Understanding User Profiles Bristol Community

Understanding user profiles bristol community

File Name: Profiles.pdf

File Size: 650.71 KB

File Type: Application/pdf

Last Modified: 11 years

Status: Available

Last checked: 8 days ago!

This Document Has Been Certified by a Professional

100% customizable

Language: English

We recommend downloading this file onto your computer


Understanding User Profiles
A user profile is a set of data that is used to re-create the user’s environment each time a
user logs on. It includes several folders such as Contacts, Cookies, Desktop, Downloads,
Favorites, and more. It also includes user-specific Registry settings. As an example, Bob
could use a Windows 7 system and have it configured with a left-hand mouse, the
Windows 7 Landscapes theme, a weather gadget on his desktop, and several drives
mapped to network shares he uses regularly. Each time Bob logs on, these settings are re-
created from his profile. Sally could use the same computer with a different
Understanding User Profiles 417
user account. She can reconfigure all of these settings, and they will be re-created from her
profile each time she logs on, without affecting the settings for Bob

Windows 7 profiles are stored in the %systemroot%\Users folder by default. The Users
folder includes the standard profiles of any user who has ever logged on to the system and
also the All Users profile and the Default User profile

All Users ​ ​The All Users profile holds settings that affect all users. As an example, when
you install an application, you are often prompted to choose to allow all users access to the
program. When you select All Users, the application modifies the All Users profile, ensuring
the application is available to any user who logs on to the system

Default User ​ ​This profile is used when a user first logs on to a system. Windows 7 will copy
the Default User profile to a new folder named with the user’s logon name. If Bob logs on, a
folder is created named Bob and includes all the data from the Default User profile. This new
profile is used to re-create the same environment for the user each time Bob logs on

There are many differences in how profiles are implemented in Windows
XP and Windows 7. The changes occurred between Windows XP and Win-
dows Vista. For example, in Windows XP the profile was located under
the %systemroot\Documents And Settings\ folder. This was changed to
%systemroot%\Users\ in Windows Vista and Windows 7

If you look in the %systemroot%\Users folder, you won’t see the Default User folder,
but it’s there—it’s just hidden. By default, the only folders that a user will see in the
%systemroot%\Users\ folder are the Public folder and the profile folders of any users who
have logged on. There are many hidden and system-protected folders that don’t show by
default, and you can follow these steps to show them:
1. Launch Windows Explorer and browse to the %systemroot%\Users\ folder

2. Click Organize  Folder And Search Options

3. Select the View tab

4. Select Show Hidden Files And Folders

5. Deselect Hide Protected Operating System Files. When prompted, if you’re sure you
want to display these files, click Yes. Click OK

You will now see the All Users folder, the Default User folder, and some other folders

Standard Profiles
Profiles stored in the %systemroot%\Users\username folder are referred to as local user pro-
files or standard profiles. The profile includes several folders and a Registry hive. Many of
the folders and data are system files and hidden by default

Figure 9.14 shows the user profile with hidden and system files showing

597095c09.indd 417 6/2/10 3:35:06 PM
418 Chapter 9 n Managing Windows 7 in a Domain
F i g u r e 9 .1 4  ​ ​User profile folder
Folders ​ ​The folders hold data and settings needed by the user. These include desktop icons
and shortcuts, links and shortcuts to other folders, startup applications, and more

Registry hive ​ ​The HKEY_CURRENT_USER portion of the Registry holds user-defined settings for
the desktop, applications, printers, and more. These are stored in a file named ntuser.dat

Roaming Profiles
Local user profiles work great if a user logs on to the same system all the time. However,
in some organizations users may frequently log on to different systems. Mapped network
drives, shortcuts on the desktop, and other elements of the user’s profile are often useful if
they’re available to a user no matter where the user logs on. Roaming profiles can be imple-
mented to ensure the same profile is available to a user no matter which computer is used

Figure 9.15 shows how roaming profiles are used. A folder is shared on a server that is
available to the user on the network, and the user’s account is then configured to use this
share for the profile

When the user logs on to a computer, the profile is retrieved from the network share and
copied onto the local computer. If the user makes any changes, these changes are copied up
to the roaming profile on the network share. If a user then moves to a different computer
and logs on, the profile is copied down to the different computer

597095c09.indd 418 6/2/10 3:35:06 PM
Understanding User Profiles 419
F i g u r e 9 .1 5  ​ ​Using roaming profiles in a domain
Roaming profiles can be implemented only in a domain. The two steps used to create a
roaming profile are as follows:
1. Create a share on a server. ​ ​This share needs to be accessible to users using the UNC path
(\\ServerName\ShareName). If more than one user will use this share, the Authenticated
Users group should be granted Full Control. It’s not necessary to create the folder for each
user because this can be created automatically

2. Modify the domain user account. ​ ​The Profile tab of the user account Properties page
includes a Profile Path text box. The UNC path to the share is added here and appended
with the %UserName% variable, giving a full path of \\ServerName\ShareName\%UserName%

