Windows Server Hacks: Using Preconfigured User Profilesby Mitch Tulloch, author of Windows Server Hacks
On networks that have Active Directory deployed, roaming profiles are useful in several ways. They allow users to log on to any computer and access their desktop, Start menu, and work files. They also allow administrators to centralize user profiles on a network server for easier backup. That way if a user's computer bites the dust, her profile isn't lost.
Setting up a roaming profile is easy: Just open the properties of the user's account in Active Directory Users and Computers and switch to the Profile tab. Then enter the UNC path where the profile will be stored, using the form \\<servername>\<sharename>\%UserName%. For example, if the folder D:\Profiles on server Test220 is shared using the share name Profiles, you would enter \\Test220\Profiles\%UserName% in the "Profile path" field.
The next time Charlie logs on to his computer, a subfolder named csmith (named after his username) is created under the D:\Profiles folder and his roaming profile is stored there. That's why the
%UserName% environment variable should be specified in the "Profile path" field above.
Figure 1. Configuring a roaming profile for user Charlie Smith.
What if you want to implement roaming profiles for your users but you want to preconfigure those profiles in some way? For example, say you'd like to create a roaming profile that has certain shortcuts on its Start menu to make it easier for users to run frequently needed programs. How do you create a preconfigured profile and assign it to a user as his roaming profile?
Let's back up a bit and ask another question--namely, how is a user's profile generated in the first place? The first time the user logs on to her computer, the contents of the Default User profile (found at C:\Documents and Settings\Default User) are combined with the Common Program Group settings obtained from the All Users profile (found at C:\Documents and Settings\All Users), and then saved as the user's local profile as C:\Documents and Settings\%UserName%. And if a roaming profile is configured for the user, the user's local profile is also copied to the server when she first logs on.
What we want to do, then, is circumvent this process of having the user's brand-new local profile (created from Default User and All Users) saved as her roaming profile, and instead create a template profile and copy that to the server as her roaming profile. That way, the first time she logs on, her machine checks to see whether a roaming profile is already created and uses it instead of generating a brand-new profile as described above.
For example, let's say we want to create a preconfigured profile for users in the accounting department. Since the Enron scandal, the accountants' work has been pretty stressful; we want them to have some fun, so let's pin FreeCell to their Start menu. Start by creating a dummy user account called acct_template or something similarly descriptive (the account's profile will be the template for the accounting department users' profiles). Now use this account to log on to any computer that has a similar hardware configuration to machines used by the accounting department, and pin FreeCell to the Start menu:
Figure 2. What accountants like to do when they're bored.
Now log off as acct_template and log on as Administrator. Open the System utility in Control Panel, switch to the Advanced tab, and click on Settings under User Profiles to open the User Profiles dialog box. Select the user profile for acct_template as shown here:
Figure 3. Select the newly configured local profile for acct_template.
Now click on the Copy To button above to open the Copy To dialog box. We'll start by assigning our preconfigured profile to Danny Smith, a user in the accounting department. Type \\Test220\Profiles\dsmith in the Copy Profile To box, then click on Change and permit only Danny the use of his profile:
Figure 4. Copying our preconfigured local profile to the server to make it the roaming profile for user dsmith.
Click on OK, then click on the Copy To button again and assign the preconfigured profile to another user in accounting, and so on. Once you're done, close all properties sheets, open Active Directory Users and Computers, and specify the profile path \\Test220\Profiles\%UserName% on the Profile tab of each accounting user's properties sheet. Then log off as Administrator. Now when Danny or any other accounting employee logs on to his machine, his desktop is configured with FreeCell pinned to the Start menu.
Hacking the Hack
If you want to use the same preconfigured profile for all your users instead of just a few, here's an easier way of doing it. Start by creating a template user account with the profile path configured to \\<servername>\<sharename>\%UserName%, in which
<sharename> is the name of the share where users' roaming profiles will be stored. (In our example above, it was \\Test220\Profiles.) Then copy this account to create all your other user accounts. That way they will all have their profile path configured properly, and it won't have to be done over and over again for each user.
Then create a dummy account as described earlier, log on to a desktop machine using this account, preconfigure the desktop, and log off. Log on to the desktop as Administrator and open the User Profiles dialog box as before, using System in Control Panel. Select the local profile for your template account and click on Copy To as before. But this time, in the Copy To box above, type \\<dcname>\NETLOGON\Default User, where
<dcname> is the name of your domain controller. Then click on Change and specify Everyone so that any user can use this new profile. Now when you click on OK, your preconfigured profile is copied to the
NETLOGON share on your domain controller as a folder named Default User. When a user logs on to the network for the first time, her machine will access this share and use this preconfigured profile as the basis for creating her roaming profile, which is saved in \\<servername>\<sharename> as before.
Return to WindowsDevCenter.com.