1 / 53

Windows Server 2003 Administration Webcast Series Part 3: User Profiles

Windows Server 2003 Administration Webcast Series Part 3: User Profiles. What we will cover:. Purpose and Use of User Profiles Management of User Profiles User Profiles Best Practices. Prerequisite Knowledge. Experience administering Windows Server 2003 Servers

colt-davidson
Download Presentation

Windows Server 2003 Administration Webcast Series Part 3: User Profiles

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows Server 2003 Administration Webcast Series Part 3:User Profiles

  2. What we will cover: • Purpose and Use of User Profiles • Management of User Profiles • User Profiles Best Practices

  3. Prerequisite Knowledge • Experience administering Windows Server 2003 Servers • Experience supporting end-users • Knowledge of Group Policy concepts Level 100

  4. Agenda • Review • Local User Profiles • Roaming User Profiles • Mandatory User Profiles

  5. ReviewUser Account Management • Differences between Local User accounts and Domain User accounts • User Account attributes within Active Directory • Managing multiple user accounts.

  6. ReviewLocal versus Domain User Accounts When would you use the local administrator account on a Windows XP workstation? • To join a Windows Server 2003 domain. • When configuring a new Windows XP installation before joining a domain. • To customizing the Windows User Environment. • There is no reason to use local user accounts.

  7. ReviewLocal versus Domain User Accounts When would you use the local administrator account on a Windows XP workstation? • To join a Windows Server 2003 domain. • When configuring a new Windows XP installation before joining a domain. • To customizing the Windows User Environment. • There is no reason to use local user accounts.

  8. ReviewLocal versus Domain User Accounts How are the Local User Accounts and Domain User Accounts similar? • Both are highly flexible within an organization. • Both are stored locally on the workstation. • Both can store information about the user. • Both provide authentication to resources.

  9. ReviewLocal versus Domain User Accounts How are the Local User Accounts and Domain User Accounts similar? • Both are highly flexible within an organization. • Both are stored locally on the workstation. • Both can store information about the user. • Both provide authentication to resources.

  10. ReviewAdvanced Account Management Which command will successfully create a new User Account using the command-line tools? • DSADD newuser <DistinguishedName> • DSUSER <DistinguishedName> • DS ADD user <DistinguishedName> • DSADD user <DistinguishedName>

  11. ReviewAdvanced Account Management Which command will successfully create a new User Account using the command-line tools? • DSADD newuser <DistinguishedName> • DSUSER <DistinguishedName> • DS ADD user <DistinguishedName> • DSADD user <DistinguishedName>

  12. ReviewAdvanced Account Management Which account properties can be configured simultaneously on more that one user at a time using the management console? • First Name, Last Name, Company. • Enable Account, Computer Restrictions, Title. • Logon Hours, Password, Direct Reports.

  13. ReviewAdvanced Account Management Which account properties can be configured simultaneously on more that one user at a time using the management console? • First Name, Last Name, Company. • Enable Account, Computer Restrictions, Title. • Logon Hours, Password, Direct Reports.

  14. Agenda • Review • Local User Profiles • Roaming User Profiles • Mandatory User Profiles

  15. Local User ProfilesUser Profile Overview User #1 Profile:Desktop, My Documents, Application Data, Favorites, Start Menu, Templates, History, Cookies, etc. User #1 User #2 Profile:Desktop, My Documents, Application Data, Favorites, Start Menu, Templates, History, Cookies, etc. User #2 User #3 Profile:Desktop, My Documents, Application Data, Favorites, Start Menu, Templates, History, Cookies, etc. User #3

  16. Local User ProfilesUser Profile Overview Application Data Registry Key HKEY_CURRENT_USER Cookies Desktop AppEvents – Sound files for system events Console – System colors, font size, and window size settings Favorites Control Panel – Control Panel settings Local Settings Environment – Temporary folder locations History Identities – User’s SID informatio Keyboard Layout – Current active keyboard layout My Documents Printers – User settings for installed printers Send To Software – Software settings and program-specific information Start Menu

  17. Local User ProfilesCreating a New Local User Profile New User

  18. Local User ProfilesCreating a New Local User Profile HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfieList New User

  19. Local User ProfilesCreating a New Local User Profile HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfieList New User Domain Controller NETLOGON Share

  20. Local User ProfilesCreating a New Local User Profile HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfieList New User Domain Controller NETLOGON Share C:\Documents and Settings\Default User

  21. Local User ProfilesCreating a New Local User Profile HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfieList New User Domain Controller NETLOGON Share C:\Documents and Settings\Default User New User Profile:Desktop, My Documents, Application Data, Favorites, Start Menu, Templates, History, Cookies, etc. Ntuser.dat mapped to HKEY_CURRENT_USER

  22. Local User ProfilesCreating a New Local User Profile HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfieList New User Domain Controller NETLOGON Share C:\Documents and Settings\Default User New User Profile:Desktop, My Documents, Application Data, Favorites, Start Menu, Templates, History, Cookies, etc. At Log Off, Windows commits the settings contained in registry key HKEY_CURRENT_USER to NTuser.dat Ntuser.dat mapped to HKEY_CURRENT_USER

  23. demonstration • Local User Profiles • Default User Profile • Profile Location and Contents • Moving Local User Profiles

  24. ReviewLocal User Profiles By default, where does Windows 2003, XP and 2000 store local user profiles? • C:\documents and settings • C:\profiles • C:\winnt\profiles • C:\windows\profiles

  25. ReviewLocal User Profiles By default, where does Windows 2003, XP and 2000 store local user profiles? • C:\documents and settings • C:\profiles • C:\winnt\profiles • C:\windows\profiles

