Inside User Profiles

If you were to ask 10 Windows administrators which part of their infrastructure is the most problematic, I'd wager that at least 5 of them would say user profiles. That number probably goes up to 8 or 9 if we're talking about roaming user profiles. Despite Microsoft's best efforts through the various releases of Windows, this piece of technology is problematic at best. So let's look at how profiles are supposed to work—with a detailed look at what happens when you create a profile and what happens when the system writes that profile to the server. Then we'll see what kinds of things can cause problems with user profiles and how you can try to avoid or correct them.

The User Profile Defined
A user profile is a set of files and folders that stores a user's personal preferences for his or her Windows desktop. For example, any shortcuts that users put on their desktop are part of their user profile, as are the preferences they select in Microsoft Outlook. Everything that's user-specific about Windows or applications running on Windows is stored in the user profile.

User profiles come in three flavors: local, roaming, and mandatory. Every user that logs on to a Windows workstation has a local profile, which by default is stored on Windows Server 2003, Windows XP, or Windows 2000 under the \%systemroot%\documents and settings\%username% folder (e.g., C:\documents and settings\joesmith). On Windows NT 4.0 machines, the local user profile is stored under \%systemroot%\profiles\%username%.

A roaming profile, as the name implies, follows the user to any workstation he or she logs on to. Windows accomplishes this roaming capability by writing the user's local profile to a designated server share each time the user logs off a workstation. If a user's profile doesn't roam, then every workstation that the user logs on to will have a different profile, potentially with different settings. Thus, roaming profiles are most commonly used in environments in which users frequently move from one computer to another and need to maintain all their settings. To make a local profile a roaming profile in Win2K and later, you simply modify the user object for a particular user in Active Directory (AD) to specify a Universal Naming Convention (UNC) path (e.g. \\s3gpo1\profiles\darren) designated as a roaming profile path, as Figure 1, page 20, shows. After you enter the path in the user object, the system writes the user profile to the designated server share at the next user logoff.

The mandatory user profile is a variation of a roaming profile. Mandatory profiles ensure that every user in an environment has the same profile. Mandatory profiles come in two variations—normal and super. A normal mandatory profile prevents users from changing any of their desktop or application preferences but still lets them, for example, put new shortcuts on their desktop or put documents in their My Documents folder. A super mandatory profile prevents users from saving any changes to their profile. Mandatory profiles are typically used in environments that require tight control over the user experience.

Regardless of the profile type, you need to remember one important thing about user profiles: The user always works from the copy of the local profile stored in \%systemroot%\documents and settings\%username% (or %systemroot%\profiles\%username% on NT 4.0). Even if the user has a roaming profile, the workstation downloads this profile from the server, caches it locally in this folder, and stores all changes the user makes to the profile during the logon session in the locally cached copy. The system writes those changes to the roaming profile when the user logs off, but, by default, the locally cached copy remains on the workstation. So, if the user logs back on to that workstation and has changed nothing on the roaming profile, the user will simply work from the locally cached copy without having to download the roaming profile again. I describe the mechanics of this process later in the article.

Under the Hood
Now let's look under the hood of the user profile. I mentioned earlier that the user profile stores the user's preferences and items such as shortcuts. In fact, the location of the user profile in XP and Win2K fittingly describes what a user profile contains—documents and settings. The documents portion of the profile can be any file-based resource that a user can store, including shortcuts, Microsoft Word documents, cached Internet files (e.g., cookies), and application-specific configuration files. If you look at a standard user profile in Windows Explorer, you'll see a directory structure like the one that Figure 2 shows.

As you can see from Figure 2, quite a few folders can store user-specific data within the profile. For example, the My Documents folder is the default location for storing Microsoft Office application documents and is a common place for users to save many other types of documents. The Desktop folder holds the contents of what appears on a user's desktop. If you were to copy an application shortcut into the Desktop folder in a user's profile, that shortcut would appear on his or her desktop. Some of the folders in the user's profile store documents that aren't necessarily visible to the user. The Application Data folder stores application configuration files. For example, Outlook uses this folder to store the layout of the Outlook screen that the user has chosen. Some folders are hidden completely from the user. As you can see by the shaded folder icons in Figure 2, hidden folders such as Application Data and Local Settings aren't meant to be directly accessible to the user by default.

The Settings portion of the user profile is stored in the ntuser.dat file within the structure that Figure 2 shows. If you open a registry editor on a Windows machine and navigate to the HKEY_CURRENT_USER hive, you'll see the ntuser.dat file contents. Ntuser.dat is a registry hive file that loads as HKEY_CURRENT_USER when a user logs on. As a result, Windows writes any changes you make to your user session—such as changing the background wallpaper on your desktop or changing an option in Outlook—to HKEY_CURRENT_USER, which is really ntuser.dat. As an aside, if you ever want to view the contents of another user's ntuser.dat file when the user isn't logged on, you can load this file into the registry as a temporary registry hive by using the load hive feature within regedit.exe (on Windows 2003 or XP) or regedt32.exe (on Win2K).

Previous [1] 2 3 Next

This is a very good article on user profiles. Thanks for being so clear.

One correction I'd like to suggest is regarding the location of profiles. They are found in %SYSTEMDRIVE% folder, NOT in the %SYSTEMROOT% folder. Minor difference but it could through some people off who are not familiar with environment variables (which I've found to be fairly common).

Also, it would be very helpful if a future article could include troubleshooting as it relates to profiles. I'm amazed at the amount of time spent by experienced techs on "network" or "messaging" issues that are profile specific. It doesn't seem to occur to folks to test functionality with a different profile.

Thanks again.

JC Warren March 03, 2004

Yes, I agree with jc warren, excellent article. However, JC, i believe you meant to say "throw some people off" instead of "through some people off." That might throw a few readers off too.

jyates May 20, 2004

The slow logoff has been an issue in my company. We even went through an ms support issue and they were unable to help us. But I found a little known utility. Its called uph clean. I think this problem started after a windows update but I am not sure. Either way ms wrote a little program that releases your profile and then tells you what was locking it.

http://support.microsoft.com/default.aspx?scid=kb;en-us;837115

Josh May 20, 2004

I do not agree with your description of super mandatory and mandatory. In future article I would like to see this be clearer. I create mandatory profiles as per the normal mandatory but DO NOT see the users favorites or my documents get stored or saved. Just an FYI....

daniel gagnon July 07, 2004

"In Win2K or later, Windows compares the date stamps and timestamps of the files in the local and roaming profiles to determine which ones need to be written on logoff, then writes only those files."

What happens if you want to delete something from your local profile. Will that automatically delete it from your roaming profile. I am experiencing many users getting large profiles. One reason commonly seems to be due to there being recovered documents stored in documents and settings\application data\microsoft word
Should I exclude this from the roaming profile as well? If so I assume that I will need to manually go into each users profile and delete the folder from the server to stop it being copied back down. Thanks

rfraser October 06, 2004 (Article Rating:

)

Really good article. Explains the workings of a profile very well.

Anonymous User October 14, 2004

Do use of mandatory profiles affect IE from installing client certificates on a local PC?

Anonymous User October 15, 2004

i breakdown of the files needed for a roaming profile to work would be a great addition , we know how they are set , where they are saved , but the bare minimal of whats really needed and why

Anonymous User November 23, 2004

Would like to see more about problems with profiles and how to fix them, but still a very good article.

Anonymous User November 30, 2004 (Article Rating:

)

Question: I deleted my main user profile that had all my documents in it. Is there a way to recover deleted user profiles? THanks!

Anonymous User December 03, 2004

See More Comments 1 2 3

You must log on before posting a comment.

If you don't have a username & password, please register now.