Windows Server 2003 Administration Webcast Series Part 3: User Profiles

transcript

Windows Server 2003 Administration Webcast Series Part 3:User Profiles

What we will cover:

• Purpose and Use of User Profiles

• Management of User Profiles

• User Profiles Best Practices

Prerequisite Knowledge

Level 100Level 100

• Experience administering Windows Server 2003 Servers

• Experience supporting end-users

• Knowledge of Group Policy concepts

Agenda

• Review

• Local User Profiles

• Roaming User Profiles

• Mandatory User Profiles

ReviewUser Account Management• Differences between Local User accounts

and Domain User accounts

• User Account attributes within Active Directory

• Managing multiple user accounts.

When would you use the local administrator account on a Windows XP workstation?

1. To join a Windows Server 2003 domain.

2. When configuring a new Windows XP installation before joining a domain.

3. To customizing the Windows User Environment.

4. There is no reason to use local user accounts.

ReviewLocal versus Domain User Accounts

When would you use the local administrator account on a Windows XP workstation?

1. To join a Windows Server 2003 domain.

2. When configuring a new Windows XP installation before joining a domain.

3. To customizing the Windows User Environment.

4. There is no reason to use local user accounts.

How are the Local User Accounts and

Domain User Accounts similar?

1. Both are highly flexible within an organization.

2. Both are stored locally on the workstation.

3. Both can store information about the user.

4. Both provide authentication to resources.

ReviewLocal versus Domain User Accounts

How are the Local User Accounts and

Domain User Accounts similar?

1. Both are highly flexible within an organization.

2. Both are stored locally on the workstation.

3. Both can store information about the user.

4. Both provide authentication to resources.

ReviewAdvanced Account Management

Which command will successfully create a new

User Account using the command-line tools?

1. DSADD newuser <DistinguishedName>

2. DSUSER <DistinguishedName>

3. DS ADD user <DistinguishedName>

4. DSADD user <DistinguishedName>

Which command will successfully create a new

User Account using the command-line tools?

1. DSADD newuser <DistinguishedName>

2. DSUSER <DistinguishedName>

3. DS ADD user <DistinguishedName>

4. DSADD user <DistinguishedName>

Which account properties can be configured

simultaneously on more that one user at a

time using the management console?

1. First Name, Last Name, Company.

2. Enable Account, Computer Restrictions, Title.

3. Logon Hours, Password, Direct Reports.

Which account properties can be configured

simultaneously on more that one user at a

time using the management console?

1. First Name, Last Name, Company.

2. Enable Account, Computer Restrictions, Title.

3. Logon Hours, Password, Direct Reports.

Agenda

• Review

Local User ProfilesUser Profile Overview

User #1 Profile:Desktop, My Documents, Application Data, Favorites, Start Menu, Templates, History, Cookies, etc.

User #1

User #2

User #3

Registry Key

HKEY_CURRENT_USER

AppEvents – Sound files for system events

Console – System colors, font size, and window size settings

Control Panel – Control Panel settings

Environment – Temporary folder locations

Identities – User’s SID informatio

Keyboard Layout – Current active keyboard layout

Printers – User settings for installed printers

Software – Software settings and program-specific information

Application Data

Cookies

Desktop

Favorites

Local Settings

History

My Documents

Send To

Start Menu

Local User ProfilesUser Profile Overview

Local User ProfilesCreating a New Local User Profile

New User

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfieList

Domain Controller NETLOGON ShareNew User

C:\Documents and Settings\Default User

New User Profile:Desktop, My Documents, Application Data, Favorites, Start Menu, Templates, History, Cookies, etc.

Ntuser.dat mapped to HKEY_CURRENT_USER

At Log Off, Windows commits the settings contained in registry key HKEY_CURRENT_USER to NTuser.dat

Local User ProfilesLocal User Profiles

Default User ProfileDefault User Profile Profile Location and ContentsProfile Location and Contents Moving Local User ProfilesMoving Local User Profiles

demonstrationdemonstration

By default, where does Windows 2003, XP and

2000 store local user profiles?

1. C:\documents and settings

2. C:\profiles

3. C:\winnt\profiles

4. C:\windows\profiles

ReviewLocal User Profiles

By default, where does Windows 2003, XP and

2000 store local user profiles?

1. C:\documents and settings

2. C:\profiles

3. C:\winnt\profiles

4. C:\windows\profiles

Where can you find the registry based settings for

the user profile?

1. Ntuser.dat & HKEY_USERS

2. User.man & HKEY_CURRENT_USERS

3. Ntuser.dat & HKEY_CURRENT_USER

4. Ntuser.man & HKEY_USERS

Where can you find the registry based settings for

the user profile?

