Windows IT Pro is the leading independent community for IT professionals deploying Microsoft Windows server and client applications and technologies.
  
  
  Advanced Search 


March 2004

Inside User Profiles

Understanding how user profiles work
From the March 2004 Edition
of Windows IT Pro
Darren Mar-Elia
Internals
InstantDoc #41654
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Internals and Architecture Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

If you were to ask 10 Windows administrators which part of their infrastructure is the most problematic, I'd wager that at least 5 of them would say user profiles. That number probably goes up to 8 or 9 if we're talking about roaming user profiles. Despite Microsoft's best efforts through the various releases of Windows, this piece of technology is problematic at best. So let's look at how profiles are supposed to work—with a detailed look at what happens when you create a profile and what happens when the system writes that profile to the server. Then we'll see what kinds of things can cause problems with user profiles and how you can try to avoid or correct them.

The User Profile Defined
A user profile is a set of files and folders that stores a user's personal preferences for his or her Windows desktop. For example, any shortcuts that users put on their desktop are part of their user profile, as are the preferences they select in Microsoft Outlook. Everything that's user-specific about Windows or applications running on Windows is stored in the user profile.

User profiles come in three flavors: local, roaming, and mandatory. Every user that logs on to a Windows workstation has a local profile, which by default is stored on Windows Server 2003, Windows XP, or Windows 2000 under the \%systemroot%\documents and settings\%username% folder (e.g., C:\documents and settings\joesmith). On Windows NT 4.0 machines, the local user profile is stored under \%systemroot%\profiles\%username%.

A roaming profile, as the name implies, follows the user to any workstation he or she logs on to. Windows accomplishes this roaming capability by writing the user's local profile to a designated server share each time the user logs off a workstation. If a user's profile doesn't roam, then every workstation that the user logs on to will have a different profile, potentially with different settings. Thus, roaming profiles are most commonly used in environments in which users frequently move from one computer to another and need to maintain all their settings. To make a local profile a roaming profile in Win2K and later, you simply modify the user object for a particular user in Active Directory (AD) to specify a Universal Naming Convention (UNC) path (e.g. \\s3gpo1\profiles\darren) designated as a roaming profile path, as Figure 1, page 20, shows. After you enter the path in the user object, the system writes the user profile to the designated server share at the next user logoff.

The mandatory user profile is a variation of a roaming profile. Mandatory profiles ensure that every user in an environment has the same profile. Mandatory profiles come in two variations—normal and super. A normal mandatory profile prevents users from changing any of their desktop or application preferences but still lets them, for example, put new shortcuts on their desktop or put documents in their My Documents folder. A super mandatory profile prevents users from saving any changes to their profile. Mandatory profiles are typically used in environments that require tight control over the user experience.

Regardless of the profile type, you need to remember one important thing about user profiles: The user always works from the copy of the local profile stored in \%systemroot%\documents and settings\%username% (or %systemroot%\profiles\%username% on NT 4.0). Even if the user has a roaming profile, the workstation downloads this profile from the server, caches it locally in this folder, and stores all changes the user makes to the profile during the logon session in the locally cached copy. The system writes those changes to the roaming profile when the user logs off, but, by default, the locally cached copy remains on the workstation. So, if the user logs back on to that workstation and has changed nothing on the roaming profile, the user will simply work from the locally cached copy without having to download the roaming profile again. I describe the mechanics of this process later in the article.

Under the Hood
Now let's look under the hood of the user profile. I mentioned earlier that the user profile stores the user's preferences and items such as shortcuts. In fact, the location of the user profile in XP and Win2K fittingly describes what a user profile contains—documents and settings. The documents portion of the profile can be any file-based resource that a user can store, including shortcuts, Microsoft Word documents, cached Internet files (e.g., cookies), and application-specific configuration files. If you look at a standard user profile in Windows Explorer, you'll see a directory structure like the one that Figure 2 shows.

