Post on 30-Dec-2015
description
transcript
Windows Server 2003 Administration Webcast Series Part 3:User Profiles
What we will cover:
• Purpose and Use of User Profiles
• Management of User Profiles
• User Profiles Best Practices
Prerequisite Knowledge
Level 100Level 100
• Experience administering Windows Server 2003 Servers
• Experience supporting end-users
• Knowledge of Group Policy concepts
Agenda
• Review
• Local User Profiles
• Roaming User Profiles
• Mandatory User Profiles
ReviewUser Account Management• Differences between Local User accounts
and Domain User accounts
• User Account attributes within Active Directory
• Managing multiple user accounts.
When would you use the local administrator account on a Windows XP workstation?
1. To join a Windows Server 2003 domain.
2. When configuring a new Windows XP installation before joining a domain.
3. To customizing the Windows User Environment.
4. There is no reason to use local user accounts.
ReviewLocal versus Domain User Accounts
ReviewLocal versus Domain User Accounts
When would you use the local administrator account on a Windows XP workstation?
1. To join a Windows Server 2003 domain.
2. When configuring a new Windows XP installation before joining a domain.
3. To customizing the Windows User Environment.
4. There is no reason to use local user accounts.
How are the Local User Accounts and
Domain User Accounts similar?
1. Both are highly flexible within an organization.
2. Both are stored locally on the workstation.
3. Both can store information about the user.
4. Both provide authentication to resources.
ReviewLocal versus Domain User Accounts
ReviewLocal versus Domain User Accounts
How are the Local User Accounts and
Domain User Accounts similar?
1. Both are highly flexible within an organization.
2. Both are stored locally on the workstation.
3. Both can store information about the user.
4. Both provide authentication to resources.
ReviewAdvanced Account Management
Which command will successfully create a new
User Account using the command-line tools?
1. DSADD newuser <DistinguishedName>
2. DSUSER <DistinguishedName>
3. DS ADD user <DistinguishedName>
4. DSADD user <DistinguishedName>
ReviewAdvanced Account Management
Which command will successfully create a new
User Account using the command-line tools?
1. DSADD newuser <DistinguishedName>
2. DSUSER <DistinguishedName>
3. DS ADD user <DistinguishedName>
4. DSADD user <DistinguishedName>
ReviewAdvanced Account Management
Which account properties can be configured
simultaneously on more that one user at a
time using the management console?
1. First Name, Last Name, Company.
2. Enable Account, Computer Restrictions, Title.
3. Logon Hours, Password, Direct Reports.
ReviewAdvanced Account Management
Which account properties can be configured
simultaneously on more that one user at a
time using the management console?
1. First Name, Last Name, Company.
2. Enable Account, Computer Restrictions, Title.
3. Logon Hours, Password, Direct Reports.
Agenda
• Review
• Local User Profiles
• Roaming User Profiles
• Mandatory User Profiles
Local User ProfilesUser Profile Overview
User #1 Profile:Desktop, My Documents, Application Data, Favorites, Start Menu, Templates, History, Cookies, etc.
User #2 Profile:Desktop, My Documents, Application Data, Favorites, Start Menu, Templates, History, Cookies, etc.
User #3 Profile:Desktop, My Documents, Application Data, Favorites, Start Menu, Templates, History, Cookies, etc.
User #1
User #2
User #3
Registry Key
HKEY_CURRENT_USER
AppEvents – Sound files for system events
Console – System colors, font size, and window size settings
Control Panel – Control Panel settings
Environment – Temporary folder locations
Identities – User’s SID informatio
Keyboard Layout – Current active keyboard layout
Printers – User settings for installed printers
Software – Software settings and program-specific information
Application Data
Cookies
Desktop
Favorites
Local Settings
History
My Documents
Send To
Start Menu
Local User ProfilesUser Profile Overview
Local User ProfilesCreating a New Local User Profile
New User
Local User ProfilesCreating a New Local User Profile
New User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfieList
Local User ProfilesCreating a New Local User Profile
Domain Controller NETLOGON ShareNew User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfieList
Local User ProfilesCreating a New Local User Profile
C:\Documents and Settings\Default User
Domain Controller NETLOGON ShareNew User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfieList
Local User ProfilesCreating a New Local User Profile
New User Profile:Desktop, My Documents, Application Data, Favorites, Start Menu, Templates, History, Cookies, etc.
