Que.MCSA.MCSE.10070.100270.Exam.Prep.2.Windows.XP.Professional [Electronic resources] نسخه متنی

Configuring and Managing User Profiles and Desktop Settings

Objective:

Configure and manage user profiles and desktop settings.

When a user logs on Chapter 12, and review hardware profiles in Chapter 9.

When Windows XP is connected to a Windows network, a user profile can be configured to roam the network with the user. Because the profile is stored in a file in the Documents and Settings folder on the %systemdrive%, the profile can be configured to be placed on a network drive rather than a local hard disk, and can be made accessible to the user regardless of which computer is being used.

User profiles enable %systemroot%\profiles folder.

Using Roaming and Mandatory Profiles with Active Directory

Roaming and Group Policy object (GPO) that can prevent profile changes from copying back to the server. Another GPO enforces local profiles.

An additional advantage to using Group Policy in conjunction with roaming profiles is that you can prevent users from running applications that you deem to be unacceptable, or allow a user to run only a short list of applications. Even if a user has installed the application and incorporated its data into the user's profile prior to the restriction policy, the GPO prevents the user from running it.

When you use Group Policy together with roaming profiles, you can ensure that a user's Windows XP settings are exactly what you want the user to have. You can create a default user profile that includes the desktop icons, startup applications, documents, Start menu items, and other settings. Then, you can use Group Policy to manage the way that the user interacts with the network, such as preventing access to Control Panel and prohibiting a user from using the Run command. You can even use Group Policy to publish certain applications that the user is allowed to install, and you can redirect users' My Documents and Start menu folders to a network location. When a user logs on to the network the first time, the desktop will be configured with the settings that are appropriate for your organization. If the user makes changes to the profile, those changes are saved. The user can then log on to an entirely different computer the next day and automatically see the environment he configured for himself, plus have immediate access to his personal files, folders, and applications.

The first time a new user logs on to a Windows XP computer that uses local profiles, the following process takes place:

1. Windows XP checks the Registry in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList for a local profile for the user.

2. If the computer is part of a domain, Windows XP checks for a domain default profile in the NETLOGON share of the domain controller. If one exists, the profile is copied from the domain controller. Otherwise, the default profile loads from %systemdrive%\Documents and Settings\Default User.

3. A new folder is created below the %systemdrive%\Documents and Settings folder, and is named the same as the user's account name.

4. The NTuser.dat file is copied from %systemdrive%\Documents and Settings\Default User to %systemdrive%\Documents and Settings\%username%.

5. The %systemdrive%\Documents and Settings\%username%\NTuser.dat file is mapped to the Registry under HKEY_CURRENT_USER.

6. The environment variable %userprofile% is changed to the %systemdrive%\Documents and Settings\%username%\folder location.

7. During all subsequent logons, the NTuser.dat file is opened from %systemdrive%\Documents and Settings\%username% and incorporates any additional entries that are placed in %systemdrive%\Documents and Settings\All Users.

You can change the location in which Windows XP looks for a user's profile. When you do so, you must be logged on to the computer as a member of the Administrators group. Step by Step 10.1 explains the process.

Step by Step: 10.1 Changing a User's Profile Location

1. Right-click My Computer and select Manage.

2. In the tree pane, navigate through Computer Management to System Tools, Local Users and Groups, Users (see Figure 10.1).

3. Right-click a user account and select Properties from the shortcut menu.

4. Click the Profile tab.

5. Type the location of the profile in the Profile Path text box. This should be in the Universal Naming Convention (UNC) format of \\servername\share\Path_To_The_UserProfile.

6. If there is no profile information in the path to the user profile location, the next time the user logs on, the default user profile loads for the user and is copied into the path location. When the user logs off, changes to this default profile are saved in the path.

Transferring Files and Settings Between Computers

Installing, moving, adding, changing, and retiring are the processes that a desktop administrator conducts daily on an organization's network, and reflects the dynamic environment into which Windows XP Professional must fit. This constant movement of PCs around the network and between users demands a way to transfer files and settings from the "old" computer to the "new" computer. In a project that calls for the replacement of a large number of computers, the capability to quickly transfer a user's data from the former computer to the new one is particularly important. The File and Settings Transfer Wizard is the tool available in Windows XP Professional specifically for this purpose.