As you can see from Figure 2, quite a few folders can store user-specific data within the profile. For example, the My Documents folder is the default location for storing Microsoft Office application documents and is a common place for users to save many other types of documents. The Desktop folder holds the contents of what appears on a user's desktop. If you were to copy an application shortcut into the Desktop folder in a user's profile, that shortcut would appear on his or her desktop. Some of the folders in the user's profile store documents that aren't necessarily visible to the user. The Application Data folder stores application configuration files. For example, Outlook uses this folder to store the layout of the Outlook screen that the user has chosen. Some folders are hidden completely from the user. As you can see by the shaded folder icons in Figure 2, hidden folders such as Application Data and Local Settings aren't meant to be directly accessible to the user by default.

The Settings portion of the user profile is stored in the ntuser.dat file within the structure that Figure 2 shows. If you open a registry editor on a Windows machine and navigate to the HKEY_CURRENT_USER hive, you'll see the ntuser.dat file contents. Ntuser.dat is a registry hive file that loads as HKEY_CURRENT_USER when a user logs on. As a result, Windows writes any changes you make to your user session—such as changing the background wallpaper on your desktop or changing an option in Outlook—to HKEY_CURRENT_USER, which is really ntuser.dat. As an aside, if you ever want to view the contents of another user's ntuser.dat file when the user isn't logged on, you can load this file into the registry as a temporary registry hive by using the load hive feature within regedit.exe (on Windows 2003 or XP) or regedt32.exe (on Win2K).

   Previous  [1]  2  3  Next 


Top Viewed ArticlesView all articles
Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...

2009 Windows IT Pro Editors' Best and Community Choice Awards

Picking a favorite product from an impressive crowd of competitive offerings is never an easy task, and such was the case with our Editors' Best and Community Choice awards this year. ...

WinInfo Short Takes: Week of November 23, 2009

An often irreverent look at some of the week's other news, including some post-PDC some soul searching, a Google Chrome OS announcement and a Microsoft response, Windows 7 off to a supposedly strong start, the Jonas Brothers and Xbox 360, and so much more ...
Related Events Windows Internals with Sysinternals Webinar

Deep Dive into Windows Server 2008 R2 presented by John Savill

Cutting Costs with Client Management

Check out our list of Free Email Newsletters!
Windows OSs eBooks Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys

SQL Server Administration for Oracle DBAs
Related Windows OSs Resources Introducing Left-Brain.com, the online IT bookstore
Looking for books, CDs, toolkits, eBooks? Prime your mind at Left-Brain.com

Discover Windows IT Pro eLearning Series!
Clear & detailed technical information and helpful how-to's, all in our trademark no-nonsense format


ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Calculate your savings now
See how SAN is 57% cheaper than DAS over three years

Free CDs Offer Fundamental Content for IT Pros
Are you up to speed on the latest technologies and solutions? Don't miss out on your chance to get up to speed quickly on fundamental, in-depth information on some of the hottest topics in our library of content.

Let Your Users Reset Their Own Passwords: Free Download
Try a 30 day free trial of Desktop Authority Password Self-Service – it provides an easy-to-use, robust system for allowing users to reset their own forgotten passwords or locked accounts.


Exchange Server 2010: Deploying Unified Communications - Virtual conference
December 1, 2009 - Free Registration. Build your Unified Communications future on a strong Exchange Server 2010 foundation.

Get Windows IT Pro & Mark Minasi’s Favorite Power Tools Guide
Order Windows IT Pro now and get "More of Mark Minasi's Favorite Power Tools"--a in-depth guide to the most useful Windows commands --FREE with your paid order! Subscribe today, and save 58% off the cover price!

Migration, Virtualization, Availability, and Desktop Management
Realize the importance of a workload optimization strategy...it can affect your bottom line!

Deep Dive into VMware vSphere, eLearning Series
Join John Savill to explore the major functionality capabilities of the vSphere virtualization platform, including identification of the changes from ESX 3.5.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro DevProConnections IT Job Hound
Left-Brain.com Technology Resource Directory asp.netPRO ITTV Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 © 2009 Penton Media, Inc. Terms of Use | Privacy Statement