oreilly.comSafari Books Online.Conferences.


AddThis Social Bookmark Button

Working with Roaming User Profiles

by Jonathan Hassell

Do you have a highly mobile local user base? Do your users tend to move about machines in your location, and if so, do they often complain to you that their personalized settings and desktop customizations don't travel with them? If you are shaking your head in the affirmative, then roaming user profiles may make your phone ring a bit less.

Roaming user profiles are simply collections of settings and configurations that are stored on a network location for each user. Once you perform some fairly simple configurations, every time a user logs on to a machine in your domain with his domain credentials, that user's settings will follow him and automatically be applied to his log-on session for that particular machine.

In this article, I'll show you how to create a baseline profile that will be used by default for new users wherever they log in, and then I'll share some tips on how to make a mass deployment of roaming profiles--particularly for users who already have customized their working environments--a bit easier for you.

Creating a Basic Profile

Before you begin creating a roaming profile, you need to create a temporary user account on your machine, and then configure that temporary account's profile however you like. For the remainder of this article, I will assume that you're running Windows Server 2003 in an Active Directory environment; therefore, to create a new user account, you will need to load Active Directory Users and Computers.

Once the tool is loaded, follow these steps:

  1. Within Active Directory Users and Computers, right-click on the Users folder (or wherever you might want to create the test user), and from the pop-up menu, select New -> User.
  2. Enter the details for this temporary user. In my case, I'll call the user Example Profile User, with a log-on name of profiletest. Figure 1 illustrates this.
  3. Figure 1
    Figure 1: Creating a test user

  4. Click on Next, and then give this temporary user a secure password.
  5. Finish the wizard, and then log off the machine.
  6. Now, log in to the machine using the temporary account you created.

What just happened? Essentially, creating the temporary account allows you to create a "template," and within the environment of that template you can customize the settings and appearance that will make it into the future roaming profile. All of these settings are stored in a directory on the local computer, which is called something like:

C:\Documents and Settings\username

Once you've logged in to the machine using the temporary account, configure everything the way you would like it: add shortcuts to the desktop; change the format of the Start menu; change the colors, font, and size of windows and title bars; and so forth. Remember, we're intending that this profile be the default for all users, so create the profile's configuration with that baseline in mind. Once you have finished your customization, log off the machine, and then log in again with an administrator account.

Related Reading

Learning Windows Server 2003
By Jonathan Hassell

Making Profiles Available on the Server

You might be wondering at this point what actually is stored within a user profile. A profile is made up of several different folders:

  • The Application Data folder contains program-specific settings and user security settings that correspond with applications the person has used.
  • The Cookies folder contains all of the web cookies a user has encountered and chosen to allow during his or her travails on the Web.
  • The Desktop folder, as obvious as it might sound, contains files, folders, shortcuts, and data regarding the appearance of the desktop on the user's screen.
  • The Favorites folder contains shortcuts to the user's preferred web sites and other frequently visited locations.
  • The Local Settings folder contains application data, history, and temporary files.
  • The My Documents folder contains files for the user, such as music, pictures, and other items the user tends to store in his home directory.
  • The Nethood folder contains shortcuts to sites in My Network Places.
  • The Printhood folder contains printer shortcuts.
  • The Recent folder shows the most recently accessed files and folders.
  • The SendTo folder is where the Send To menu, a popular right-clicking destination, is obtained. This folder can contain shortcuts to popular target destinations, like a floppy drive, My Documents, a printer, and so on.
  • The Start Menu folder contains items on the user's Start menu.
  • The Templates folder holds templates for applications like Microsoft Word and Excel.

If you can't see all of these folders, don't worry; they're most likely still hidden. To see them, select Folder Options from any Explorer window's Tools menu, click on the View tab, and select the option to Show Hidden Files and Folders.

With that said, the next task is to actually send the profile to your network server. To do this, create a folder on the network drive that will hold roaming profiles. In my case, I'll create a share on my Windows Server 2003 machine called Profiles. Then, on the client machine where your new baseline profile is stored, go into the Control Panel and double-click on System. Then follow these steps:

  1. Navigate to the Advanced tab.
  2. In the User Profiles section, click on the Settings button.
  3. The User Profiles screen appears.
  4. Select your temporary user account, and then click on the Copy To button.
  5. The Copy To screen appears, as shown in Figure 2. Enter the path to the network profile folder in the "Copy profile to" box. (Windows will automatically create a folder underneath the Profiles folder with the appropriate username.)
  6. Figure 2
    Figure 2: Copying the profile to the network server

  7. In the Permitted to Use section, click on the Change button.
  8. Enter the name of the temporary user you created earlier in this procedure, and then click on OK.
  9. Click on OK in the Copy To screen, and then click on OK in the User Profiles screen.

Note: When you're determining the shared location for user profiles, try to put them on a member server as opposed to a domain controller. Domain controllers have their own issues, and there's no need to bog them down with profile processing in addition to authenticating, emulating, and so on. While you're at it, make sure that the server you choose is backed up regularly, so you don't lose all of your user profiles to a machine failure.

You should be back to the desktop now. Next, load Active Directory Users and Computers again, find your temporary user account, and right-click on it, selecting Properties from the pop-up menu. Navigate to the Profile tab, and then, in the "Profile path" box in the User Profile section, enter the full network path to the profile you just copied, including the username. Figure 3 illustrates.

Figure 3
Figure 3: Specifying the path for the user's roaming profile

Click on OK, and you're done. The temporary user now can use the profile stored on the network, and whenever he uses his domain credentials to log on to a machine that is a member of the domain, he will receive a copy of his profile, including any changes he makes at any time.

On Deploying Profiles En Masse

If this works successfully for you, you can repeat this procedure for other users as needed. Here are a few tips, tricks, and "from the streets" experiences to hopefully make the repetitive process a bit easier:

  • If you are selecting multiple accounts in Active Directory to configure a profile path for each, you can use the %USERNAME% variable in the profile path. Windows will sort out the correct username for each user.
  • If your users already have profiles sorted out on their individual machines, you don't necessarily have to copy their profiles to the server. The simple act of specifying a profile path in the user's account properties tells Windows that if no profile exists on the network, it needs to automatically copy the locally stored profile to the server the next time the user logs out. The bottom line here is that if you want to save some time, specify the profile path in your user's account properties, and then tell her to log in to the machine that has her desktop and appearance configured the way she likes it. Then, have her log off, and her profile will be copied automatically.
  • If you are creating an account for a brand-new user who has no profile data anywhere on your network, you'll probably want that user (and any other new users you create in the future) to receive a default roaming profile automatically. To do this, you need only copy your baseline profile to \\SERVERNAME\SYSVOL\yourdomainname\Scripts\Default User. Replace your server name and domain name as appropriate. For example, in my case I would configure my baseline profile to \\MERCURY\SYSVOL\hasselltech.local\Scripts\Default User.

Wrapping It Up

That's all there is to basic roaming profile deployment. By setting up roaming user profiles in your organization, your base of mobile users will always have their customizations and preferred environment available to them on networked machines.

Jonathan Hassell is a system administrator, IT consultant, and industry author residing in Raleigh, North Carolina.

Return to the Windows DevCenter.