Managing workstation desktops with user profiles

By John Sheesley

Published in TechRepublic's Windows NT Support Professional

System profiles help prevent your users from getting into trouble by inadvertently changing important system files. Microsoft added another nice feature to Windows NT and Windows 9x: user profiles. User profiles give you flexibility to control how the desktop appears on your workstations. In this article, we'll show you what user profiles are and how you can use them to more effectively manage the workstations on your network.

Why do I need user profiles?

Back in the golden days of personal computers, we didn't have to worry about GUIs. Everyone used the same interface—the good old-fashioned C:\> prompt. Maybe you even had a DOS batch-file menu system to start the programs on your workstations. There were no hassles or worries about workstation backgrounds, themes, or icon placement.

Microsoft did away with this simplicity when it introduced Windows 3.0. Now users could customize the appearance of their computers; they could display different backgrounds, use different colors, and organize their programs into program groups. As users discovered this flexibility, they quickly began changing the looks of their workstations to reflect their own tastes.

This anarchy increased with the introduction of Windows 95 and Windows NT 4.0. Microsoft now allowed users to place icons wherever they wanted on their workstations. It also introduced the concept of schemes, which allowed workstations to be completely different in many ways.

You've probably noticed the effects of all this freedom if you've done some work on a workstation that the user had modified heavily. You experience a few seconds of disorientation as you try to locate simple things like My Computer and Network Neighborhood.

If you get confused as a network professional, just think how confused your users become if they share workstations or travel a lot. The same brief disorientation you experience can completely confuse inexperienced users. And picky users may spend valuable time readjusting settings to their tastes.

What are user profiles?

Fortunately, when Microsoft gave users the freedom to design their workstations any way they wanted, it also gave network administrators the ability to control and manage this freedom. Starting with Windows 95, Microsoft created user profiles. User profiles allow you to centrally store the users' desktop preferences in a central location.

Users can customize their workstations any way they want. Changes made by a user are saved to that user's profile. Changes stored in user profiles include:

• Background images

• Start menu programs

• Desktop colors

• Desktop icon placement

• Program groups

• Desktop themes

When the user logs on to the network, the workstation searches for the profile that belongs to the user. When it finds the user's profile, it copies the desktop preferences to the workstation and installs them before the user sees the desktop.

As users travel from workstation to workstation on the network, their desktop preferences follow them. It appears to the user as if all the workstations are identical. All the confusion of different settings on different workstations disappears.

Types of user profiles

User profiles come three different ways: You can have local, roaming, and mandatory user profiles on your workstations. Each kind of profile does and controls the same things. The main differences are where the profiles originate.

Local profiles

As their name suggests, local profiles reside on the workstation. These are profiles that the user creates and stores on the workstation. Unfortunately, users can't access these profiles from other workstations on the network. For a network manager, this limits the local profile's usefulness significantly.

You may find local profiles useful for stand-alone machines that several users share. If several users work on only one machine and don't use any other workstations on your network, you can use local profiles with little worry.

Roaming profiles

As a network administrator, you'll find the roaming profile much more useful. As the name suggests, a roaming profile follows the user around the network from workstation to workstation. From the user's viewpoint, all the workstations on the network are identical—the configuration settings are exactly the way the user left them.

Unlike local profiles, your workstation obtains roaming profiles from the server. After the user logs on to the network—but before the workstation loads any system policies you may have in place and displays the workstation's desktop—the workstation finds the roaming profile from the server. It then copies the profile to the workstation and loads it, displaying the user's preferences.

Because a user profile contains all the user's desktop preferences (including potentially large files, such as high-resolution BMP files for backgrounds), you should be careful where you locate the profiles on your network in relation to the location of your workstations. Don't use network profiles on workstations that are going to pull profiles across slow WAN links. User profiles can range from several hundred kilobytes to several megabytes in size. If users try to load their profiles across slow WAN links, they'll be frustrated by long startup times. To solve this problem, either store your users' local profiles on a remote workstation or place a server at the workstation's remote location to store roaming profiles closer to it.

Mandatory profiles

You can control some of the anarchy that user profiles create by using mandatory profiles on your workstations. Mandatory profiles replace the changes that users make to their user profiles with settings that you want every workstation to have. If a user's setting conflicts with a setting in the mandatory profile, the mandatory profile takes precedence. You can also use mandatory profiles to replace items a user may have deleted from his or her system. Don't get too attached to mandatory user profiles, however—Microsoft is doing away with them in Windows 2000.

How do they work?

User profiles work via a combination of registry settings and data directories. Each location stores different information about the profiles. Profile directories store such things as:

• Application-specific information

• Desktop shortcuts

• Shortcuts to favorites for Internet Explorer

• Network Neighborhood shortcuts

• Start menu items

• Shortcuts to recently used items

• Template items

Microsoft stores other user-profile information in the system registry. When the workstation loads the profile, it places the information in the HKEY_CURRENT_USER subkey. User profile information stored in registry settings includes:

• Control Panel settings

• Explorer settings

• Help bookmarks

• Personal taskbar settings

• Printer settings

• Program groups

When a user logs on to a workstation, the workstation checks its registry to see if the user had previously logged on to the workstation. It does so by searching for the user's logon ID in the

HKEY_LOCAL_MACHINE \Softare \Microsoft \Windows \CurrentVersion \Profile List

key. If the workstation finds the user ID in its registry, it checks for a locally cached copy of the user's profile. It then compares the date of the local version with the one in the user's home directory or in the Profiles directory on the server. The workstation uses the profile with the newest date.

