003, Windows XP Professional, Windows 2000, or Windows NT 4.0.
Mandatory profiles Roaming profiles that can be changed only by an administrator.
What’s Stored in a Profile?
All profiles start out as a copy of the Default User profile that is installed on every computer running Windows Server 2003, Windows XP Professional, Windows 2000, and Windows NT 4.0. Registry data for Default User is in the Ntuser.dat file contained in the Default User profile. Profiles contain some or all of the following folders:
Application Data Program-specific settings determined by the program manufacturer plus specific user security settings
Cookies Messages sent to a Web browser by a Web server and stored locally to track user information and preferences (not in Windows NT 4.0)
Desktop Desktop files, folders, shortcuts, and the desktop appearance
Favorites Shortcuts to favorite locations, particularly Web sites
Local Settings Application data, History, and Temporary files (not in Windows NT 4.0)
My Documents User documents and My Pictures, which contains user graphics files (not in Windows NT 4.0)
NetHood Shortcuts to My Network Places
PrintHood Shortcuts to items in the Printers folder
My Recent Documents Shortcuts to the most recently accessed folders and files
SendTo Items on the Send To menu
Start Menu Items on the user’s Start menu
Templates Application templates
By default, only the Cookies, Desktop, Favorites, My Documents, and Start Menu folders are visible in Microsoft Windows Explorer. The other folders are hidden; to see them, in Windows Explorer, click the Tool menu, click Folder Options, click the View tab, and select Show Hidden Files And Folders.
Local profiles are created on computers when individual users log on. On a computer with a new installation of Windows Server 2003, Windows XP Professional, or Windows 2000, the user profile is in the Documents And Settings folder.
The first time a user logs on to a computer, a profile folder is generated for the user, and the contents of the Default User folder are copied into it. Any changes made to the desktop by the user are saved in that user’s profile when he or she logs off.
If a user has a local account on the computer as well as a domain account and logs on at different times using both accounts, the user will have two profile folders on the local computer: one for when the user logs on to the domain using the domain user account, and one for when the user logs on locally to the computer. The local profile is shown with the logon name. The domain profile is also shown with the logon name but has the domain name appended to it.
Roaming profiles are a great advantage for users who frequently use more than one computer. A roaming profile is stored on a server and, after the user’s logon attempt is authenticated in the directory service, is copied to the local computer. This allows a user to have the same desktop, application configuration, and local settings at any machine running Windows Server 2003, Windows XP Professional, Windows 2000, or Windows NT 4.0.
Here’s how it works. You assign a location on a server for user profiles and create a folder shared with users who are to have roaming profiles. You type a path to that folder on the Profile page of the user’s account properties. The next time the user logs on to a computer, the profile from the server is downloaded to the local computer. When the user logs off, the profile is saved both locally and in the user profile path location. Specifying the user profile path is all it takes to turn a local profile into a roaming profile, available anywhere in the domain.
When the user logs on again, the profile on the server is compared to the copy on the local computer, and the more recent copy is loaded for the user. If the server isn’t available, the local copy is used. If the server isn’t available and this is the first time the user has logged on to the computer, a user profile is created locally using the Default User profile. When a profile isn’t downloaded to a local computer because of server problems, the roaming profile is not updated when the user logs off.
To set up a roaming profile, you assign a location on a server and complete the following steps:
In Windows Explorer, create a shared folder for the profiles on the server.
In Server Management, open the Properties dialog box for a user account.
On the Profile tab, provide a path to the shared folder, such as \\SBS_server_name\shared_profile_folder\%username%.
Figure 9-11 shows an example of a path for a roaming profile. When you use the variable %username%, the operating system automatically replaces the variable with the user account name.
After you create a shared profile folder on a server and supply a profile path in the user account, a roaming profile is enabled. The user’s configuration of his or her desktop is copied and stored on the server and is available to the user from any computer. Most of the time, though, you don’t want to send your users off to fend for themselves. Life is easier for them, and for you, when users are assigned a customized profile that is already set up with appropriate shortcuts, network connections, and Start menu items. For this, you need to set up customized profiles.
Figure 9-11: Setting a path for a roaming profile.
Creating customized roaming profiles is a simple—albeit multistep—process:
Create a user account that will be used to develop the roaming profile. This is a “dummy” account that will be used just for this purpose.
Log on to the server using the dummy account and create the desktop settings you want, including applications, shortcuts, appearance, network connections, and printers.
Log off the account. Windows Small Business Server creates a user profile on the system root drive in the Documents And Settings folder.
Log on again using an administrator account. Find the accounts that are going to have this customized roaming profile.
Open the Properties dialog box for each account, click the Profile tab, and in the Profile Path box, type \\SBS_server_name\profile_folder \%username%. Click OK.
In Control Panel, open System.
Click the Advanced tab, and then in the User Profiles section, click Settings. Select the dummy account and click Copy To.
In the Copy To dialog box, type the path of the profiles folder on the server, \\SBS_server_name\profile_folder\username. Note that this time you must use the actual name of the roaming profile or the profile will be stored under the name of whoever is logged on.
In the Permitted To Use area, click Change. Give the appropriate permissions for the user to use the profile. Click OK to copy the template profile.
On Mandatory Profiles
If you’re going to all the trouble of assigning customized profiles, perhaps you’d like to make the profiles mandatory. To change a profile into a mandatory profile, you need only rename the hidden file Ntuser.dat to Ntuser.man.
If you don’t see the Ntuser file in the individual’s profiles folder, choose Folder Options from the Tools menu and click the View tab. In Advanced Settings, select Show Hidden Files And Folders.
Mandatory profiles allow the user to change the desktop, but the changes aren’t saved when the user logs off.
Don’t create a mandatory user profile for a group of users unless all the users use computers with the same video hardware, because the profiles won’t work consistently when the hardware isn’t consistent.
Logon scripts can be assigned by profile or through Group Policy. (Group Policy is covered in Chapter 10.) The following steps describe how to assign a script to a profile:
Select Server Management from the Start menu.
In the console tree, click Users. Right-click the user account and choose Properties.
Click the Profile tab and type the name of the logon script in the Logon Script box.
Click OK when you’re finished.
Windows Small Business Server always looks for logon scripts in the same place—on the server at %SystemRoot%\SYSVOL\sysvol\domain_name\scripts. Scripts in this folder can be typed in the Logon Script path by name only. If you use folders inside the Scripts folder, you must show that part of the path in the Logon Script path. Table 9-5 shows some of the environment variables that can be used when creating logon scripts. Logon scripts can also be created in VBScript and JScript.
Letter of the drive containing the user’s home directory on the user’s local workstation
Full path of the user’s home directory
User’s operating system
Processor type on the user’s workstation
Processor level of the user’s workstation
Domain where the user’s account is defined
Account user name
|< Day Day Up >|| |