Using User Profiles in Windows Server 2003

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

A profile describes the Windows Server 2003 configuration for a specific user, including the user’s environment and preference settings. Profiles typically contain such user-specific information as installed applications, desktop icons, and color options. To plan for user profiles in a Terminal Server environment, choose the solution that is best for your environment, and then plan for the storage of the profiles. For more information about user profiles, see User profiles overview in Help and Support Center for Windows Server 2003. For information about general planning for user profiles, see "Implementing User State Management" in Designing a Managed Environment of this kit.

Unless you plan carefully for the use of user profiles, they tend to grow in size. This is a problem in a Terminal Server environment because user profiles are stored on the terminal server by default. If you have many users accessing the terminal server, the user profile files soon consume a large amount of space on the server hard drive. You should store user data and profiles on a separate drive from the system installation hard drive.

There are three different types of profiles you can use with Terminal Server:

  • Terminal Server–specific profile

  • Windows Server 2003 mandatory roaming profile

  • Windows Server 2003 local profile

When a user logs on to a server running Terminal Server, the server first searches for the Terminal Server–specific profile. If Terminal Server cannot locate this profile, it attempts to load the user Windows Server 2003 roaming profile or Windows Server 2003 local profile.

It is recommended that you plan to use either Terminal Server–specific or roaming user profiles for your Terminal Server users, rather than local profiles, in order to better manage the size of the profiles and optimize the user experience. Terminal Server–specific profiles are recommended in most cases. Consider the following situations when choosing which type of user profile to use with Terminal Server:

  • If you are planning to keep the environment for your Terminal Server users standardized and under tight control, you can use mandatory roaming user profiles to restrict access to certain applications. You can also use mandatory roaming user profiles to assign users profiles that cannot be changed.

  • If you assign roaming user profiles to users who tend to access the terminal server from different computers (for example IT administrators, users who access the application from a kiosk, or users who work in certain task-worker environments), those users can retain their settings regardless of where they log on.

  • If you are using Terminal Server to deliver a consistent desktop to client computers of varying platforms or configurations, you cannot use roaming user profiles unless you can group the different configurations and platforms into different OUs.

  • If you are using Terminal Server in a load-balanced farm, you should plan to use roaming user profiles.

Using Terminal Server–Specific Profiles

Use Terminal Server–specific profiles to present a session to the user that is different from the user’s desktop or to create user profiles optimized to the Terminal Services environment. The following are some of the situations where using Terminal Server–specific profiles might be advantageous:

  • To provide users who are accessing Terminal Server with an environment that is different from the environment on their local computers.

  • To provide a different look and feel for different users on the same terminal server, for example, if you have task workers and a manager on the same server.

  • To better manage the size of user profiles for Terminal Services users who do not have controlled user environments that have been set through assigned or mandatory user profiles. You can use Group Policy to manage the profiles on the server that stores your Terminal Server profiles.

You can configure Terminal Services–specific profile settings for each user by using the following procedure.

To configure Terminal Services–specific profile settings

  1. Open Active Directory Users and Computers.

  2. Right-click the user for which you want to set profile settings, and then click Properties.

  3. Click the Terminal Services profile tab.

You can configure the following Terminal Services–specific profile settings:

  • Terminal Services User Profile path. You can choose a place to store users' Terminal Services profiles other than the default location.

    Note

    • You can also set this through Group Policy under Computer Configuration\Administrative Templates\Windows Components\Terminal Services. For more information, see "Designing the Terminal Server Configuration" later in this chapter.
  • Terminal Services home folder. You can specify a path to a home folder for use with Terminal Server sessions. This directory can be either a local folder or a network share.

For information about setting Terminal Server profiles, see Terminal Services Profile in Help and Support Center for Windows Server 2003.

Using Roaming Mandatory User Profiles

Roaming user profiles allow users to move between different computers and maintain the same environment and preference settings. A roaming mandatory user profile is a preconfigured user profile that you assign to users. Because users cannot change a roaming mandatory profile, using this type of profile ensures that these user profiles remain at a manageable size. Additionally, you can assign one mandatory profile to all users who require identical desktop configurations. This allows you to change the desktop environments for all those users by changing only one profile.

