Working with User Profiles
|Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.|
from Chapter 5, Windows NT Administrator's Pocket Consultant by William R. Stanek.
The User Environment Profile dialog box allows you to configure a user's network environment. To configure these optional settings, click on the Profile button in the New User, User Properties, or Copy Of dialog boxes.
Figure 5-9 shows the User Environment Profile dialog box. As with the Groups dialog box, the user you are working with is shown at the top. In this dialog box, you can set the following fields:
User Profile Path The path to the user's profile. Profiles provide the environment settings for users. Each time a user logs on to a computer, that user's profile is used to determine desktop and control panel settings, the availability of menu options and applications, and more.Figure 5-9: The User Environment Profile dialog box allows you to create a user profile. Profiles let you configure the network environment for a user.
Logon Script Name The name or path to the user's logon script. Logon scripts are batch files that run whenever a user logs on. You use logon scripts to set commands that should be executed each time a user logs on.
Home Directory The directory the user should use for storing files. Here, you assign a specific directory for the user's files. If the directory is available to the network, the user can access the directory from any computer on the network.
System Environment Variables
System environment variables often come in handy when you are setting up the user's environment, especially when you work with logon scripts. You'll use environment variables to specify path information that can be dynamically assigned. The environment variables you'll use the most are:
%SystemRoot% The base directory for the Windows NT operating system, such as C:\WINNT. Use with the User Environment Profile dialog box and logon scripts.
%UserName% The user account name, such as GIJOE. Use with the User Environment Profile dialog box and logon scripts.
%HomeDrive% The driver letter of the user's home directory, such as C:. Use with logon scripts.
%HomePath% The full path to the user's home directory on the respective home drive, such as \USERS\MKG\GIJOE. Use with logon scripts.
%Processor_Architecture% The processor architecture of the user's computer, such as x86 or ALPHA. Use with logon scripts.
Figure 5-10 shows how you might use environment variables when creating user accounts. Note that by using the %UserName% variable, you allow the system to determine the full path information on a user-by-user basis. If you use this technique, you can use the same path information for multiple users and all the users will have unique settings.
Local, Roaming, and Mandatory Profiles
In Windows NT, every user has a profile. Profiles control startup features for the user's session, the types of programs and applications that are available, the desktop settings, and a lot more. Each computer that a user logs on to has a copy of the user's profile. Because this profile is stored on the computer's hard disk, users who access several computers will have a profile on each computer. Another computer on the network cannot access a locally stored profile, called a local profile, and, as you might expect, this has some drawbacks. For example, if a user logs on to three different workstations, the user could have three very different profiles on each system. As a result, the user may get confused about what network resources are available on a given system.
To solve the problem of multiple profiles and reduce confusion, you may want to create a profile that can be accessed by other computers. This type of profile is called a roaming profile. With a roaming profile, users can access the same profile no matter which computer within the domain they are using. Roaming profiles are server-based and can only be stored on a Windows NT server. When a user with a roaming profile logs on, the profile is downloaded, which creates a local copy on the user's computer. When the user logs off, changes to the profile are updated both on the local copy and on the server.
As an administrator, you can control user profiles or let users control their own profiles. One reason to control profiles is to make sure that all users have a common network configuration, which can reduce the number of environment-related problems.
Profiles controlled by administrators are called mandatory profiles. Users who have a mandatory profile can only make transitory changes to their environment. Here, any changes users make to the local environment are not saved, and the next time they log on they are back to the original profile. The idea is that if users can't permanently modify the network environment, they can't make changes that cause problems. A key drawback to mandatory profiles is that the user can only log on if the profile is accessible. If, for some reason, the server that stores the profile is inaccessible or the profile itself is inaccessible, the user will not be able to log on. On Windows NT Workstation the user will receive a warning message and will be logged into the local Windows NT workstation using the workstation's cached profile.
Creating Local Profiles
The User Profile Path field in the User Environment Profile dialog box is used to set the location of user profiles. On Windows NT 4.0, user profiles are maintained in a directory. By default, this directory is located at %SystemRoot%\Profiles\%UserName% where %SystemRoot% is the root directory for the system, such as C:\WINNT, and %UserName% is the user name, such as wrstanek. If you do not change the default location, the user will have a local profile.
Creating Roaming Profiles
Roaming profiles are stored on Windows NT servers. If you want a user to have a roaming profile, you must set a server-based location for the profile directory by doing the following:
Create a shared directory on a Windows NT server and make sure that the group Everyone has access to it.
Enter the path to the shared directory in the User Profile Path field. The path should have the form \\server name\profile folder name\user name. An example is \\ZETA\USERPROFILES\GIJOE where ZETA is the server name, USERPROFILES is the shared directory, and GIJOE is the user name.
Note: Generally, you do not need to create the profile directory. The directory is created automatically when the user logs on.
As an optional step, you can create a profile for the user or copy an existing profile to the user's profile folder. If you do not create an actual profile for the user, the next time the user logs on, the user will use the default local profile. Any changes the user makes to this profile will be saved when the user logs off. Thus, the next time the user logs in the user can have a personal profile.
Creating a Profile by Hand In some cases, you may want to create the profile by hand. You do this by logging on to the user account, setting up the environment, and then logging out. As you might guess, creating accounts in this manner is time-consuming. A better way to handle account creation is to create a base user account. Here, you create the base user account, set up the account environment, and then use this account as the basis of other accounts.
Copying an Existing Profile to a New User Account If you have a base user account or a user account that you want to use in a similar manner, you can copy an existing profile to the new user account. To do this, you will use the System control panel utility as follows:
Start the System control panel utility and open the User Profile tab.
