Whenever a user logs on to a computer, a user profile is generated or retrieved. This profile stores important global settings and user data, and it exists physically on disk. The most basic type of profile is a local profile. With a local profile, a user’s global settings and data are stored on the local computer and are available only on that computer. You can also configure accounts so that users have roaming or mandatory profiles.
Both roaming and mandatory profiles allow users to access profiles from a designated server and thereby get their global settings and data from anywhere on the network. The difference between roaming and mandatory profiles is in who can make permanent changes to the user’s settings. With roaming profiles, individual users can modify their own global settings, and these changes are persistent. With mandatory profiles, administrators define a user’s settings and only administrators can change these settings permanently. Users can still change their settings temporarily, however. For example, if Lisa has a mandatory profile, she can log on to a computer and modify the desktop appearance using the Display utility. When Lisa logs off, however, the changes are not saved; the next user of the computer—even if it is Lisa—sees the global settings as set originally in the mandatory profile.
By default, computers running Windows 2000 and later store user profile data locally in a user-specific folder under %SystemDrive%Documents and Settings\%UserName%. The exception is computers that have been upgraded from Windows NT®, which store local profiles under %SystemRoot%Profiles\%UserName% because this is the original profile location under Windows NT. However, any data stored under %SystemDrive%Documents and Settings\%UserName%Local Settings are specific to a particular local computer and do not roam. Thus, you have two categories of data stored in a local user profile: data that can roam and data that cannot roam.
Data that can roam includes the following folders, which are found under the %UserName% folder:
Application Data, which is the per-user data store for applications. The folder path is %SystemDrive%Documents and Settings\%UserName%Application Data.
Cookies, which is used to store browser cookies.
Desktop, which is used to store the desktop configuration and shortcuts.
Favorites, which is used to store browser favorites.
My Documents, which is used to store document files.
My Recent Documents, which is used to store shortcuts to documents opened recently.
NetHood, which is used to store network connections for My Network Places.
PrintHood, which is used to store information about network printers.
SendTo, which is used to store system files that provide the SendTo options.
Start Menu, which is used to store the Start Menu configuration.
Templates, which is used to store document template files.
Data that can’t roam includes the following folders, which are found under the %UserName%Local Settings folder:
The local computer’s Application Data folder, which is the per-computer data store for applications. The folder path is %SystemDrive%Documents and Settings\%UserName%Local SettingsApplication Data.
History, which is used to store the browser history.
Temp, which is used to store temporary program files.
Temporary Internet Files, which is used to store temporary browser files.
The most important aspects of user profiles to understand are where system settings are obtained and how redirection works. User profiles have two key parts:
Global settings. Global settings are loaded from Ntuser.dat (local or roaming profile) or Ntuser.man (mandatory profile) to the HKEY_CURRENT_USER subtree in the registry. These settings define the configuration of the desktop, taskbar, Start menu, Control Panel, and many other aspects of the operating system. You can view the HKEY_CURRENT_USER settings using the Registry Editor, as shown in Figure 7-1. To start the Registry Editor, type regedit at a command prompt or click Start, Run, and then type regedit in the Open box and click OK.
User data. The user’s data is made available through the group of folders within the profile. These folders are accessed by users in a variety of ways and include the Application Data, Cookies, Favorites, Desktop, and My Documents folders discussed previously. The My Documents folder also contains other standard folders such as My Pictures, My Videos, and My Music. Although you can examine a user’s data folders, as shown in Figure 7-2, many of the folders are hidden by default. To view them, you must change the configuration of Windows Explorer. Choose Folder Options from the Tools menu. In the dialog box that opens, click the View tab and then select Show Hidden Files And Folders.
As you can see, many of the visual aspects of a system’s configuration come from the global settings in a user’s profile. These settings, for example, determine the display mode, the available printers, the desktop shortcuts, and much more. Not so obvious is how user data is obtained in conjunction with the user profile, and this is where redirection enters the picture. As shown in Figure 7-2, the Folders view has nodes for Desktop and My Documents. Within My Documents, you’ll find My Music and My Pictures. All of these folders are actually stored in the user profile. Behind the scenes, any time you access the Desktop, My Documents, My Music, or My Pictures folder, Windows seamlessly redirects you to where the related data is actually stored. This is in fact how each user who logs on to a system has a unique desktop, Start menu, and personal folders.
Access to global settings and seamless redirection of personal data folders is what makes it possible to have roaming and mandatory profiles. Group Policy enters the picture by allowing you to take these core user profile features and go a few steps further than would otherwise be possible. Using Group Policy, you can customize the look and feel of Windows to explicitly define available options and settings for the desktop, Start menu, taskbar, Control Panel, and more. These custom settings then override settings in a user’s profile and help to ensure a consistent experience. Through Group Policy, you have more control over user data redirection. The many additional options available provide for central management and storage of user data as well as optimization based on group membership. For example, using Group Policy you can specify that the My Documents folders for members of the SeattleSupport group be stored on SeattleSvr08, while the My Documents folders for members of the ChicagoSupport group be stored on ChicagoSvr03.
The added advantage of redirection is that these redirected folders are accessed in much the same way as network shares: The data contained in the redirected folders actually resides on shared folders on the designated server. When a user accesses a redirected folder, the local computer seamlessly connects the user to the shared folder on the designated server. Thus, although it appears that users can log on anywhere and have access to the data in their personal folders, the actual data has been redirected to a fixed location on the network.
The key benefit here is that redirected folders are no longer moved around with the user’s roaming profile data. This can speed up logon and logoff dramatically. It also makes backing up user data much easier because you have a centralized location for making backups. The key disadvantage has to do with laptops. In the standard configuration, mobile users have access only to their redirected data when they are connected to the network. The way to avoid this problem is to also configure Offline File caching for the share where the user’s data resides.
By default, Windows 2000, Windows XP, and Windows Server 2003 are configured for manual caching of documents for offline use. Users can make files available offline by right-clicking a file in My Documents or another folder and selecting Make Available Offline. A better way to configure Offline Files is to make caching automatic for files that users open from the share. An administrator must make this configuration setting by right-clicking the share and selecting Properties. In the Properties dialog box, you click the Sharing tab and then click Offline Settings. Select All Files And Programs That Users Open From The Share Will Be Automatically Available Offline, and then click OK twice. For more information, see Chapter 37 in Microsoft Windows Server 2003 Inside Out.