Ntuser.dat mapped to HKEY_CURRENT_USER
C:\Documents and Settings\Default User
Domain Controller NETLOGON ShareNew User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfieList
Local User ProfilesCreating a New Local User Profile
At Log Off, Windows commits the settings contained in registry key HKEY_CURRENT_USER to NTuser.dat
New User Profile:Desktop, My Documents, Application Data, Favorites, Start Menu, Templates, History, Cookies, etc.
Ntuser.dat mapped to HKEY_CURRENT_USER
C:\Documents and Settings\Default User
Domain Controller NETLOGON ShareNew User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfieList
Local User ProfilesLocal User Profiles
Default User ProfileDefault User Profile Profile Location and ContentsProfile Location and Contents Moving Local User ProfilesMoving Local User Profiles
demonstrationdemonstration
By default, where does Windows 2003, XP and
2000 store local user profiles?
1. C:\documents and settings
2. C:\profiles
3. C:\winnt\profiles
4. C:\windows\profiles
ReviewLocal User Profiles
ReviewLocal User Profiles
By default, where does Windows 2003, XP and
2000 store local user profiles?
1. C:\documents and settings
2. C:\profiles
3. C:\winnt\profiles
4. C:\windows\profiles
Where can you find the registry based settings for
the user profile?
1. Ntuser.dat & HKEY_USERS
2. User.man & HKEY_CURRENT_USERS
3. Ntuser.dat & HKEY_CURRENT_USER
4. Ntuser.man & HKEY_USERS
ReviewLocal User Profiles
ReviewLocal User Profiles
Where can you find the registry based settings for
the user profile?
1. Ntuser.dat & HKEY_USERS
2. User.man & HKEY_CURRENT_USERS
3. Ntuser.dat & HKEY_CURRENT_USER
4. Ntuser.man & HKEY_USERS
Where does Windows first look for profile
information when a user logs on?
1. The C:\documents and settings folder
2. The profile list in HKEY_LOCAL_MACHINE
3. The Netlogon share on the Domain Controller
4. The C:\windows\profiles folder
ReviewLocal User Profiles
ReviewLocal User Profiles
Where does Windows first look for profile
information when a user logs on?
1. The C:\documents and settings folder
2. The profile list in HKEY_LOCAL_MACHINE
3. The Netlogon share on the Domain Controller
4. The C:\windows\profiles folder
Agenda
• Review
• Local User Profiles
• Roaming User Profiles
• Mandatory User Profiles
Roaming User ProfilesCreating a New Roaming User Profile
New User
Roaming User ProfilesCreating a New Roaming User Profile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfieList
New User
Roaming User ProfilesCreating a New Roaming User Profile
Domain Controller NETLOGON Share
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfieList
New User
Roaming User ProfilesCreating a New Roaming User Profile
C:\Documents and Settings\Default User
Domain Controller NETLOGON Share
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfieList
New User
Roaming User ProfilesCreating a New Roaming User Profile
New User Profile:Desktop, My Documents, Application Data, Favorites, Start Menu, Templates, History, Cookies, etc.
Ntuser.dat mapped to HKEY_CURRENT_USER
C:\Documents and Settings\Default User
Domain Controller NETLOGON Share
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfieList
New User
Roaming User ProfilesCreating a New Roaming User Profile
Ntuser.dat mapped to HKEY_CURRENT_USER
At Log Off, Windows merges the cached profile with the Profile Share and commits the settings contained in registry key HKEY_CURRENT_USER to NTuser.dat
New User Profile:Desktop, My Documents, Application Data, Favorites, Start Menu, Templates, History, Cookies, etc.
