Microsoft

Working with Win2K roaming profiles

Roaming profiles allow users to log on at any workstation with the settings and applications they require. This article explains how to create and administer roaming user profiles with Windows 2000 Server and how to handle the various Windows clients.


Roaming user profiles allow users to log on to any workstation within a domain and be greeted with their personalized combination of settings and applications, no matter which machine they’re using. User profiles in Windows NT 4.0 and Windows 2000 function in basically the same way—they both support local, roaming, and mandatory profiles. Windows 95/98/Millennium Edition (Me) clients also support roaming user profiles, but they work a little bit differently. This article explains how to create roaming user profiles and administer them in a network based on Windows 2000 Server with various Windows clients.

Setting up roaming user profiles
To create a roaming user profile that offers the maximum benefit for your users, perform the following steps:
  • Create a shared directory on the network where user profiles will be stored.
  • Create a place on the network to store users’ Home folders.
  • Configure the domain profile for each user to map to the path of the user’s profile and Home folder on the network.

To create a shared directory for your user profiles, follow these steps:
  1. On one of your servers, create a new directory. (Our example will be called “userprof”.)
  2. Once you’ve created this directory, right-click on it and choose Properties (see Figure A).
  3. Set it up for sharing with the proper security.

Figure A


A Home folder is the place on the network where the user stores documents. It is convenient for backing up documents from a local workstation, or better yet, having users store all their documents so they can access them from any workstation. This works independently of roaming profiles, but it gives users the additional flexibility of being able to store all documents on a file server so they can access them no matter which machine they’re working from.
  1. To create a shared directory for users’ Home folders, do the following: On one of the servers on your network (usually a file server), create a directory to store Home folders (our example will be called Home).
  2. Share the folder and assign the appropriate security rights.

You can use one Home folder to store everything, or better yet, you can have an individual folder for each user based on their domain username.

Assign user accounts to use roaming profiles:
  1. From the Start menu of one of your Windows 2000 domain controllers, select Start | Programs | Administrative Tools | Active Directory Users And Computers.
  2. Expand the Users folder, right-click on a user, and select Properties.
  3. Select the Profile tab (see Figure B) and enter a profile path to the shared profiles directory. (Note: When creating the profile path, simply put \\servername\profiles_folder\%username%—the last variable is automatically replaced by the actual user account name.)

Figure B


Now, every time a user logs on to a computer on your network, the profile from the server is downloaded to the local computer. When the user logs off and logs back on at a different computer, the profile is compared with the server’s copy and the local user’s copy. The most recent copy is always loaded. If the server goes down, the locally cached copy is loaded.

Assign a user’s account to map to a Home folder on the network:
  1. From the Administrative Tools folder, select Active Directory Users And Computers.
  2. Right-click on the appropriate User and select Properties.
  3. Select the Profile Tab and select the Connect radio button.
  4. Select a drive letter and enter a network path to the user’s Home folder (such as \\servername\directory\%username%—again, the %username% variable will automatically map the current user’s folder).

Now, once this is created and the user logs on, a drive will automatically be mapped to the user’s Home folder (see Figure C).

Figure C


Copying existing user profiles
To copy an existing user profile to the network:
  1. Create a User Account (for this example, I’ve created an account called “Help Desk”).
  2. Log on to the account and your customized desktop.
  3. Log off the account and log back on using your Administrator account.
  4. Open Active Directory Users and Computers from the Administrative Tools folder.
  5. Right-click on the appropriate user account (for our example, Help Desk).
  6. Enter the appropriate paths for User profile and Home folder.
  7. From the Start menu, select Control Panel | System.
  8. Select the User Profiles tab and choose the profile you created (see Figure D).

Figure D

  1. Click the Copy To button and copy the profile to the User profiles share (see Figure E).
  2. In the Permitted to Use box (also seen in Figure E), click the Change button and choose the appropriate account for access.

Figure E


This will enable you to retain the settings from profiles that users are currently utilizing on their desktops.

Creating mandatory profiles
A profile that is controlled by a system administrator is called a mandatory profile. If you implement a mandatory profile on your network, users can change desktop settings as much as they want, but when they log off, the changes are not saved. The next time they log on, they will use their original profile again. This type of profile is excellent for many settings, including training rooms, shared machines, and desktops used by temporary workers. Mandatory profiles can also streamline support issues. If users mess up something on a system, you can simply tell them to restart in order to restore the standard desktop.

One of the drawbacks to mandatory profiles is that if the server is down and the cached file isn’t accessible, the user won’t be able to log on. However, a user will see a warning message and be able to log on using the cached profile.

To create a Mandatory user profile:
  1. From File Explorer, open your shared folder where all of your roaming user profiles are stored (see Figure F).

Figure F

  1. From the Tools menu, select Folder Options.
  2. Select the View tab and select the Show Hidden Files and Folders option (see Figure G).

Figure G

  1. Select the directory of the user that you want to change to a Mandatory profile.
  2. Rename the Ntuser.dat file to Ntuser.man (see Figure H).

Figure H


Using roaming profiles on Windows 95/98/Me
Windows 95/98/Me workstations can also be configured to use roaming user profiles, although the setup differs from that of Windows NT/2000. When you log on to a Windows 95/98/Me machine, the user profile is copied to the Home directory (see Figure I) that was created on the Win2K Server, and the user profile is called User.dat instead of Ntuser.dat.

Figure I


To create roaming user profiles on Windows 95/98/Me machines:
  1. From the Start menu, select Control Panel and double-click Passwords.
  2. Select the User Profiles tab.
  3. Select Users Can Customize Their Preferences And Desktop Settings (see Figure J).

Figure J

  1. Reboot the computer.
  2. From the Start menu, select Control Panel | Network.
  3. In the Primary Network Logon drop-down box, select Client For Microsoft Networks (see Figure K).

Figure K

  1. In the list box, highlight Client For Microsoft Networks and choose Properties.
  2. Select Log On To Windows NT Domain and type the name of the Windows NT Domain in the text box (see Figure L).

Figure L

  1. Reboot the computer and log in using the appropriate roaming user profile.

Bringing it all together
This article explained how profiles work with the Windows 2000 operating system, how to create and administer roaming and mandatory user profiles in Windows NT/2000, and how to configure Windows 95/98/Me for roaming profiles as well. In network environments where users bounce around between different computers, roaming profiles can result in improved efficiency and can save users and administrators a lot of headaches.

How do you manage user profiles on your network?
We look forward to getting your input and hearing your experiences regarding this topic. Join the discussion below or send us an e-mail.

 

Editor's Picks

Free Newsletters, In your Inbox