You probably wouldn’t read this book if you weren’t supporting users, and you know that there are elements of the user’s system that cause the user pain when they are not present. For example, if a user logs on and does not have access to his or her Internet Explorer Favorites, or must reconfigure his or her custom dictionary, or does not see familiar shortcuts or documents on the desktop, the user’s productivity takes an instant plunge, and the help desk gets a call. Each of these examples relate to components of the user profile. Profiles can be configured to enhance their availability, security, and reliability. In this lesson, you will learn how to manage local, roaming, group, and mandatory profiles. After this lesson, you will be able to ■ Understand the application of local and roaming user profiles ■ Configure a roaming user profile ■ Create a preconfigured roaming user or group profile ■ Configure a mandatory profile Estimated lesson time: 15 minutes
A user profile is a collection of folders and data files that contain the elements of your desktop environment that make it uniquely yours. Settings include:
■ Shortcuts in your Start menu, on your desktop, and in your Quick Launch bar
■ Documents on your desktop and, unless redirection is configured, in your My Documents folder Tip The properties of the My Documents folder, and the Folder Redirection policies in group policy, enable you to redirect My Documents so that it targets a network folder. This best practice allows the contents of a user’s My Documents folder to be stored on a server, where they can be backed up, scanned for viruses, and made available to users throughout the organization, should they utilize a system other than their normal desktop. My Documents can also be made available offline, so that users have access to their files even when users are not connected to the network. ■ Internet Explorer favorites and cookies ■ Certificates (if implemented)
Lesson 3 Managing User Profiles 3-29 ■ Application specific files, such as the Microsoft Office custom user dictionary, user templates, and autocomplete list
■ My Network Places
■ Desktop display settings, such as appearance, wallpaper, and screensaver
These important elements are specific to each user. It is desirable that they are consistent between logons, available should the user need to log on to another system, and resilient in the event that the user’s system fails and must be reinstalled.
Local User Profiles
By default, user profiles are stored locally on the system in the %Systemdrive% \Documents and Settings\%Username% folder. They operate in the following manner:
■ When a user logs on to a system for the first time, the system creates a profile for the user by copying the Default User profile. The new profile folder is named based on the logon name specified in the user’s initial logon.
■ All changes made to the user’s desktop and software environment are stored in the local user profile. Each user has their individual profiles, so settings are user-specific.
■ The user environment is extended by the All Users profile, which can include shortcuts in the desktop or start menu, network places, and even application data. Elements of the All Users profile are combined with the user’s profile to create the user environment. By default, only users of the Administrators group can modify the All Users profile.
■ The profile is truly local. If a user logs on to another system, the documents and settings that are part of their profile do not follow the user. Instead, the new system behaves as outlined here, generating a new local profile for the user if it is the user’s first time logging on to that system.
Roaming User Profiles
If users work at more than one computer, you can configure roaming user profiles (RUPs) to ensure that their documents and settings are consistent no matter where they log on. RUPs store the profile on a server, which also means that the profiles can be backed up, scanned for viruses, and controlled centrally. Even in environments where users do not roam, RUPs provide resiliency for the important information stored in the profile. If a user’s system fails and must be reinstalled, an RUP will ensure that the user’s environment is identical on the new system to the one on the previous system.
To configure an RUP, create a shared folder on a server. Ideally, the server should be a file server that is frequently backed up.
3-30 Chapter 3 User Accounts Note Be sure to configure share permissions allowing Everyone Full Control. The Windows Server 2003 default share permissions allow Read, which is not sufficient for a roaming pro-file share. ! On the Profile tab of the user’s Properties dialog box, type the Profile Path in the for-mat: \\<server >\<share>\%Username%. The %Username% variable will automatically be replaced with the user’s logon name.
It’s that simple. The next time the user logs on, the system will identify the roaming profile location. Exam Tip Roaming user profiles are nothing more than a shared folder and a path to the user’s profile folder, within that share, entered into the user object’s profile path property. Roaming profiles are not, in any way, a property of a computer object. When the user logs off, the sytem will upload the profile to the profile server. The user can now log on to that system or any other system in the domain, and the documents and settings that are part of the RUP will be applied. Note Windows Server 2003 introduces a new policy: Only Allow Local User Profiles. This policy, linked to an OU containing computer accounts, will prevent roaming profiles from being used on those computers. Instead, users will maintain local profiles. When a user with an RUP logs on to a new system for the first time, the system does not copy its Default User profile. Instead, it downloads the RUP from the network location. When a user logs off, or when a user logs on to a system on which they’ve worked before, the system copies only files that have changed. Roaming Profile Synchronization Unlike previous versions of Microsoft Windows, Windows 2000, Windows XP, and Windows Server 2003 do not upload and download the entire user profile at logoff and logon. Instead, the user profile is synchronized. Only files that have changed are transferred between the local system and the network RUP folder. This means that logon and logoff with RUPs are significantly faster than with earlier Windows versions. Organizations that have not implemented RUPs for fear of their impact on logon and network traffic should reevaluate their configuration in this light.
Lesson 3 Managing User Profiles 3-31 Creating a Preconfigured User Profile
You can create a customized user profile to provide a planned, preconfigured desktop and software environment. This is helpful to achieve the following:
■ Provide a productive work environment with easy access to needed network resources and applications
■ Remove access to unnecessary resources and applications
■ Simplify help desk troubleshooting by enforcing a more straightforward and consistent desktop
No special tools are required to create a preconfigured user profile. Simply log on to a system and modify the desktop and software settings appropriately. It’s a good idea to do this as an account other than your actual user account so that you don’t modify your own profile unnecessarily.
