Take your desktop configuration with you
Did you ever have to share a Windows 3.1 computer with another user?
If you did, you probably were involved in a mini-war over whose desktop
configuration would prevail. The scuffle probably included icon and window
arrangement, application filenames and locations, and screen colors. The worst case scenario is using someone else's PC. You never know what you'll find or which folders will contain familiar icons, and frequently you grind your gears while getting oriented.
All that frustration went away with Windows NT. When you log on as a user on NT, you automatically access your personal desktop configuration in the form
of a profile that NT updates specifically for your user ID. As you see in
Table 1, the profile stores the information that defines your working
environment, from windows and icons to control panel settings and application
preferences. With this setup, all computer users have their own profiles, and no
one steps on anyone else's toes.
This article will take you on a tour of user profiles as NT 4.0 implements
them. Along the way, you will learn about the types of profiles, how you create
and manage them, and how they interact.
Types of User Profiles
All NT computers, even isolated ones, support user profiles. Local
profiles let multiple users share the same workstation while letting them
regain their desktop settings when they log on. NT maintains local profiles
automatically, and the software requires little administrative oversight. When
you connect an NT computer to a network, you can establish roaming profiles
and mandatory profiles, both of which are stored on a network server.
Roaming profiles let you do something really cool: You can take your
environment with you. If your computers are connected to a network, they can
share the same profile stored on a network server. No matter which computer you
log on to, you can pull down your profile and work in the warm, fuzzy
environment of your desktop.
Alternatively, administrators can set up mandatory profiles that strictly
conFigure users' desktops. That's just the ticket when you want to establish a
uniform environment for a large number of data entry clerks, or when you want to
reduce support calls because someone has deleted an icon or messed up a setting.
Even after you establish a network profile, NT maintains a profile locally
on the workstation, letting the user establish a familiar desktop when the
network is unavailable. When you log off the network, NT synchronizes your
network and local profiles with copies of the current desktop configuration.
Some people refer to this local profile as a locally cached profile.
User Profile Database Structure
The root folder for local profiles is %SystemRoot%\Profiles. After a newly
created user logs on for the first time, NT creates a profile folder structure
for the user in the %SystemRoot%\Profiles folder. You can store network profiles
in any folder. Screen 1 shows an example of a %SystemRoot%\Profiles folder. NT
assigns users subfolders, named to match the username. Additionally, there are
two special profiles named Default User and All Users, which I'll discuss later.
To show all the contents of a user profile folder, I prepared Screen 1
after configuring Explorer to display hidden files and file extensions. The
various folders in the profile directory store shortcuts and application
preferences that define the user's desktop. Table 2 lists the folders and the
settings stored in each. Be aware that some applications may create additional
subfolders, which NT includes in the user's profile.
When users log on for the first time, they do not yet have a user profile
(unless an Administrator has copied one into the user's profile folder). So
where does a user's initial working environment come from? When a user first
logs on, NT creates a personal profile folder and initializes the user's
environment from the Default Users profile. Consequently, all profiles begin as
a copy of the Default Users profile. When the user logs off, NT stores desktop
changes the user makes in the user's personal profile.
The All Users profile defines settings that NT assigns to all users who log
on locally to this computer and has only two folders: a Desktop folder, which
contains desktop shortcuts that appear for all users, and a Start Menu folder,
which defines common program groups and their shortcuts. Common program groups
and shortcuts are the ones that appear below the line that subdivides entries in
the Start menu. (Under NT 4.0, a common program group is simply a group that is
stored under Profiles\All Users\\Start Menu. NT 3.51 users are familiar
with creating common program groups by declaring the type when the program group
is created.)
The folders in the profile store much of the data that constitutes a user
profile, but a profile includes other personal settings that a user establishes
in the Control Panel. NT stores these settings in the Registry, so you need a
different mechanism to include the settings in the user's profile.
User Profiles and the Registry
While a user is working on an NT computer, NT stores the user's personal
settings in the Registry under the HKEY_CURRENT_USER root key. (For an
informative examination of the Registry see Mark Russinovich, "Inside the
Windows NT Registry," April 1997.) Six root keys anchor the six data trees
that make up the Registry. NT stores nonvolatile Registry data in a series of
hives, a term that describes how Registry data is organized.
Each hive consists of two files: a log file and a data file. NT uses the
log file as a transaction log when users update the data files, and you can use
it to roll back incomplete updates that might corrupt the Registry. The data
file for the HKEY_CURRENT_USER hive is Ntuser.dat, and the transaction log file
is ntuser.dat.LOG. You will find an Ntuser.dat file in each user's profile
directory. You will also find the associated log file, named ntuser.dat.LOG. In
Screen 1, hidden files are visible to show you the Ntuser.dat and ntuser.dat.LOG
files in the example user's profile.
When a user logs on to NT, the data in Ntuser.dat initializes the HKEY_CURRENT_USER
Registry subtree. When the user logs off, Ntuser.dat is updated
from HKEY_CURRENT_USER. This point is important and bears repeating: Ntuser.dat
is updated only when the user logs off. As you will observe later, this behavior
results in a couple of problems where roaming profiles are concerned.
A complete user profile consists of a folder structure in a Profiles folder
with numerous shortcut and other files, and the Ntuser.dat Registry hive file
caps it off. The Ntuser.dat file has a crucial role in determining how profiles
will function once they are stored on the network.
An important point is that some Control Panel settings stored in the
Registry are hardware dependent. An example is video display resolution. Consequently,
only computers with similar hardware characteristics can share
profiles. For instance, you probably would not be comfortable using the same
profile on your 21" desktop monitor and your notebook. If computers will be
sharing profiles, when you design the profiles you must consider the common
capabilities of the workstations that you will use the profiles on.
Moving User Profiles to the Network
Connecting a workstation to the network is a prerequisite to supporting
network profiles, but it isn't the only requirement. First, create a folder on
the server where you will store users' network profiles. Next, create a share
for the profile folder. Finally, conFigure users' accounts with a profile path.
A user's profile folder can be on any network server. You can create one or
more profiles folders. This approach is often the best. Storing profiles for
groups of users lets you distribute profiles across multiple volumes and servers
if necessary. You can store network profiles in the server's profile directory,
%SystemRoot%\Profiles. In this case, users who are authorized to log on
locally to the server will use their network profiles as local profiles. Or you
can store each user's network profile in his or her network home directory, an
approach that is complicated by the need to establish a network share for each
profile directory.
To demonstrate network profiles, let's use a separately created profiles
folder named c:\profiles. After creating the folder, grant the group Everyone
Change (RWXD)(RWXD) permission for the directory. This permission lets users
create and update their profile.
In this example, users share the profile directory with the share name
Profiles$. The $ character is optional, but you can append it to the share name
to prevent it from being advertised through network browsers. Users have no
reason to connect to this share except through the profile mechanism. The $
doesn't provide any real security, but it prevents confusion that users might
have by casually picking the share from a browse list.
The next step is to conFigure the user's account with the profile path. Go
to User Manager for Domains, User Properties, and click on Profile. This step
takes you to the User Environment Profile dialog box, shown in Screen 2. The
universal naming convention (UNC) for the profile path specifies the server,
share, and the name of the user's profile directory (e.g.,
\\nts1\profiles$\Buster).
You can specify the user's profile directory by name, but an alternative is
to use the system variable %Username%. This variable is especially useful if you
are defining profile paths for multiple users, and it lets User Manager for
Domains supply the username for each user account that you're configuring.