Take the following issues into consideration when planning to use roaming mandatory user profiles with Terminal Server:

  • When planning for the use of profiles for a large number of Terminal Server users, consider using Terminal Server profiles rather than roaming user profiles.

  • If you are combining Folder Redirection and roaming user profiles, it is recommended you not use quotas on the profile.

  • If your users roam between computers that are running Windows XP Professional, Windows XP 64-Bit Edition, Windows Server 2003, and Windows 2000, you can use the Prevent Roaming Profile changes from being propagated to the server Group Policy setting to be sure that each client computer receives only the profile that applies to the particular platform that the user is logged on to. For more information, see "Group Policy in multiplatform networks" in Help and Support Center for Windows Server 2003. To find this topic, click Index in Help and Support Center, type the keywords "Group Policy," and then select the topic "multiplatform networks."

The roaming profile information is stored on the local hard drive of the terminal server. It is recommended that this information be deleted after the user logs off. You can do this by enabling the Delete cached copies of roaming profiles Group Policy setting (in System/User Profiles under User Configuration in the Group Policy Object Editor) and applying the setting to your Terminal Server OU.

Important

  • In order to use roaming profiles on a group of Terminal Services computers, the Terminal Services computers must be identical in application and operating system configuration, such as the location of the systemroot folder and the installation location of all applications. Otherwise, group different configurations into different OUs and administer the roaming profiles separately.

For information about how to set or change a user’s roaming profile path, see Change a user's Terminal Services profile path in Help and Support Center for Windows Server 2003.

Planning for User Profile Storage and Management

Unless you manage user profiles correctly, they can become very large and can cause problems for your Terminal Server users. In order to keep the size of your user profiles for Terminal Server under control, use the Limit profile size Group Policy setting or use mandatory profiles. You can find the Limit profile size Group Policy setting under User Configuration\Administrative Templates\System\User Profiles.

The profile path copies all user profiles to drive C of the terminal server by default. Depending on the number of users accessing your terminal server, this could greatly deplete the free space on this disk. Choose a location on a file or print server that has enough space to store the profiles and that is readily available to Terminal Server users, and then create a Windows Server 2003 share that users can access with read/write permissions. Do not store Terminal Server profiles and users’ primary desktop profiles in the same location. You should store profiles in a different location from user home directories. For information, see "Change a user's Terminal Services profile path" in Help and Support Center for Windows Server 2003.

Increasing Time-out Values for Profiles with Terminal Server

Caution

In a Terminal Server environment, because many users tend to access the terminal server and the profile server at the same time, the server can develop bottlenecks or the network itself can become saturated. This can cause problems with user profiles primarily because a time-out can occur during profile unloading or write back. As a result, changes to the profile are not saved. By increasing the time-out values when you set up Terminal Server, you can reduce the incidence of profile-related issues. You can increase profile time-out values by using the following procedure.

To increase profile time-out values

  1. In the Group Policy Object Editor, navigate to the Maximum retries to unload and update user profile policy, which is located in Computer Configuration/Administrative Templates/System/User Profiles.

  2. Enable this setting and set it to 120.

  3. In the Run dialog box, type regedit, and then click OK.

  4. Locate the following subkey in the registry and select it:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server

  5. On the Edit menu, click Add, and then click DWORD Value.

  6. Add a registry entry named LogoffTimeout with the following settings:

    • Base: Decimal

    • Value: 120 (4 minutes, time-out expressed in 2-second units)

      Note

Do not set this value lower than 3 minutes or higher than 15 minutes.

For more information, see article 299386, "Logoff Process May Not Be Completed Because Time-Out Is Too Slow" in the Microsoft Knowledge Base. To find this article, see the Microsoft Knowledge Base link on the Web Resources page at https://www.microsoft.com/windows/reskits/webresources.