Microsoft Certified Professional Developer/Exam 70-290: Managing and Maintaining a Microsoft Windows Server 2003 Environment/Managing User Profiles

A user's profile is a collection of files and settings that determines how things such as the desktop will be displayed when that user logs on. The profile is contained in a single folder that typically shares the name of the associated user account (i.e. the username). Within this folder are several subfolders and files (many of which are hidden) that contain the following:

• Desktop Settings such as Shortcuts, Wallpaper, Theme and Screensaver
• Start Menu and Quick Launch Shortcuts and items in the Send To menu
• Recent Documents list, Favourites and Cookies
• Temporary Internet Files
• Application Settings and Files (e.g. Microsoft Word custom dictionary)
• My Network Places Shortcuts
• Installed Printers
• Certificates
• Documents on the desktop, unless My Documents has been redirected to a network share

There are three types of profile - local, roaming and mandatory. The type determines the scope of the profile (i.e. where that profile is available) and whether permanent changes can be made.

Local Profiles edit

Local profiles are created and stored locally on the computer that the user logs on to, and are only available on that computer. If you log on to a different computer you will have a different profile. By default, local profiles will be stored in the "Documents and Settings" folder on the System Drive. For example, on a stand-alone server a user called "Robert" has a profile stored in "C:\Documents and Settings\Robert\". When Robert logged on to that server for the first time, the "Default User" profile was copied and saved under his username.

• Both Robert and the Local Administrator will have Full Control over C:\Documents and Settings\Robert\

There is a special local profile called All Users which contains settings and shortcuts that apply to all users who log on to that computer. Only Administrators can alter the All Users profile.

Roaming Profiles edit

Roaming profiles will follow users when they log on different computers on the network. These profiles are stored on a network share and are copied across the network to the computer that the user logs on to. Any changes to the profile, such as adding new shortcuts to the desktop, will be copied back to the network share when the user logs off. Roaming profiles are typically stored in a folder that matches the user name, e.g.

\\Server\Share\%UserName%

• May need to explain %UserName%

Mandatory Profiles edit

Mandatory profiles are a special kind of Roaming profile that prevents permanent changes from being made by the user. A user may alter the local copy of the profile while they are logged on, but these changes will not be saved to the server when the user logs off. When the user logs back on the temporary changes they made will have been lost.

Local Profiles edit

The System Properties dialog box allows you to copy and delete local profiles. On the Advanced tab, next to "User Profiles", click the Settings button. The "User Profiles" dialog lists the profiles stored on the local computer. The list includes details of the size, type and last modified date of the profiles.

• Use the Delete button to remove a profile from the computer
• Use the Copy To button to copy a profile, either to the local computer or to a network share. At this stage, you can also specify the users and groups who are allowed to use this profile.
  • This feature can be used to copy a local profile to a server in order to use it as a roaming or mandatory profile. In order to do this you will also need to configure the profile path in the user's account properties so Windows knows where to find the profile.

• Only Administrators can copy profiles

Roaming Profiles edit

Roaming profiles need to be stored in a shared folder on a server so that they can be accessed from any computer the user logs on to. Unless the profiles on the share are all going to be mandatory, the Share Permissions should be set to Everyone - Allow Full Control (remember: Windows Server 2003 sets the default share permissions to Everyone - Allow Read which will prevent the profiles from being saved).

• User accounts must be configured to use roaming or mandatory profiles by putting the UNC path to the shared profile folder in the profile path box. This can be found on the Profile tab of the user account properties.
• If you need to set up multiple user accounts to use roaming or mandatory profiles, you can create a template user and use the %UserName% environment variable in the profile path - this will automatically be replaced with the user name when the template account is copied.

\\ServerName\ProfileShare\%UserName%

• The Only Allow Local User Profiles group policy setting can be used to prevent roaming profiles from being used on certain computers

Mandatory Profiles edit

In order to make a profile mandatory, you must rename the (hidden) ntuser.dat file to ntuser.man. This file can be found in the profile's root folder.