C:\Documents and Settings\Default User
Domain Controller NETLOGON Share
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfieList
New User
Roaming User ProfilesRoaming User Profiles
Creating an Administrative ShareCreating an Administrative Share Configuring Roaming User ProfilesConfiguring Roaming User Profiles Review Roaming User Profile SecurityReview Roaming User Profile Security
demonstrationdemonstration
Does the local Windows client actively work with
the Roaming User Profile located on the network
share?
1. Yes.
2. No.
ReviewRoaming User Profiles
ReviewRoaming User Profiles
Does the local Windows client actively work with
the Roaming User Profile located on the network
share?
1. Yes.
2. No.
Where does Windows check for the default user
profile when configured for Roaming Users
Profiles?
1. C:\Documents and Settings\Default User.
2. \\<Server>\<ProfileShare>\Default User.
3. \\<DomainController>\NETLOGON.
4. Only local profiles copy the default user folder.
ReviewRoaming User Profiles
ReviewRoaming User ProfilesWhere does Windows check for the default user
profile when configured for Roaming Users
Profiles?
1. C:\Documents and Settings\Default User.
2. \\<Server>\<ProfileShare>\Default User.
3. \\<DomainController>\NETLOGON.
4. Only local profiles copy the default user folder.
Agenda
• Review
• Local User Profiles
• Roaming User Profiles
• Mandatory User Profiles
Mandatory User ProfilesOverview of the Mandatory Profile
New User Profile:Desktop, My Documents, Application Data, Favorites, Start Menu, Templates, History, Cookies, etc.
User
\\LON-DC-01\Profiles$\User
C:\Documents and Settings\User
Ntuser.man mapped to HKEY_CURRENT_USER
Rename the ntuser.dat registry hivefile to ntuser.man.
Increase administrative overhead as compared to using Group Policy.
At Log Off, Windows does not commit any changes to the User Profile.
Mandatory User ProfileUser Profiles Best Practices
• Use a local profile for users who never connect over fast links– Mobile dial-up users
• Use roaming profiles for users who log on to multiple computers at once or throughout the work day
• Use Group Policy to provide managed desktop configurations rather than mandatory profiles
Mandatory User ProfileUser Profiles Best Practices cont.
• Use Folder Redirection and Offline files to provide roaming features to the My Documents Folder
• Avoid setting disk quotas on roaming profile shares. – If needed, limit profile size through Group Policy
• Avoid the creation of profile folders in advance for users
Mandatory User ProfilesMandatory User Profiles
Creating a Preconfigured User ProfileCreating a Preconfigured User Profile Deploying Mandatory ProfilesDeploying Mandatory Profiles Deploying Group Policy Folder RedirectionDeploying Group Policy Folder Redirection
demonstrationdemonstration
How do you make a profile mandatory?
1. Deny write permissions to the profile.
2. Configure profile folder to read-only.
3. Configure profile settings in Group Policy.
4. Rename Ntuser.dat to Ntuser.man.
ReviewMandatory User Profiles
ReviewMandatory User Profiles
How do you make a profile mandatory?
1. Deny write permissions to the profile.
2. Configure profile folder to read-only.
3. Configure profile settings in Group Policy.
4. Rename Ntuser.dat to Ntuser.man.
With Windows Server 2003, what is the best
method to control the user’s environment?
1. Mandatory User Profiles
2. Group Policy
3. Roaming User Profiles
4. Company Computer Policies
ReviewMandatory User Profiles
ReviewMandatory User Profiles
With Windows Server 2003, what is the best
method to control the user’s environment?
1. Mandatory User Profiles
2. Group Policy
3. Roaming User Profiles
4. Company Computer Policies
Session Summary
• The user profile provides the functionality of the customized Windows user environment
• Roaming User Profiles provide a consistent environment on multiple computers throughout the network
• Use Group Policy to control the user environment as needed
For More Information…• Visit TechNet at www.microsoft.com/technet• For additional information on books, courses and other
community resources that support this session visit
www.microsoft.com/technet/tnt4-04