Using the Files and Settings Transfer Wizard, you can transfer settings for

Outlook Express

Dial-up connections

Internet Explorer

Display options

Folder options

Taskbar configuration options

Specified folders including My Documents, My Pictures, and Favorites

To transfer the settings, both systems should be connected to the network simultaneously. If a network connection is not available, you can use a crossover cable between the two computers' network adapters, a null modem cable between their serial ports, or an infrared link. Step by Step 10.2 details the transfer process.

Step by Step: 10.2 Transferring Files and Settings with the Wizard

1. Click Start, All Programs, Accessories, System Tools, Files and Settings Transfer Wizard. (You can also click Start, Run, type migwiz.exe in the Open text box, and press Enter.)

2. Click Next to bypass the Welcome screen.

3. Select the computer on which you are currently working. For the purposes of this exercise, we selected the New Computer option, as shown in Figure 10.2. Click Next.

Note

Older systems require a wizard disk to use the File and Settings Transfer Wizard When you transfer files and settings from an older Windows computer to Windows XP, you should start the Files and Settings Transfer Wizard on the new computer so that you can create the Wizard Disk you will need for the old computer. If you are transferring between two Windows XP computers, you should first collect the files and settings from the old computer before starting the wizard on the new computer.

4. The resulting screen prompts you to create a Wizard Disk, use the wizard from the Windows XP CD, or to indicate that you don't need a Wizard Disk. If you are transferring between two Windows XP computers, you can simply run the wizard from the old computer the same as you did the new one, so select the final option (I Don't Need the Wizard Disk) and click Next.

5. Go to the old computer and start the Files and Settings Transfer Wizard. If you created a Wizard Disk, take the floppy disk to the old computer and run Fastwiz.exe, which executes the migration process to collect settings.

6. Click Next in the Welcome screen.

7. Select the Old Computer option and click Next.

8. Select Other to save the data to a local drive that is shared on the network. Click Next.

9. Select Both Files and Settings and then select the Let Me Select a Custom List of Files and Settings When I Click Next (For Advanced Users) option. Click Next.

10. You can add specific settings, files, file types, and folders by clicking the appropriate buttons depicted in Figure 10.3. You can also click a setting, file, file type, or folder in the wizard screen and click the Remove button to ensure that it will not be transferred. (You do not have this choice when you apply the settingsonly when you save them.) Make your changes and click Next.

11. After all the data is collected, the wizard displays the final screen. Click Finish.

12. Go back to the new computer. The Where Are the Files and Settings screen, shown in Figure 10.4, asks you to select the type of connection between the two computers. If you are using an infrared port, you should be able to select Direct Cable. If you're using a different connection type, select Other and type the path to the location where you saved the settings from the old computer. Click Next.

13. The wizard connects to the network drive and applies the settings to the new computer. After the settings have transferred, click Finish.

Exam Alert

Menu and folder views The exercises throughout this book discuss how to navigate the menus and folders as they appear in Windows XP by default, rather than the Classic style menus and folders found in earlier Windows graphical user interfaces (GUIs). The 70-270 exam does not test you on your knowledge of the Classic View, except in the cases where you are tested on how to change to Classic View or back to Category View.

You can transfer the following settings:

Control Panel Accessibility, mouse, keyboard, regional settings, sounds and multimedia, network printers, and drives

Interface Command prompt configuration, display properties, and taskbar settings

Applications Internet Explorer, Microsoft Messenger, NetMeeting, Outlook Express, Media Player, and Windows Movie Maker

The wizard, by default, transfers the following folders:

Desktop

Fonts

My Documents

My Pictures

Shared Desktop

Shared Documents

If you have more than 2GB of data, after compression, the wizard's .dat file generates successive files. This should not, however, cause any problems for the transfer process.

If you have transferred files and settings from an older Windows computer to Windows XP, you may not receive all the files and settings that you collected on the old computer. If any file or setting fails to transfer, you see a list showing which could not be restored. The data that may not transfer include device drivers for a device that is not installed on the new Windows XP computer, or network printers that are not available on the network for the new Windows XP computer.