When the user logs on, a folder will be created within the share with the appropriate per-
missions for the user to access the folder

Exercise 9.6 demonstrates how to implement roaming profiles

Exercise 9.6
Implementing Roaming Profiles
1. Start the domain controller and log on

2. Create a shared folder to store the user profiles with the following steps:
a. Start Windows Explorer by clicking Start  Computer

b. Double-click the C: drive. Right-click the main Windows pane and click New 
Folder. Name the folder Profiles or another name that matches your company’s

c. Select Share from the Windows Explorer toolbar

d. Type Authenticated Users in the text box, and click Add. (You can also click
Find And Search and use the Active Directory search tool to locate any group.)
Change Reader to Contributor

e. Click Share. Click Done

597095c09.indd 419 6/2/10 3:35:07 PM
420 Chapter 9 n Managing Windows 7 in a Domain
E x e r c i s e 9 . 6    ( c o n t i n u e d )
3. Launch Active Directory Users and Computers by clicking Start  Administrative Tools 
Active Directory Users And Computers

4. Locate a user account. Right-click the user account and click Properties

5. Select the Profile tab. Enter the UNC path to the share in the Profile Path text box, as
shown in the following graphic. For my test bed, I created the Profiles share on DC1,
so the full path is \\DC1\Profiles\%UserName%. Click OK

If you look in the Profiles folder now, you won’t see anything. However, the next time
the user logs on, a folder will be created for the user in the UNC path. Figure 9.16 shows
an example of what this looks like for a user. Notice that since the %UserName% variable was
used, the folder was created using the user name. The V2 indicates to the operating system
that this roaming profile is using the newer format of profiles that was implemented with
Windows Vista

The operating system also configures the NTFS permissions for the folder. The user and
the system both have full control of the folder, but no other users are granted any access to
the data in the folder

597095c09.indd 420 6/2/10 3:35:07 PM
Understanding User Profiles 421
F i g u r e 9 .1 6  ​ ​Roaming profiles created for a user
Mandatory Profiles
A mandatory profile is a roaming profile that is configured as read-only. Users will use this
profile as a roaming profile, but any changes made by the user will not be saved. The primary
reason to create mandatory profiles is so that users have a consistent profile

It is possible for enthusiastic users to modify the standard profile in such a way that it
adversely affects the system. This results in a call to the help desk and troubleshooting by a
technician. Some companies have had one too many of these calls and have decided to use
mandatory profiles to prevent these problems

As a reminder, here’s how the roaming profile works. The user logs on, the profile is
retrieved from the server where it’s stored, and then the profile is copied down to the local
computer. When the user logs off, any changes to the profile are copied back up to the
server where the roaming profile is stored

The only difference between a roaming profile and a mandatory profile is that the
changes are never copied back up to the server when the user logs off. The user can still
make changes to the local profile. However, because these changes aren’t saved to the
server, the next time the user logs on, the mandatory profile will be copied from the server
down to the client, overwriting any changes the user may have made

There are three primary steps involved in creating a mandatory user profile:
1. Create a profile with the desired settings on a Windows 7 system. Copy it to a network

2. Rename ntuser.dat to ntuser.man. This is a hidden system file, so you’ll need to mod-
ify the Windows Explorer view to show hidden files and show system files. The steps to
do this are listed in the “Understanding User Profiles” section in this chapter

3. Configure accounts to use the mandatory roaming user profile. This is similar to
Exercise 9.6, which showed how to create a roaming user profile, except the %username%
variable isn’t used. Instead, all users will use the UNC path of \\ServerName\ShareName

597095c09.indd 421 6/2/10 3:35:07 PM
422 Chapter 9 n Managing Windows 7 in a Domain
You can set the profile path for multiple users at the same time in Active
Directory Users and Computers. Use either the Shift key or the Ctrl key to
select multiple user accounts. After you’ve selected all of the accounts,
right-click one of them, select Properties, and then select the Profile tab, as
shown in Figure 9.17

F i g u r e 9 .17  ​ ​Modifying profiles for multiple users at the same time
It’s also possible to set a mandatory profile for many users using Group Policy. This will
be covered in Chapter 10

Super-Mandatory User Profiles
Windows 7 also supports super-mandatory profiles. A super-mandatory user profile is similar
to a mandatory roaming user profile with one important addition. If network or server prob-
lems prevent the user from downloading the mandatory profile, the user is unable to log on

With a regular mandatory user profile, the user is still able to log on even if the manda-
tory user profile is unavailable. As a reminder, when a roaming profile is used, it copies the
profile to the local system. If a user has previously logged on to a system and has a copy
of the profile on the system, Windows 7 will use this if the share for the roaming profile is

597095c09.indd 422 6/2/10 3:35:07 PM
Understanding User Profiles 423
If you want to ensure that users are not allowed to log on unless the mandatory pro-
file is downloaded, you can configure the profile to be a super-mandatory user profile. A
profile is created as a super-mandatory profile by renaming the profile folder with a .man