Once you’ve created the profile, log on to the system with administrative credentials. Open System from Control Panel, click the Advanced tab, and then click Settings in the User Profiles frame. Select the profile you created, and then click Copy To. Type the Universal Naming Convention (UNC) path to the profile in the format: \\<server>\<share>\<username>. In the Permitted To Use section, click Change to select the user for whom you’ve configured the profile. This sets the ACL on the profile folder to allow access to that user. Figure 3-5 shows an example. Click OK and the pro-file is copied to the network location. Note You must be a member of the Administrators group to copy a profile. Figure 3-5 Copying a preconfigured user profile to the network Finally, open the properties of the user object and, on the Profile tab, enter the same UNC Profile Path field. Voilà! The next time that user logs on to a domain computer, that profile will be downloaded and will determine his or her user environment.
3-32 Chapter 3 User Accounts Tip Be careful with preconfigured roaming profiles, or any roaming profiles, to pay attention to potential issues related to different hardware on systems to which a user logs on. For example, if desktop shortcuts are arranged assuming XGA (1024×768) resolution, and the user logs on to a system with a display adapter capable of only SVGA (800×600) resolution, some shortcuts may not be visible. Profiles are also not fully cross-platform. A profile designed for Windows 98 will not function properly on a Windows Server 2003 system. You will even encounter inconsistencies when roaming between Windows Server 2003 systems and Windows XP or Windows 2000 Professional.
Creating a Preconfigured Group Profile
Roaming profiles enable you to create a standard desktop environment for multiple users with similar job responsibilities. The process is similar to creating a preconfigured user profile except that the resulting profile is made available to multiple users.
Create a profile using the steps outlined above. When copying the profile to the server, use a path such as: \\<server>\<share>\<group profile name>. You must grant access to all users who will utilize the profile, so, in the Permitted To Use frame, click Change and select a group that includes all the users, or the BUILTIN\USERS group, which includes all domain users. The only users to whom the profile will actually apply are those for which you configure the user object’s profile path.
After copying the profile to the network, you must configure the profile path for the users to whom the profile will apply. Windows Server 2003 simplifies this task, in that you can multiselect users and change the profile path for all users simultaneously. Type the same UNC that you used to copy the profile to the network, for example, \\<server>\<share>\<group profile name>. Tip The profile path is configured as a property of one or more user objects. It is not assigned to a group object. Although the concept is that of a group profile, do not fall into the trap of associating the profile with a group object itself. Finally, because more than one user will be accessing a group profile, you must make a group profile mandatory, as described in the following section.
Configuring a Mandatory Profile
A mandatory profile does not allow users to modify the profile’s environment. More specifically, a mandatory profile does not maintain changes between sessions. There-fore, although a user can make changes, the next time the user logs on, the desktop will look the same as the last time he or she logged on. Changes do not persist.
Lesson 3 Managing User Profiles 3-33 Mandatory profiles can be helpful in situations in which you want to lock down the desktop. They are, in a practical sense, critical when you implement group profiles because you obviously don’t want the changes one user makes to affect the environments of other users.
To configure a profile as mandatory, simply rename a file in the root folder of the pro-file. Interestingly, mandatory profiles are not configured through the application of per-missions. The file you need to rename is Ntuser.dat. It is a hidden file, so you must ensure that you have specified to “Show hidden files and folders” in the Folder Options program in Control Panel, or use attrib from the command-line to remove the Hidden attribute. You may also need to configure Windows Explorer to display file extensions.
Locate the Ntuser.dat file in the profile you wish to make mandatory. Rename the file to Ntuser.man. The profile, whether roaming or local, is now mandatory.
注册－收款工具那么多，为何选择Payoneer？ ｜ 为何申请Payoneer万事达预付卡+欧美日收款银行账号？
Payoneer有卡账户和无卡账户的区别 ｜ Payoneer个人账户注册申请教程 ｜ P卡公司帐户注册教程
Payoneer欧元帐户（虚拟卡） ｜ Payoneer英镑帐户 ｜ Payoneer日元帐户 ｜ 订购实体卡（P卡）
Payoneer卡年费啥时候扣？ ｜ Payoneer卡休眠和激活 ｜ P卡到期后如何更换？ ｜ 如何注销P卡？
官方－Payoneer秉承公正、公开、透明服务 ｜ Payoneer官方最新政策汇总 ｜ 官方客服联系方式
Payoneer官方费用表 ｜ 如何减少Payoneer的手续费？ ｜ 点此免除入账费 ｜ 点此降低提现费
跨境收款服务商拷问篇——Payoneer ｜ Payoneer客户答疑手册（FAQ） ｜ Payoneer手机App
收款－跨境电商/外贸收款方式对比 ｜ Payoneer可以错名收款吗？
Amazon亚马逊卖家设置Payoneer卡收款教程 ｜ Payoneer支持从美国电商平台Newegg收款
CJ联盟设置Payoneer卡收款 ｜ ClickBank联盟设置Payoneer收款 ｜ Amazon联盟设置P卡收款
Payoneer如何从东南亚电商平台Lazada收款 ｜ 如何在Lazada开店？
Payoneer如何从拉美电商平台Linio收款？ ｜ Payoneer绑定非洲电商平台Jumia收款
Payoneer如何从跨境移动电商Wish收款？ ｜ Wish模式正在改变电商格局
Payoneer支持从法国乐天Priceminister收款 ｜ 法国电商平台CDiscount对接Payoneer收款
Payoneer可接受个人与公司信用卡付款（请求付款） ｜ 关于Payoneer卡充值
从PayPal提现到Payoneer卡教程及手续费用 ｜ PayPal无法绑定并转账到Payoneer卡？
提现－从Payoneer卡提现到国内银行账户 ｜ Payoneer无法从Dating联盟收款并限制提现方式
用P卡在中国银行ATM机取款4000元 ｜ 用Payoneer卡在中国建设银行ATM机取款500元