Previous Page | Next Page

  1. Introduction
  2. Windows 2000 Professional
  3. Windows 2000 Server
  4. Windows 2000 Advanced Server
  5. Windows 2000 Datacenter Server
  6. Application Support
  7. System Operation
  8. Disks and Volumes
  9. Filesystems
  10. Configuration Files
  11. Security
  12. Network Support
  13. Access Management
  14. Processes
  15. AD Structure
  16. AD Objects
  17. AD Object Naming
  18. AD Schema
  19. AD Sites
  20. Domains
  21. AD Functions
  22. AD Replication
  23. DNS
  24. AD Security
  25. AD Installation
  26. AD Configuration
  27. AD Performance
  28. Installation
  29. Installation Options
  30. Unattended Installation
  31. Software Distribution
  32. Remote Installation Service
  33. Language
  34. Accessibility
  35. File Attributes
  36. Shares
  37. Distributed File System
  38. Control Panel
  39. Active Directory Tools
  40. Computer Management Console Tools
  41. MMC Tools
  42. Network Tools
  43. Network Monitor
  44. System Performance Monitoring
  45. Tools
  46. Managing Services
  47. Connections
  48. TCP/IP
  49. DHCP
  50. Printing
  51. Routing
  52. IPSec
  53. ICS
  54. Fault Tolerance
  55. Backup
  56. System Failure
  57. Services
  58. Remote Access
  59. WINS
  60. IIS
  61. Certificate Server
  62. Terminal Services
  63. Web Services
  64. Authentication
  65. Accounts
  66. Permissions
  67. Groups
  68. User Rights and Auditing
  69. Auditing
  70. User Profiles
  71. Policies
  72. Group Policies
  73. Miscellaneous
  74. Terms
  75. Credits

Windows 2000 User Profiles

The user's profile allows the user's environment to be configured. The User Manager administration tool allows user profiles to be modified when "user properties", then "profile" are selected. The user profile contains:

  • Desktop settings - screen colors, wallpaper, screen saver
  • Persistent network and printer connections
  • Mouse settings and cursor settings
  • Recently edited documents.
  • Start-up programs, shortcuts, and personal groups
  • Settings for Windows applications - Notepad, Paint, Windows Explorer, Calculator, Clock, and more.
  • Start menu settings - Programs that can be selected from the start menu.

The user profile settings are saved on disk. They are loaded when the user logs on. There are two profile types:

  • Local profile - Stored in the C:\Documents and Settings\username folder. The profiles file is NTUSER.DAT in the directory called by the user's name. A mandatory profile which discards any changes the user makes to their profile at logoff time, can be implemented by modifying the name of the user profile file from NTUSER.DAT to NTUSER.MAN. The ntuser.ini file is used to set up the user roaming profile components that are not copied to the server. The ntuser.dat.LOG file is used for NTUSER.DAT file recovery in the case of an error. Additional folders in the C:\Documents and Settings\username folder are:
    • Application Data - Refers to data used by application programs that the user may modify when they change a setting in the application.
    • Cookies
    • Desktop - Refers to desktop and briefcase shortcuts.
    • Favorites - Application favorites such as web site favorites on IE and favorite programs.
    • FrontPageTempdir - Only on Windows 2000 Servers for files made by Microsoft FrontPage
    • Local Settings - Settings used by common applications such as IE.
    • My Documents
    • NetHood - Network servers or shared network folder shortcuts.
    • PrintHood - Network printers.
    • Recent - Shortcuts to documents recently used.
    • SendTo - Shortcuts to places where files are copied.
    • Start Menu - The user's start menu and shortcuts.
    • Templates - Application templates.
  • Roaming - Stored on an NT server and downloaded to the computer that the user logs onto. This way the same user's profile can be available on any machine.

Profile Creation

  • For local users - If no user profile exists when the user logs on, the contents of the Default User profile folder are copied to the C:\Documents and Settings\username folder.
  • For domain users - The NETLOGON share on the domain controller is checked for a default user profile. If one does not exist, it copies the contents of the local Default User profile folder to the local computer NETLOGON\username directory.

The default user settings are used to create a new user's profile when the new user logs on the first time. The administrator may modify the contents of the Default User profile directory to change the settings for first time users of the system. The Control Panel, System applet is used to copy user profiles. The "User Profiles" tab is used. The System applet is also used to delete user profiles. Shortcuts may be added to the Default User profile directory using Windows Explorer.

All Users Profile

Administrators may install applications and place shortcuts in the All Users Profile directory. All users will have access to these shortcuts and applications. These applications appear on users' desktops. The All Users Profile is not available on a domain wide basis.

Roaming Profiles

Roaming and local profiles may be mandatory which will not allow the user to modify them. Roaming profiles are profiles that have been placed on a central server. When the user logs onto the domain, the roaming profile is copied to the local computer the user logged on from. If the user makes changes to the profile, they are saved to the local computer and the central server. When the user logs on from another computer the most recent of the local or server stored profile is used. If a user's profile is a mandatory profile and that profile is not available when the user attempts to log on, the logon attempt will fail.

To create a roaming user profile:

  1. Create a shared directory on a domain controller computer or server.
  2. Assign a profile path to the shared directory on domain user accounts. This is done on a domain controller from the "Active Directory Users and Computers" tool.
    1. Click + next to the domain the user is in.
    2. Highlight the Users folder.
    3. Right click the user's account and select properties.
    4. Set the path in the Profile path text window.
    On a local computer the user profile path is set using the Computer Mnangement Dialog box which is activated by right clicking on "My Computer" and selecting "Manage"

If a user is deleted, the user profile should first be deleted by using the "User Profile" tab of the User Manager.

On Windows NT servers, the System Policy Editor is used to control user profile settings. The authenticating domain controller gets system policies from the file WINNT40\SYSTEM32\REPL\IMPORT\SCRIPTS\NTCONFIG.POL. Therefore to have policies replicated to all domain controllers, place the NTCONFIG.POL file in the directory WINNT40\SYSTEM32\REPL\EXPORT\SCRIPTS.

Roaming profiles can be configured between workstations by setting up a user profile in a shared directory that is accessible to all workstations the user will log on from. Then on each workstation, the user will log in from, the UNC path to the profile file must be set. This is done from the User Manager, "select "User Properties" for the user, then "Profile", then enter in the UNC path in the "User Profile Path" text box.