When you conduct an enterprise migration, you will find that the User State Migration Tool (USMT) is able to collect and transfer files and settings. USMT may be preferable to the Files and Settings Transfer Wizard because administrators can tailor specific settings in the USMT, even those in the Registry. USMT functions only on a network with at least one Windows domain.

Implementing Roaming Profiles

Local profiles cause an administrative headache when users roam around the network, and when computers are routinely exchanged throughout the network. For example, if Joe logs on at PC1 and saves a file that holds key information for his job on this desktop, and later on Joe logs on at PC2 because PC1 was replaced with new hardware, he is likely to have a panic attack to discover that his file is missing. Roaming profiles overcome this problem.

Note

Folder redirection helps manage personal data For optimum management of users' personal data on a network, use folder redirection. Folder redirection is found in Group Policy and functions on an Active Directory network. You can select folders, such as My Documents, and redirect them to network locations. When users log on to various workstations around the network, they always have their own data provided to them.

When a user with a roaming profile logs on for the first time, the following process takes place:

1. Windows XP checks for the path to the user's roaming profile.

2. Windows XP accesses the path and looks for the profile. If no profile exists, Windows XP generates a folder for the profile.

3. Windows XP checks for a cached copy of the profile listed in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList. If a local profile is found, and the computer is a member of a domain, Windows XP looks in the domain controller's NETLOGON share for a default profile for the domain. The default domain profile is copied to the local computer folder %systemdrive%\Documents and Settings\%username%. If there is no domain default, Windows XP copies the default local profile to the same location.

4. The NTuser.dat file is mapped to the Registry's HKEY_CURRENT_USER key.

5. Windows XP updates the user's %userprofile% environment variable with the new location of the profile.

6. When the user logs off, the local profile is copied to the network path configured in Windows XP.

7. The next time the user logs on to the same computer, Windows XP opens the locally cached copy of the user's profile and compares it with the copy on the domain server. Windows XP merges the contents of the two profiles.

You can make changes to whether a computer uses local or roaming profiles in Control Panel. To do so, right-click My Computer and select Properties from the shortcut menu. The System Properties dialog box opens. (You can also open this dialog box by double-clicking the System applet in Control Panel under the Performance and Maintenance category.) Click the Advanced tab and then click the Settings button in the User Profiles section, as displayed in Figure 10.5.

After you click Settings, the User Profiles dialog box opens, as shown in Figure 10.6. In this dialog box, you can delete a profile for a user, which is useful when you are moving a computer to a different user. You can copy an existing profile, which is also useful when you want to use the same settings for multiple users of the same computer. Plus, you can click the Change Type button to change the profile from a local profile to a roaming profile or vice versa.

To separate the profiles from other data that is copied across the network (and also to separate it from data that may require stricter permissions), you should designate a subfolder named PROfiles or a similar name that describes its contents. The permissions for this folder should be Full Control for each computer's local Users group. Because the local Users group is automatically made a member of the Domain Users group, you need to apply the permission only once. With the share created and appropriate permissions applied, you next need to apply the profile path to the user account on each affected computer (if using a local account) or on the domain (if using a domain account). It is highly recommended that you use only domain accounts. As stated earlier, the profile is configured in the Computer Management program, under the Local Users and Groups node, under Users. The Properties dialog box of each user account has a Profile tab, and you input the path to the roaming profile in the Profile path box. You also need to change the local profile to a roaming profile in the System applet in Control Panel. To fully configure roaming profiles using Active Directory, follow the process in Step by Step 10.3.

Step by Step: 10.3 Using Active Directory to Configure a Roaming Profile

1. Select a server to contain your Profiles directory. On the server, configure a folder to contain the profiles and share it. You should make this share hidden by naming it with a $ following the share, for example, hidden$. This prevents users from accidentally browsing through personal information.