1. Ntuser.dat & HKEY_USERS

2. User.man & HKEY_CURRENT_USERS

3. Ntuser.dat & HKEY_CURRENT_USER

4. Ntuser.man & HKEY_USERS

Where does Windows first look for profile

information when a user logs on?

1. The C:\documents and settings folder

2. The profile list in HKEY_LOCAL_MACHINE

3. The Netlogon share on the Domain Controller

4. The C:\windows\profiles folder

Where does Windows first look for profile

information when a user logs on?

1. The C:\documents and settings folder

2. The profile list in HKEY_LOCAL_MACHINE

3. The Netlogon share on the Domain Controller

4. The C:\windows\profiles folder

Agenda

• Review

Roaming User ProfilesCreating a New Roaming User Profile

New User

Domain Controller NETLOGON Share

New User

At Log Off, Windows merges the cached profile with the Profile Share and commits the settings contained in registry key HKEY_CURRENT_USER to NTuser.dat

New User

Roaming User ProfilesRoaming User Profiles

Creating an Administrative ShareCreating an Administrative Share Configuring Roaming User ProfilesConfiguring Roaming User Profiles Review Roaming User Profile SecurityReview Roaming User Profile Security

Does the local Windows client actively work with

the Roaming User Profile located on the network

share?

1. Yes.

2. No.

ReviewRoaming User Profiles

Does the local Windows client actively work with

the Roaming User Profile located on the network

share?

1. Yes.

2. No.

Where does Windows check for the default user

profile when configured for Roaming Users

Profiles?

1. C:\Documents and Settings\Default User.

2. \\<Server>\<ProfileShare>\Default User.

3. \\<DomainController>\NETLOGON.

4. Only local profiles copy the default user folder.

ReviewRoaming User Profiles

ReviewRoaming User ProfilesWhere does Windows check for the default user

profile when configured for Roaming Users

Profiles?

1. C:\Documents and Settings\Default User.

2. \\<Server>\<ProfileShare>\Default User.

3. \\<DomainController>\NETLOGON.

4. Only local profiles copy the default user folder.

Agenda

• Review

Mandatory User ProfilesOverview of the Mandatory Profile

\\LON-DC-01\Profiles$\User

C:\Documents and Settings\User

Ntuser.man mapped to HKEY_CURRENT_USER

Rename the ntuser.dat registry hivefile to ntuser.man.

Increase administrative overhead as compared to using Group Policy.

At Log Off, Windows does not commit any changes to the User Profile.

Mandatory User ProfileUser Profiles Best Practices

• Use a local profile for users who never connect over fast links– Mobile dial-up users

• Use roaming profiles for users who log on to multiple computers at once or throughout the work day

• Use Group Policy to provide managed desktop configurations rather than mandatory profiles

Mandatory User ProfileUser Profiles Best Practices cont.

• Use Folder Redirection and Offline files to provide roaming features to the My Documents Folder

• Avoid setting disk quotas on roaming profile shares. – If needed, limit profile size through Group Policy

• Avoid the creation of profile folders in advance for users

Mandatory User ProfilesMandatory User Profiles

Creating a Preconfigured User ProfileCreating a Preconfigured User Profile Deploying Mandatory ProfilesDeploying Mandatory Profiles Deploying Group Policy Folder RedirectionDeploying Group Policy Folder Redirection

How do you make a profile mandatory?

1. Deny write permissions to the profile.

2. Configure profile folder to read-only.

3. Configure profile settings in Group Policy.

4. Rename Ntuser.dat to Ntuser.man.

ReviewMandatory User Profiles

How do you make a profile mandatory?

1. Deny write permissions to the profile.

2. Configure profile folder to read-only.

3. Configure profile settings in Group Policy.

4. Rename Ntuser.dat to Ntuser.man.

With Windows Server 2003, what is the best

method to control the user’s environment?

1. Mandatory User Profiles

2. Group Policy

3. Roaming User Profiles

4. Company Computer Policies

ReviewMandatory User Profiles

With Windows Server 2003, what is the best

method to control the user’s environment?

1. Mandatory User Profiles

2. Group Policy

3. Roaming User Profiles

4. Company Computer Policies

Session Summary

• The user profile provides the functionality of the customized Windows user environment

• Roaming User Profiles provide a consistent environment on multiple computers throughout the network

• Use Group Policy to control the user environment as needed

For More Information…• Visit TechNet at www.microsoft.com/technet• For additional information on books, courses and other

community resources that support this session visit

www.microsoft.com/technet/tnt4-04