If a profile exists on the server but not locally, the workstation downloads and uses the server's version. If a profile exists locally but not on the server, it uses the local copy. If a location doesn't exist in either place, or if the user has logged on to the machine for the first time, the workstation uses the Default User Profile. When the user logs off the workstation, the workstation saves the profile under the user's ID along with any changes the user made during the session.

Differences between Windows 9x and Windows NT

Microsoft designed user profiles as a part of both Windows 95/98 and Windows NT 4.0. But, as with other things (like system policies), even though the concepts are shared between the operating systems, the implementation on the two operating systems differs in some respects.

User profiles work in the same way in both operating systems. They're made up of a combination of registry settings and directory entries. However, that's where the similarities end.

Because of the underlying architecture of the operating systems, you can't change from one operating system to the other. Microsoft stores the registry settings for Windows NT Workstation and Windows 9x in different files. NT uses the NTUser.dat, NTUser.dat.log, and NTUser.man files. Windows 9x uses the User.dat, User.dao, and User.man files.

Also, workstations using Windows NT store user-profile directory information in different places than Windows 9x workstations. Windows 9x stores user-profile information in the user's home directory. With Windows NT workstations, you can store information in a Profiles directory on the server.

Finally, user profiles are much more limited with Windows 9x workstations than they are with Windows NT workstations. Items Windows NT support that Windows 95 doesn't include:

• All file, shortcut, and directory information. (Windows 9x copies only LNK and PIF files)

• Centrally stored Default User Profiles

• Common groups

• The Application Data directory

These variations can cause confusion for your users if they use workstations with different operating systems. Take time to educate your users so they will be aware that they might see differences from workstation to workstation—by doing so, you may reduce the number of support calls you receive.

Creating user profiles in Windows 9x

Creating and using user profiles with Windows 9x workstations is easy. First, choose Settings from the Start menu and click Control Panel. When Control Panel appears, double-click Passwords to open the Password Properties dialog box. To enable user profiles, click Users Can Customize on the User Profiles tab, as shown in Figure A.

Figure A: You can enable user profiles on your Windows 9x workstations via the Password Properties dialog box.

By default, this setting enables local user profiles on your Windows 9x workstations. Your workstation will create separate subdirectories in the \Windows\Profiles subdirectory.

If you want to use network-based roaming profiles, you have to take a few extra steps. First, check to be sure you've installed Microsoft Client for Microsoft Networks on your workstation and that you've made it the Primary Network Logon. To do so, right-click the Network Neighborhood icon on your workstation and select Properties. Add the client, if necessary, and set it to be the primary logon. After you do, restart your workstation; it will first look to your home directory on the network server for your user profile.

Windows 9x looks only in the home directory on the server for profile information. If you haven't created home directories for your users, you need to do so now. To create home directories on your NT server, launch User Manager for Domains.

To set the home directory for an existing user, double-click the user's ID to display the User Properties dialog box. Then click Profiles. To set the home directory for a new user, click Profiles in the New User dialog box. Either way, you'll see the User Environment Profile dialog box, shown in Figure B.

Figure B: You can enter the home directory for the user in the Home Directory text box.

You can either specify a local home directory or map a drive to the home directory that points to a share on your server. For roaming profiles, you should do the latter. Click Connect and select a home drive letter.

Make the home directory something meaningful for your users, such as H for Home or P for Personal. Then, enter the path on your network that points to the share where you want to create the home directory.

After you save the changes, the User Manager may display a prompt telling you that it can't create the directory. Check to be sure the share exists and that you've typed it correctly in the Home Directory text box. You may have to create the share on your own and grant rights to the users manually.

Creating user profiles in Windows NT Workstation

Windows NT Workstation uses local profiles by default. Each user who logs on to the workstation sees the settings chosen and saved from the last session. The tricky part comes when you try to implement roaming profiles for your Windows NT Workstation users.

As you do for Windows 9x workstations, you must first prepare an area on your server where you can store the workstation's profiles. If you want to, you can store user profiles in your user's home directory. Remember that profiles used by Windows 9x workstations aren't interchangeable with ones for Windows NT Workstation. You won't gain any advantages this way by using the home directory, but you may save yourself the worries of setting separate permissions and having to remember where you store things on your network.

Using User Manager for Domains, you can assign a server location for user profiles. You do so in the same dialog box where you created home directories, as we showed you in Figure B. However, this time, rather than entering information in the Home Directory text box, you enter a path to the server in the User Profile Path text box. When you supply a user profile path, the workstation saves a copy of the user's local user profile on both the local workstation and user profile paths you specified.

Conclusion

When your network serves many users and workstations and users sometimes share workstations, individual settings can get confusing. Windows 95 and NT Workstation allow your users to make many changes to their desktops. Fortunately, you can avoid some of this confusion by implementing user profiles. In this article, we've described user profiles and how to deploy them on your network.

John Sheesley is an Editor at TechRepublic. You can reach him at jsheesley@techrepublic.com.

For more information or to subscribe, go to the TechRepublic web site at https://www.techrepublic.com.

We at Microsoft Corporation hope that the information in this work is valuable to you. Your use of the information contained in this work, however, is at your sole risk. All information in this work is provided "as -is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Microsoft Corporation. Microsoft Corporation shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.