Select the existing profile you want to copy using the Profiles Stored On This Computer list box (see Figure 5-11, on the following page).
Copy the profile to the new user's account by clicking on the Copy To button. Next, enter the path to the new user's profile directory in the Copy Profile To field (see Figure 5-12, on the following page). For example, if you were creating the profile for our user, GIJOE, you would enter \\ZETA\USERPROFILES\GIJOE.
Now you need to give the user permission to access the profile. Click on the Change button in the Permitted To Use area, then use the Choose User dialog box to grant access to the new user account. By default, the Choose User dialog box only shows the names of group accounts. If you want to grant access to a group the new user is a member of, select this group, then use the Add button to copy the group to the Add Name field. Alternately, to grant access to a specific user, click on the Show Users button. This should add a list of available user accounts to the dialog box. Select the user account, then use the Add button to copy the user name to the Add Name field.Figure 5-11: Select the existing profile you want to copy to the new user account.
Close the Copy To dialog box by clicking OK. Windows NT will then copy the profile to the next location.
Tip If you know the name of the user or group you want to use, you can type this directly into the Add Name field. This will save you time.Figure 5-12: Use the Copy To dialog box to enter the location of the profile directory and to assign access permissions to the user.
Creating Mandatory Profiles
Mandatory profiles are stored on Windows NT servers. If you want a user to have a mandatory profile, you define the profile as follows:
Follow steps 1–3 described in the "Creating Roaming Profiles" section.
Create a mandatory profile by renaming the file %USERNAME%\ NTUSER.DAT as %USERNAME%\Ntuser .MAN. Now when the user logs in the next time, the user will have a mandatory profile.
Note: NTUSER.DAT contains the registry settings for the user. When you change the extension for the file to NTUSER.MAN, you tell Windows NT to create a mandatory profile.
Logon scripts set commands that should be executed each time a user logs on. You can use logon scripts to set the system time, network drive paths, network printers, and more. While you can use logon scripts to execute one-time commands, logon scripts should not be used to set environment variables. Any environment settings used by scripts are not maintained for subsequent user processes. Additionally, logon scripts should not be used to specify applications that should run at startup. You should set startup applications by placing the appropriate shortcuts in the user's Startup folder.
Normally, logon scripts contain Windows NT commands. However, logon scripts can be batch files with the .BAT extension, command files with the .CMD extension, or executable programs with the .EXE extension. One user or many users can use a single logon script, and as the administrator, you control which users use which scripts. As the name implies, logon scripts are accessed when users log on to their accounts. In a Windows NT domain, the location of logon scripts is relative to the server authenticating the logon. On the authenticating server, the default location of logon scripts is %SystemRoot%\System32\REPL\IMPORT\SCRIPTS.
To set the logon script name, you use the Logon Script Name field in the User Environment Profile dialog box. Any directory path information associated with the logon script name is relative to the default path for logon scripts. Because you can set a relative path, you have two ways of setting the logon script name:
Specify only the file name, such as MARKETING.CMD. Here the complete path to the script is %SystemRoot%\System32\REPL\IMPORT\ SCRIPTS\MARKETING.CMD.
Specify a relative path and file name, such as MKG\DOMUSERS.BAT. Here the complete path to the script is %SystemRoot%\System32\ REPL\IMPORT\SCRIPTS\MKG\DOMUSERS.BAT.
Tip In a Windows NT domain, domain controllers are responsible for authenticating log on. Using the directory Replicator service, you can replicate the SCRIPTS directory on the primary domain controller on the backup domain controllers. In this way, logon scripts should be available throughout the domain.
Creating logon scripts is easier than you might think, especially when you use the Windows NT command language. Just about any command you can type into a command prompt can be set to run in a logon script. The most common tasks you'll want logon scripts to handle are to set the default printers and network paths for users. You can set this information with the NET USE command. The following net use commands define a network printer and a network drive:
net use lpt1: \\zeta\deskjet net use g: \\gamma\corp\files
If these commands were in the user's logon script, the user would have a network printer on LPT1 and a network drive on G:.
Assigning Home Directories
Windows NT lets you assign a home directory for each user account. Users can use this directory to store and retrieve their personal files. Many applications use the home directory as the default for File Open and Save As operations, which helps users find their resources easily. The command prompt also uses the home directory as the initial current directory.
Home directories can be located on a user's local hard disk drive or on a shared network drive. On a local drive, the directory is only accessible from a single workstation. On the other hand, shared network drives can be accessed from any computer on the network, which makes for a more versatile user environment.
Note: Although users can share home directories, this isn't a good idea. You'll usually want to provide each user with a unique home directory.
You do not need to create the user's home directory ahead of time. User Manager automatically creates the directory for you. But if there's a problem creating the directory, User Manager will instruct you to create it manually.
To specify a local home directory:
Click on the Local Path radio button, and then enter the path to the home directory in the associated field. Here's an example: C:\Home\ %UserName%
To specify a network home directory:
Click on the Connect radio button, and then select a drive letter for the home directory. For consistency, you should use the same drive letter for all users. Also, be sure to select a drive letter that will not conflict with any currently configured physical or mapped drives. To avoid problems, you may want to use Z: as the drive letter.
Enter the complete path to the home directory using the UNC notation, such as: \\GAMMA\USER_DIRS\%UserName%. You include the server name in the drive path to ensure the user can access the directory from any computer on the network.
Note: If you do not assign a home directory, Windows NT uses the default local home directory. On systems where Windows NT is installed as an upgrade, this directory is \Users\Default. Otherwise, this directory is the root directory.
from Windows NT Administrator's Pocket Consultant by William R. Stanek. Copyright © 1999 Microsoft Corporation.