You should use super-mandatory user profiles only when the network
is reliable. If network problems prevent users from accessing the share
where the profile is stored, users will be prevented from logging on at all

As a reminder, to create a mandatory roaming profile, the ntuser.dat file (located at the
root of the profile) is renamed to ntuser.man. This may be stored in a network share identi-
fied as \\DC1\Profiles

If you want the profile to be a super-mandatory profile, you could name the share
Profiles.man so that it’s accessed using a UNC path of \\DC1\Profiles.man. In addition
to appending the share with .man, you also need to ensure that the client is configured to
access the share using the full UNC path, including .man (\\DC1\Profiles.man)

Modifying the Default User Profile
If you want new users to have consistent settings that are different from the default, you
can modify the Default User profile. However, this process isn’t as simple as it sounds or as
simple as it was in Windows XP

In Windows XP, you typically followed these steps to modify the default user profile:
1. Create an account and log on. (This creates a profile for this account from the Default
User profile.) You would typically create another administrator account so that you
would have permission to make the changes

2. Modify the desired settings to modify the profile of the account. When all of the set-
tings have been modified, log off

3. Log on with the regular administrator account. Access the Profiles page (from the
Advanced tab of System Properties), and copy the new profile over the top of the
Default User profile

However, this causes problems in Windows 7 (and actually caused some problems in
Windows XP). It is no longer the recommended method and isn’t even possible. Figure 9.18
shows the User Profiles page for a Windows 7 system

If you select any profile except the Default Profile, the Copy To button is disabled. You’re
not able to copy an existing profile over the top of the Default Profile in Windows 7 using
this screen

597095c09.indd 423 6/2/10 3:35:07 PM
424 Chapter 9 n Managing Windows 7 in a Domain
F i g u r e 9 .1 8  ​ ​Viewing user profiles in Windows 7
Instead, the recommended method is to use the Windows System Image Manager tool
(available in the Windows Automated Installation Kit), which was covered in Chapter
1 and the Sysprep tool that was covered in Chapter 2, “Automating the Deployment of
Windows 7.” The overall steps are as follows:
1. Log on with any account that you want to use as the default. The account will need
administrative permissions, and you can use the Administrator account if desired

2. Modify the desired settings to modify the profile of the account

3. Create an unattend.xml file using Windows System Image Manager

4. Add or modify the CopyProfile parameter so that it reads as follows:

This will cause the currently logged-on user settings to be copied to the Default User
profile when Sysprep is run

5. Run Sysprep on the system with the following command:
sysprep.exe /generalize /unattend: unattend.xml
If the unattend.xml file is located in a different directory, you’ll need to include the
full path

597095c09.indd 424 6/2/10 3:35:08 PM
Understanding User Profiles 425
It’s important to realize that even though you are copying the profile set-
tings of the Administrator account, you are not copying the rights and per-
missions. Rights and permissions are not stored in the profile, so copying
the administrator’s profile to the Default User profile does not give all new
users full administrative permissions

If you need to customize the Default User profile, check out Microsoft’s Knowledge Base
article 973289, which provides more in-depth details on these steps. You can find it here:

Configuring Settings with Scripts
It’s also possible to configure many of the settings using scripts. Some basic scripting was
covered in Chapter 3, “Using the Command Prompt and PowerShell.” You can configure
the scripts to run for an individual user within a domain by modifying the properties of the
user account

As an example, imagine that someone within your company created a PowerShell script
that can configure system settings for a Windows 7 computer. You are now asked to ensure
it always runs when a user logs on. You could create a share on a server, place the script
within the share, and then configure the user account

 ​ ​
597095c09.indd 425 6/2/10 3:35:08 PM

418 Chapter 9 N Managing Windows 7 in a Domain Figure 9.14 User profile folder Folders The folders hold data and settings needed by the user. These include desktop icons and shortcuts, …

Download Now

Documemt Updated


Popular Download


Frequently Asked Questions

Who are the alumni of bristol community college?

They are Mark Bokelman, Gail Fredell, Wu Hanyen, Tyler Inman, Christine Kim, Joyce Kutty, Peter Lut ... Bristol Community College is a community unto itself, shared between students, faculty and staff. Our reach also extends to the community at large, and to employers looking to connect with services offered by Bristol.

What makes bristol a great community college?

Our reach also extends to the community at large, and to employers looking to connect with services offered by Bristol. As a community college, Bristol looks to serve each group within this diverse population and provide a positive experience, rooted in our core values. Access the information suited to you below.

How do you understand user behavior?

Thankfully, there are a few ways to make understanding user behavior much easier. Here are 7 essential steps to understanding user behavior and developing a functional, intuitive product. 1. Seek out deliberate, purposeful action People love to think they make deliberate choices. They have a plan and go through with it.