  26. ReviewLocal User Profiles Where can you find the registry based settings for the user profile? • Ntuser.dat & HKEY_USERS • User.man & HKEY_CURRENT_USERS • Ntuser.dat & HKEY_CURRENT_USER • Ntuser.man & HKEY_USERS

  27. ReviewLocal User Profiles Where can you find the registry based settings for the user profile? • Ntuser.dat & HKEY_USERS • User.man & HKEY_CURRENT_USERS • Ntuser.dat & HKEY_CURRENT_USER • Ntuser.man & HKEY_USERS

  28. ReviewLocal User Profiles Where does Windows first look for profile information when a user logs on? • The C:\documents and settings folder • The profile list in HKEY_LOCAL_MACHINE • The Netlogon share on the Domain Controller • The C:\windows\profiles folder

  29. ReviewLocal User Profiles Where does Windows first look for profile information when a user logs on? • The C:\documents and settings folder • The profile list in HKEY_LOCAL_MACHINE • The Netlogon share on the Domain Controller • The C:\windows\profiles folder

  30. Agenda • Review • Local User Profiles • Roaming User Profiles • Mandatory User Profiles

  31. Roaming User ProfilesCreating a New Roaming User Profile New User

  32. Roaming User ProfilesCreating a New Roaming User Profile HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfieList New User

  33. Roaming User ProfilesCreating a New Roaming User Profile HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfieList New User Domain Controller NETLOGON Share

  34. Roaming User ProfilesCreating a New Roaming User Profile HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfieList New User Domain Controller NETLOGON Share C:\Documents and Settings\Default User

  35. Roaming User ProfilesCreating a New Roaming User Profile HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfieList New User Domain Controller NETLOGON Share C:\Documents and Settings\Default User New User Profile:Desktop, My Documents, Application Data, Favorites, Start Menu, Templates, History, Cookies, etc. Ntuser.dat mapped to HKEY_CURRENT_USER

  36. Roaming User ProfilesCreating a New Roaming User Profile HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfieList New User Domain Controller NETLOGON Share C:\Documents and Settings\Default User New User Profile:Desktop, My Documents, Application Data, Favorites, Start Menu, Templates, History, Cookies, etc. At Log Off, Windows merges the cached profile with the Profile Share and commits the settings contained in registry key HKEY_CURRENT_USER to NTuser.dat Ntuser.dat mapped to HKEY_CURRENT_USER

  37. demonstration • Roaming User Profiles • Creating an Administrative Share • Configuring Roaming User Profiles • Review Roaming User Profile Security

  38. ReviewRoaming User Profiles Does the local Windows client actively work with the Roaming User Profile located on the network share? • Yes. • No.

  39. ReviewRoaming User Profiles Does the local Windows client actively work with the Roaming User Profile located on the network share? • Yes. • No.

  40. ReviewRoaming User Profiles Where does Windows check for the default user profile when configured for Roaming Users Profiles? • C:\Documents and Settings\Default User. • \\<Server>\<ProfileShare>\Default User. • \\<DomainController>\NETLOGON. • Only local profiles copy the default user folder.

  41. ReviewRoaming User Profiles Where does Windows check for the default user profile when configured for Roaming Users Profiles? • C:\Documents and Settings\Default User. • \\<Server>\<ProfileShare>\Default User. • \\<DomainController>\NETLOGON. • Only local profiles copy the default user folder.

  42. Agenda • Review • Local User Profiles • Roaming User Profiles • Mandatory User Profiles

  43. Mandatory User ProfilesOverview of the Mandatory Profile \\LON-DC-01\Profiles$\User User C:\Documents and Settings\User Rename the ntuser.dat registry hivefile to ntuser.man. New User Profile:Desktop, My Documents, Application Data, Favorites, Start Menu, Templates, History, Cookies, etc. Increase administrative overhead as compared to using Group Policy. Ntuser.man mapped to HKEY_CURRENT_USER At Log Off, Windows does not commit any changes to the User Profile.

  44. Mandatory User ProfileUser Profiles Best Practices • Use a local profile for users who never connect over fast links • Mobile dial-up users • Use roaming profiles for users who log on to multiple computers at once or throughout the work day • Use Group Policy to provide managed desktop configurations rather than mandatory profiles

  45. Mandatory User ProfileUser Profiles Best Practices cont. • Use Folder Redirection and Offline files to provide roaming features to the My Documents Folder • Avoid setting disk quotas on roaming profile shares. • If needed, limit profile size through Group Policy • Avoid the creation of profile folders in advance for users

  46. demonstration • Mandatory User Profiles • Creating a Preconfigured User Profile • Deploying Mandatory Profiles • Deploying Group Policy Folder Redirection

  47. ReviewMandatory User Profiles How do you make a profile mandatory? • Deny write permissions to the profile. • Configure profile folder to read-only. • Configure profile settings in Group Policy. • Rename Ntuser.dat to Ntuser.man.

  48. ReviewMandatory User Profiles How do you make a profile mandatory? • Deny write permissions to the profile. • Configure profile folder to read-only. • Configure profile settings in Group Policy. • Rename Ntuser.dat to Ntuser.man.

  49. ReviewMandatory User Profiles With Windows Server 2003, what is the best method to control the user’s environment? • Mandatory User Profiles • Group Policy • Roaming User Profiles • Company Computer Policies

  50. ReviewMandatory User Profiles With Windows Server 2003, what is the best method to control the user’s environment? • Mandatory User Profiles • Group Policy • Roaming User Profiles • Company Computer Policies

More Related