Active Directory User Profile

  

About Domain Users Opened in the previous article (How to promote a member server to a domain controller (1), (2)) has already been involved, so open a user here The method is no longer repeated, this article mainly introduces you to the user profile.

First, what is a user profile? According to Microsoft's official explanation: User profiles are settings and files and collections that define the environment required for system loading when a user logs in. It includes all user-specific configuration settings. Where is the user profile located on the system? So what is included in the user profile? Let's take a screenshot of each:

The user profile is saved in the folder under the system disk (usually C drive) under the "Documents and Settings" folder, and there is one and your login username. The same folder, the user configuration file is saved here, by the way, if there is a user with the same name on the local machine and the domain, and all of them have been logged in, then the suffix will be displayed after the folder with the same name. For example, if there is a computer (testxp) in a domain (demo.com), a local swg account, and a swg account on the domain, and all of them have logged in to this computer, the following happens: Br>

Local account login first: then the local swg user configuration folder is swg, and the domain user's user configuration folder is swg.demo.

Domain account login first: then the domain user's user configuration folder is swg, and the local user's configuration folder is swg.testxp.

From the screenshot above, we can see that the user profile includes some personal settings such as desktop settings, my documents, favorites, IE settings. Another thing to note is that there is a folder named “All Users” in the “Documents and Settings” folder. If you create a new file under the “Desktop” folder under this folder, you You will find that all users have this file on the desktop when they log in, so the configuration in this folder is for every user of this computer.

When the network becomes a domain framework, all domain users can log in to the computer in any domain. When you modify the user profile on one computer, you will find another computer. When logging in, all settings are still the same, and no changes have been made. This is because the user's configuration file is saved locally, whether it is a domain user or a local user, it is saved on the login computer. We can click on "My Computer" to click "Right click", select "Properties", click "Advanced", and then click "Set in User Profile" to set “:< Br>

Please note that the "type" in the "type" is marked with a red box, all is "local", which means that the user profile is saved locally, so how can the user's profile be followed by the account? Go, that is, regardless of which computer the user is logged in, can the user profile be consistent? In order to solve this problem, the roaming user profile is used. The principle is to save the user profile in a common location on the network. When the user logs in on the computer, the user profile is downloaded from the public location of the network and sent to the local device. The application then synchronizes the local user profile to the network public location when the user logs out to ensure the validity of the public location user profile for the next use. So how do you implement this feature? Let's practice it now:

First, open a shared folder in a public place on the network to store user profiles. In an experiment, open a share on the domain controller. Share the folder and open the permissions:

Then, click “Start-Settings-Control Panel-Administrative Tools", double-click “AD users and computers”, and select the corresponding user, here is &ldquo ;swg” Account as an example:

Double click on the "swg” account, then select “Configuration File" in the "User Profile - Profile Path"; enter: \\\\192.168. 5.1\\share\\%username%,“192.168.5.1” is the IP address of the domain controller, as shown below:

Then click OK, then go to the client, use “swg&rdquo ; Account login to see what happens.

As shown in the above figure, the status of DEMO\\swg has changed from "local" to "rubbing", and at this time, the user is logged out, then the local user of the user will be automatically The configuration file is synchronized to the public location of the network. If you use the “swg” to log in to another domain computer, you will find that all user profiles are the same as this one. So what happened on the server?

As shown in the above figure, the server's "share" folder will automatically create a folder with the same username as the "swg" folder. By default, this folder will only allow the corresponding user to open: < Br>

The picture is very familiar?

At present, many companies' IT Pros have a common sigh, that is, users like to mess up their desktops. Although they can be limited by group policy, they always feel that they are not perfect. Here, we recommend using the mandatory user profile, the user can arbitrarily modify their personal profile, but once they are logged out, these changes will not be saved, so the user's profile will remain the same the next time the user logs in. , how to achieve this function? In fact, just change the “Ntuser.dat” under the user configuration folder to "Ntuser.man"; you can, let's take a look at the modification process:

First, the hidden files and known files are displayed. The extension can be modified in “Tools-Folder Options-View”:

~

After clicking "Determine", you can see that "Ntuser" .dat” file, but there will be a problem at this time, if you modify the "Ntuser.dat" under C:\\Documents and Settings\\swg, you will find that there is no way to modify this file, because the file is in use, can not Modify; if you modify the public location of the network "Ntuser.dat", which is \\\\192.168.5.1\\share\\swg under "Ntuser.dat", the modification can of course be modified, but due to the "Logg" in the "swg" At the time, the local "Ntuser.dat" will overwrite the network public location "Ntuser.man", which means that there is no modification. Many people want to change the owner of the folder directly on the server, and then add permissions to the administrator account, so that you can directly remove the "Ntuser.dat" on the server, but I have practiced several times. , I found that such an operation will cause some permissions can not be inherited, resulting in an error situation, so it is not recommended for everyone to use, here is recommended a method:

First, the “swg” account logout, and then use another An account login, such as an administrator, of course, if you go directly to \\\\192.168..5.1\\share\\swg after trying to log in, you will be disappointed, because you still refuse access, then how to access and Modify it, you can do this, & ldquo; start - run - cmd & rdquo; then enter, so that the command line is started, enter: net use \\\\192.168.5.1 password /user:swg at the command line, display “ command success Complete & rdquo;, then use “swg” to establish a connection with the server, then you can modify it in \\\\192.168.5.1\\share\\swg,

Then log out of the administrator account and log in with “swg” to see if there is any success:

See it, the type changed from "roaming” to “force", now available on the desktop If you make any changes in these places, you will find that you have logged off and then logged in, and you have returned to the original. This setting is useful when multiple people use the same account.

Finally, please pay attention to two issues:

1. When configuring the mandatory user profile, when using other users to log in and modify, please ensure that the modified user is in the logout state, why ? You may wish to think about it yourself!

2. When using roaming user profiles, please do not store some large programs or files on the desktop, etc., because users will download and upload configurations during login and logout. Files, if the file is too large, will affect the speed of login and logout.

OK, or an old saying: If you have any questions or feel that there is something wrong with your article, please feel free to send me an E-Mail at [email protected], thank you!

Copyright © Windows knowledge All Rights Reserved