Roaming Profiles
Q: What is the advantage
of roaming profiles, and are NT 4.0 roaming profiles different from NT 3.51
roaming profiles?
Just as in previous versions of Windows NT, NT 4.0 loads a user profile
each time a user logs on. Many companies set up roaming user profiles because
such a profile lets users have the same profile configuration on any NT 4.0
machine that can access the network.
An NT 3.x user profile is an individual file. This file is a Registry hive.
When the user logs on, this file becomes the HKEY_CURRENT_USER hive.
The new Windows interface allows for greater flexibility. The profile is a
collection of folders and files. The profile path now points to a folder rather
than the single file. The profile folder contains folders and files that make up
the Desktop, Start Menu, Network Neighborhood, and the like.
The ntuser.dat file also resides in the profile folder and represents the
HKEY_CURRENT_USER hive for the currently logged on user. NT 3.x stores the
user profile in the \%SystemRoot%\System32\Config folder. NT 4.0 stores the user
profile in a folder within \%SystemRoot%\Profiles.
When you use roaming profiles, in either NT 3.x or NT 4.0, the system copies
the user profile from the centrally stored location to the location specified as
part of the logon process. When the user logs off, the system copies the user
profile from the location specified, back to the central location.
Q: Are user profiles the
same for Windows 95 and NT 4.0? Do Win95 and NT 4.0 store user profiles in the
same directory path?
Because Win95 and NT 4.0 have a similar user interface (UI), the user
profiles are also similar, but they are not the same. For example, in Win95, the
file that the system copies to the HKEY_CURRENT_USER hive of the Registry is
user.dat. When you configure Win95 for roaming profiles, the central profile is
automatically stored in the home directory path.
Don't configure NT 4.0 to use the home directory path as the central
location for the profile, because at logon, the system caches the entire
contents of the profile path locally. If a user has a lot of data in the home
directory, this configuration will be inefficient.
When Win95 copies the locally cached profile to the central location, it
copies only shortcuts (*.lnk) files. NT 4.0 copies all files. This approach
allows for a more flexible roaming profile. However, future versions of NT will
have an option to copy only shortcuts for roaming profiles.
Q: How can I create a
roaming profile?
To create a roaming profile, follow these steps:
1. Create a folder called profiles on the network and share it with all
users who will store their profiles there. These users must have at least Change
permission access for the profile folder.
2. In User Manager, select the users who will store their profiles on the
network, and press Enter to bring up the user properties. Select Profile and
enter
\\<ServerName\profiles\%username%
in the User Profile Path.
3. If you want to test this procedure immediately, don't forget to
synchronize any Backup Domain Controllers (BDCs) with the Primary Domain
Controller (PDC).
When these users log on, the system will load their user profiles. When they
log off, the system will copy this local profile to the network location
specified in the User Profile Path. The system will create a folder with the
name of the user if this folder does not already exist.
A Word About SecurityQ: I'm worried about the
vulnerability of individual user profiles. Can one user change or copy another
user's centrally stored profile
If you are concerned about a user's ability to change or copy another
user's centrally stored profile, you can do a couple things. Rather than calling
the share to the profile path profiles, you can call it profile$. This approach
hides the share.
Hiding the share is not a problem because users have no reason to know the
central location of their profile. You don't change the permissions on the share
with this approach, but the share won't show up in the browse list.
You can put the profile path on an NTFS partition and set permissions to the
user folders accordingly. Remember each user needs at least Change permission
access to the profile folder.
You can put the profile path on a server that is already secure to the user.
For example, suppose the accounting department has a server that has permissions
already set to let only accounting users access it. This server might make a
good location for those users' centrally stored profiles.
Note that because roaming profiles are stored on a server and cached
locally, you have some redundancy in case you delete or change either copy of
the profile. For up-to-the-minute information on user profile issues, check
Microsoft's Knowledge Base on the Web. Go to http://www.microsoft.com and
select Support; then select Search the Knowledge Base. Search for user profiles.