2. Grant all users Full Control of the folder and the share.

3. Open Active Directory Users and Computers.

4. Navigate to each domain user's User object.

5. Right-click the User object and select Properties.

6. Click the Profile tab.

7. In the Profile path text box, type the share and folder path that you created in step 1, in the format of \\servername\share\folder.

8. After the user logs on for the first time, a subdirectory named after the user account appears in the profile directory. To restrict outside access to private information, you should restrict all users from accessing the profile, other than the user and necessary administrators.

If you have difficulty applying a profile, whether local or roaming, you should first review the Event Viewer Application event log. For roaming profiles, you should verify that the user has the Full Control permission for his own profile directory.

By this point you should be able to discern how to use profiles. Challenge 10.1 provides a scenario that requires these skills.

Challenge

You are the network administrator for Junior Black, a restaurant chain with 250 restaurants connected via Integrated Services Digital Network (ISDN) lines. Each restaurant contains several point-of-sale (POS) computers, a management computer, and a Windows Server 2003 network server. At Junior Black's headquarters, you have four Windows Server 2003 Active Directory domain controllers, 20 Windows Server 2003 member servers, and 1,000 desktop computers and users. A single domain controller and 14 desktop computers are located in a warehouse. All desktop computers and POS computers in every location, except for the warehouse, run Windows XP Professional. The desktop computers in the warehouse run Windows 98.

A problem recently occurred in which settings for the POS computers were accidentally changed, which caused data to be lost regarding the sales made in those restaurants. You have been assigned the task of enforcing a way for those POS computers to automatically load the same settings every time they are booted up, regardless of what settings have been reconfigured by a user.

1. How do you accomplish the task of enforcing standard desktop settings on the POS computers?

2. What type of profile should you use?

3. Your boss informs you that the warehouse desktop computers are all being replaced with brand new Windows XP computers. Many of the warehouse users have special configurations for their particular usage. What do you recommend for configuring the new computers?

4. You run Fastwiz.exe on a Windows 98 computer at the warehouse. The settings are saved in a local folder. You are unable to place both the Windows 98 and Windows XP computers on the network at the same time. How do you move the settings to the new computer?

5. After organizational unit (OU) named All Network Desktops and have a GPO assigned to them. How can you accomplish this?

Try to resolve the problems on your own. If you have difficulty, refer to the following steps:

1. On a correctly configured POS computer, save its NTuser.dat file to a network share. You should then rename the NTuser.dat file to NTuser.man. Finally, you should configure the Active Directory user account to point to the network share that contains this profile.

2. You should use a mandatory profile.

3. You recommend using the Files and Settings Transfer Wizard on the new Windows XP computers to move the desktop settings to the new computers.

4. You run the Files and Settings Transfer Wizard on the Windows XP computer with the two computers connected via a null modem cable, pointing the wizard to the folder on the Windows 98 computer.

5. Third-party manufacturers' software applications that are so specific to the operating system that they cannot be run on both computersvirus checkers being an examplecannot have their configuration settings copied through the Files and Settings Transfer Wizard.

6. Create an OU for the accounting computers that is contained within the All Network Computers OU. The existing GPO will flow down the hierarchy and apply to the subcontainer's contents. You should then create a GPO in the accounting computers' OU for installing Office 2003 and assigning the Windows Installer package to the computers.

Caution

Disk quotas can conflict with roaming profiles Disk quotas can cause problems with user profiles because users tend to save all their documents in the My Documents folder, which is then saved to the profile. You should review any disk quotas that are applied to a roaming profile.

Establishing Mandatory Profiles

A mandatory profile mandatory profile to be used in an organization to be shared by a variety of users or computers, and when a single user moves around a network to use different computers, the profile's graphical presentation should be made to run at a level that all the computers can support. For example, if you have some computers that support a maximum 800x600 resolution, you should not create a profile with a 1024x768 resolution setting because it will not display correctly on some of the computers.

If you need to make changes to a mandatory profile, rename the profile back to NTuser.dat, log on as the user, and configure the computer. When you have completed the changes, you should log off so that the changes are saved to the profile. Then, after logging on as an administrator, you can rename the file as NTuser.man. If this is a profile that should be used by multiple people, you can replace the other users' NTuser.man files with the new version.