Hello Readers!

Back in the days of Windows 95, I had a friend who insisted on changing her color scheme to Hot Dog. In case you're not familiar with the colors involved in Hot Dog, think of Ronald McDonald's clown attire - stop sign red, blazing yellow. If my friend's questionable taste in colors had been confined to her own machine, there would have been no problem. And if I had merely been an onlooker, then I probably would have chuckled and never thought about it again. But in this situation the computer was shared, and I was a network admin. The situation lead to an ever-escalating battle of desktop lockdown software and increasingly clever user exploits to defeat that software. Finally, a stern talking to ended the problem.

If we'd had Windows 2000 profiles back then, there would have been no problem at all. Today's article by Brien Posey on profiles offers advice on how to keep everyone on your network content while trimming your IT budget through shared computer systems. Read on to find out how you can put profiles to work on your network. And if one of your users digs up the Hot Dog color scheme, you can smile and get on with more important work.

Enjoy the issue!

Centralized Desktop Administration for Your Ever-changing Network - Click Here

FREE TRIAL!! Desktop Administration - Manage your Windows-based desktops and applications more efficiently, thereby significantly reducing network administration costs.

What’s Included in a Windows 2000 Professional Profile?

Before you can truly appreciate user profiles, you need to have an idea of what features that they include. As I mentioned earlier, profiles are established on a user-by-user basis. This means that when ever users log on to a machine that has access to their profile, the first thing they’ll see is their own individual desktop, complete with their icons, color schemes, wall papers, etc.

Of course, since the desktop is customized, it stands to reason that any customizable Windows Explorer settings are also included in the profile. This means that users are free to add things like a favorites list and mapped network drives without interference from other users. Likewise, as users open documents, Windows maintains separate lists of recently opened documents. These lists are also maintained within the user’s profile so that the user’s privacy isn’t compromised.

Naturally, a user’s privacy can’t be maintained if anyone who sits down at the computer can access the user’s documents. Therefore, each user who has a profile also has a personal My Documents and My Pictures folder. Keep in mind though that just because such folders aren’t readily available for anyone to access other than the intended user, that doesn’t mean that no one else can access the folder. This is because all of the profiles and custom folders are stored in a central area. Suppose for a moment that I had a profile called Brien stored on a local machine. All that a nosey user would have to do in order to access my files would be to navigate to C:Documents and SettingsBrienMy Documents. If you really want to insure total privacy for the users, you’ll have to regulate the permissions for each user’s folders in the same way that you’d secure any other folder. For example, in the situation that I described above, you might set permissions on the Brien folder so that only Brien and the administrator have access.

As you can see, profiles offer users almost as much flexibility as they would have if they owned their own machines. The only difference is that the core system files are still shared by all of the users. For example, if by some freak chance a user figured out how to delete the WINNT directory, the process would affect everyone, regardless of their profile, because the user deleted a shared set of files. Naturally, this process would destroy the operating system, but the same concept holds true for less extreme measures as well.

So how do you know which system files are shared, and which ones are included in the profiles? Profiles include files that relate to the following items (anything else is shared): all user definable settings for Windows Explorer, shortcuts, favorites, mapped network drives, links within My Network Places, anything related to the desktop, application data, user definable application settings, network printer connections, user definable characteristics within the Windows accessories such as Calculator, Notepad, etc., and bookmarks within the Help system.

Before I go on, I’d like to clarify the above list a little. I mentioned that certain configuration options within applications are stored in user profiles. An example of this is Internet Explorer. Internet Explorer maintains a separate set of cookies for each user. Another example is the desktop clock. If a user changes the way that the clock is displayed, the application is smart enough to know that it is only supposed to be displayed that way for one user.

The Three Types of Profiles

As you can see from the information that I’ve given you so far, user profiles are very powerful. However, there are actually three different types of profiles. It’s important to know when to use each type of profile. In the sections that follow, I’ll explain each type of profile along with its limits and capabilities.

Local Profiles

In the examples above, when I discussed the nightmares of not using profiles, I was basically referring to other operating systems such as Windows 98. When a user logs into a Windows 2000 Professional machine, Windows checks to see if the user has an existing profile in the Documents and Settings folder. If no profile exists, Windows automatically creates one for the user. The next time that the user uses the machine, the machine will have remembered all of their settings.

Unfortunately, local profiles are limited to each local machine. In essence, if a user routinely uses 30 different machines, the user will have 30 different profiles. In such a situation, it may make more sense to use roaming profiles.

Roaming Profiles

The idea behind a roaming profile is that as the name suggests, it follows users from PC to PC. No matter where the user logs in, they will always have their own desktop, documents, application settings, etc. Windows 2000 accomplishes this task by storing the profile on the server. The first time that a user logs in on a given PC, the PC copies the user’s profile from the server to the workstation and then deals with the profile as if it were a local profile. During this copy process, the workstation also downloads the user’s documents as well.

The next time that the user comes back to the PC, the login process is much quicker because a “local” profile already exists. However, this profile contains a flag that tells Windows 2000 that the profile is a roaming profile. Because of this, Windows checks the server for updates to the profile and to the user’s documents. This time, the workstation only copies the updated profile settings and documents, not the whole thing. If nothing has changed, nothing has to be copied and the user is logged in instantly.

Mandatory Profiles

A mandatory profile is basically a read only version of a roaming profile. A user can make changes to the machine’s configuration, but the next time that the user logs on, the changes will be gone. Mandatory profiles are useful in situations in which administrators need to maintain high security and strict control over the user’s environments.

Brien Posey has written thousands of technical articles on a variety topics. You can access many of them by signing up for a free membership to Brien's personal Web site at www.brienposey.com. Brien's Web site also contains a forum area where you can post your most difficult technical questions and a live chat area where you can talk directly to the experts!

Originally published at http://www.brienposey.com/working_with_user_profiles_1.htm.