If you were to ask 10 Windows administrators which part of their infrastructure is the most problematic, I'd wager that at least 5 of them would say user profiles. That number probably goes up to 8 or 9 if we're talking about roaming user profiles. Despite Microsoft's best efforts through the various releases of Windows, this piece of technology is problematic at best. So let's look at how profiles are supposed to work—with a detailed look at what happens when you create a profile and what happens when the system writes that profile to the server. Then we'll see what kinds of things can cause problems with user profiles and how you can try to avoid or correct them.
The User Profile Defined
A user profile is a set of files and folders that stores a user's personal preferences for his or her Windows desktop. For example, any shortcuts that users put on their desktop are part of their user profile, as are the preferences they select in Microsoft Outlook. Everything that's user-specific about Windows or applications running on Windows is stored in the user profile.
User profiles come in three flavors: local, roaming, and mandatory. Every user that logs on to a Windows workstation has a local profile, which by default is stored on Windows Server 2003, Windows XP, or Windows 2000 under the \%systemroot%\documents and settings\%username% folder (e.g., C:\documents and settings\joesmith). On Windows NT 4.0 machines, the local user profile is stored under \%systemroot%\profiles\%username%.
A roaming profile, as the name implies, follows the user to any workstation he or she logs on to. Windows accomplishes this roaming capability by writing the user's local profile to a designated server share each time the user logs off a workstation. If a user's profile doesn't roam, then every workstation that the user logs on to will have a different profile, potentially with different settings. Thus, roaming profiles are most commonly used in environments in which users frequently move from one computer to another and need to maintain all their settings. To make a local profile a roaming profile in Win2K and later, you simply modify the user object for a particular user in Active Directory (AD) to specify a Universal Naming Convention (UNC) path (e.g. \\s3gpo1\profiles\darren) designated as a roaming profile path, as Figure 1, page 20, shows. After you enter the path in the user object, the system writes the user profile to the designated server share at the next user logoff.
The mandatory user profile is a variation of a roaming profile. Mandatory profiles ensure that every user in an environment has the same profile. Mandatory profiles come in two variations—normal and super. A normal mandatory profile prevents users from changing any of their desktop or application preferences but still lets them, for example, put new shortcuts on their desktop or put documents in their My Documents folder. A super mandatory profile prevents users from saving any changes to their profile. Mandatory profiles are typically used in environments that require tight control over the user experience.
Regardless of the profile type, you need to remember one important thing about user profiles: The user always works from the copy of the local profile stored in \%systemroot%\documents and settings\%username% (or %systemroot%\profiles\%username% on NT 4.0). Even if the user has a roaming profile, the workstation downloads this profile from the server, caches it locally in this folder, and stores all changes the user makes to the profile during the logon session in the locally cached copy. The system writes those changes to the roaming profile when the user logs off, but, by default, the locally cached copy remains on the workstation. So, if the user logs back on to that workstation and has changed nothing on the roaming profile, the user will simply work from the locally cached copy without having to download the roaming profile again. I describe the mechanics of this process later in the article.
Under the Hood
Now let's look under the hood of the user profile. I mentioned earlier that the user profile stores the user's preferences and items such as shortcuts. In fact, the location of the user profile in XP and Win2K fittingly describes what a user profile contains—documents and settings. The documents portion of the profile can be any file-based resource that a user can store, including shortcuts, Microsoft Word documents, cached Internet files (e.g., cookies), and application-specific configuration files. If you look at a standard user profile in Windows Explorer, you'll see a directory structure like the one that Figure 2 shows.
As you can see from Figure 2, quite a few folders can store user-specific data within the profile. For example, the My Documents folder is the default location for storing Microsoft Office application documents and is a common place for users to save many other types of documents. The Desktop folder holds the contents of what appears on a user's desktop. If you were to copy an application shortcut into the Desktop folder in a user's profile, that shortcut would appear on his or her desktop. Some of the folders in the user's profile store documents that aren't necessarily visible to the user. The Application Data folder stores application configuration files. For example, Outlook uses this folder to store the layout of the Outlook screen that the user has chosen. Some folders are hidden completely from the user. As you can see by the shaded folder icons in Figure 2, hidden folders such as Application Data and Local Settings aren't meant to be directly accessible to the user by default.
The Settings portion of the user profile is stored in the ntuser.dat file within the structure that Figure 2 shows. If you open a registry editor on a Windows machine and navigate to the HKEY_CURRENT_USER hive, you'll see the ntuser.dat file contents. Ntuser.dat is a registry hive file that loads as HKEY_CURRENT_USER when a user logs on. As a result, Windows writes any changes you make to your user session—such as changing the background wallpaper on your desktop or changing an option in Outlook—to HKEY_CURRENT_USER, which is really ntuser.dat. As an aside, if you ever want to view the contents of another user's ntuser.dat file when the user isn't logged on, you can load this file into the registry as a temporary registry hive by using the load hive feature within regedit.exe (on Windows 2003 or XP) or regedt32.exe (on Win2K).