User Profiles
A user profile is a collection of folders and data files that contain the elements of your desktop environment that make it uniquely yours. Settings include:
*Shortcuts in your Start menu, on your desktop, and in your Quick Launch bar
*Documents on your desktop and, unless redirection is configured, in your My Documents folder
*Internet Explorer favorites and cookies
*Certificates (if implemented)
*Application specific files, such as the Microsoft Office custom user dictionary, user templates, and auto complete list
*My Network Places
*Desktop display settings, such as appearance, wallpaper, and screensaver
These important elements are specific to each user. It is desirable that they are consistent between logons, available should the user need to log on to another system, and resilient in the event that the user’s system fails and must be reinstalled.
Local User Profiles
By default, user profiles are stored locally on the system in the %Systemdrive% \Documents and Settings\%Username% folder. They operate in the following manner:
*When a user logs on to a system for the first time, the system creates a profile for the user by copying the Default User profile. The new profile folder is named based on the logon name specified in the user’s initial logon.
*All changes made to the user’s desktop and software environment are stored in the local user profile. Each user has their individual profiles, so settings are user-specific.
*The user environment is extended by the All Users profile, which can include shortcuts in the desktop or start menu, network places, and even application data. Elements of the All Users profile are combined with the user’s profile to create the user environment. By default, only users of the Administrators group can modify the All Users profile.
*The profile is truly local. If a user logs on to another system, the documents and settings that are part of their profile do not follow the user. Instead, the new system behaves as outlined here, generating a new local profile for the user if it is the user’s first time logging on to that system.
Roaming User Profiles
If users work at more than one computer, you can configure roaming user profiles (RUPs) to ensure that their documents and settings are consistent no matter where they log on. RUPs store the profile on a server, which also means that the profiles can be backed up, scanned for viruses, and controlled centrally. Even in environments where users do not roam, RUPs provide resiliency for the important information stored in the profile. If a user’s system fails and must be reinstalled, an RUP will ensure that the user’s environment is identical on the new system to the one on the previous system.
To configure an RUP, create a shared folder on a server. Ideally, the server should be a file server that is frequently backed up.
On the Profile tab of the user’s Properties dialog box, type the Profile Path in the format: \\server \share\%Username%. The %Username variable will automatically be replaced with the user’s logon name.
It’s that simple. The next time the user logs on, the system will identify the roaming profile location.
When the user logs off, the sytem will upload the profile to the profile server. The user can now log on to that system or any other system in the domain, and the documents and settings that are part of the RUP will be applied.
When a user with an RUP logs on to a new system for the first time, the system does not copy its Default User profile. Instead, it downloads the RUP from the network location. When a user logs off, or when a user logs on to a system on which they’ve worked before, the system copies only files that have changed.
Creating a Preconfigured User Profile
You can create a customized user profile to provide a planned, preconfigured desktop and software environment. This is helpful to achieve the following:
*Provide a productive work environment with easy access to needed network resources and applications
*Remove access to unnecessary resources and applications
*Simplify help desk troubleshooting by enforcing a more straightforward and consistent desktop
No special tools are required to create a preconfigured user profile. Simply log on to a system and modify the desktop and software settings appropriately. It’s a good idea to do this as an account other than your actual user account so that you don’t modify your own profile unnecessarily.
Once you’ve created the profile, log on to the system with administrative credentials. Open System from Control Panel, click the Advanced tab, and then click Settings in the User Profiles frame. Select the profile you created, and then click Copy To. Type the Universal Naming Convention (UNC) path to the profile in the format: \\server\share\username
Creating a Preconfigured Group Profile
Roaming profiles enable you to create a standard desktop environment for multiple users with similar job responsibilities. The process is similar to creating a preconfigured user profile except that the resulting profile is made available to multiple users.
Create a profile using the steps outlined above. When copying the profile to the server, use a path such as: \\server\share\group profile name.
After copying the profile to the network, you must configure the profile path for the users to whom the profile will apply. Windows Server 2003 simplifies this task, in that you can multiselect users and change the profile path for all users simultaneously. Type the same UNC that you used to copy the profile to the network, for example, \\server\share\group profile name.
Finally, because more than one user will be accessing a group profile, you must make a group profile mandatory, as described in the following section.
Configuring a Mandatory Profile
A mandatory profile does not allow users to modify the profile’s environment. More specifically, a mandatory profile does not maintain changes between sessions. There-fore, although a user can make changes, the next time the user logs on, the desktop will look the same as the last time he or she logged on. Changes do not persist.
Mandatory profiles can be helpful in situations in which you want to lock down the desktop. They are, in a practical sense, critical when you implement group profiles because you obviously don’t want the changes one user makes to affect the environ¬ments of other users.
To configure a profile as mandatory, simply rename a file in the root folder of the pro-file. Interestingly, mandatory profiles are not configured through the application of per-missions. The file you need to rename is Ntuser.dat. It is a hidden file, so you must ensure that you have specified to “Show hidden files and folders” in the Folder Options program in Control Panel, or use attrib from the command-line to remove the Hidden attribute. You may also need to configure Windows Explorer to display file extensions.
Locate the Ntuser.dat file in the profile you wish to make mandatory. Rename the file to Ntuser.man. The profile, whether romaing or local is now mandatory
No comments:
Post a Comment