04McInerney.2 8/1/99 4:36 PM Page 61
FOUR
User Profiles
In This Chapter
Introduction This chapter introduces the concept of user profiles and User Profile Overview includes step-through examples on how to implement them in a Windows NT environment. Creating a Roaming User profiles are used in an NT environment to control User Profile for NT 4.0 the look and feel of the user desktop and available options at Profile Permissions the workstation. This chapter focuses on user profiles defined within the NT Amending the Profile workstation and server environment but also includes some with Regedt32 information on user profiles applied to Windows 95 clients. Default User Profile Windows NT 3.5x Profile Upgrades Introduction Creating a Roaming Client/server technology has long been heralded as the way Profile for Windows 95 forward for large IT infrastructures. The days of the central- ized mainframe supplying the computer power for an enter- prise have passed! Now, anybody who has worked in the IT business for any number of years knows that this is not strictly true. The promised yield of the client/server environment has never quite come to fruition. The lower costs, ease of maintenance, less costly hardware, and lower administrative overheads have been very difficult to spot. 04McInerney.2 8/1/99 4:36 PM Page 62
62 Chapter Four • User Profiles
Total cost of ownership (TCO) is a phrase that has been used more and more over the last few years. One of the main claims made all those years ago when the salesmen were trying to convince us to move away from the centralized mainframe systems was that client/server would lower the cost of owning and running an IT infrastructure. Client/server technology certainly had a large impact and brought with it some major benefits, including distributed systems, distributed manage- ment, well-known GUI interfaces, and applications that were much more user friendly. It also brought with it the unforeseen costs. The difference in costs between distributed and centralized hardware has been reduced dra- matically. Where once users had a terminal and were able to run one pro- gram interactively at a time, they are now faced with a desktop and many available applications. Training is not only needed now to run the applica- tions but also to run the operating system that used to be hidden from users. IT infrastructures are growing to huge proportions, and administrative costs escalate in proportion. In all, the cost of distributed systems is not quite as small as it may have been portrayed to be some years ago. Recent studies show that a large amount of the TCO goes to providing user support. This is hardly surprising considering the technology available to the average user at the moment. Of these costs, a high proportion is used fixing problems caused by user interference with the computer services due to lack of understanding or to the complex nature of the systems today. After all, users may be faced with a desktop with ten or more applications. Those users may only need to run two applications for their particular job but policy may dictate that a uniform desktop is required to make adminis- trative duties that bit “easier.” Some sort of control is needed to reduce the apparent complexity of the computer systems. Average users performing an accountancy role don’t need to know how or why a system works. They need to know where their appli- cations and resources are and how to use them. An investment in training so that everybody understands something about the computing environment is rarely wasted, but controls are needed to make sure that a little knowledge doesn’t cause a lot of damage.
User Profile Overview
One of the two main controls in a Microsoft Window NT network environment that helps lower the cost of administration and management is user profiles. The second control is system policies. System policies control availability and access to resources for a user or group and can be set either for users/groups or for the computer. System policies are discussed in Chapter Five. 04McInerney.2 8/1/99 4:36 PM Page 63
User Profile Overview 63
What Is a User Profile? A user profile is a group of settings that describe the look and feel of a user’s environment on a Windows NT or Windows 95 computer. It controls what appears on a desktop or what applications are accessible. User profiles contain settings that can be applied to a user, group, or computer and can be set up so that users can make changes and save them or so those users cannot save any changes made. User profiles were designed in part to answer the need for more con- trol over the ever-growing complexity of the desktop and network systems. Administrators can now deliver and manage from a central point the look and feel required by the enterprise workforce. All users don’t have to have the same desktop look. In addition, the profile can travel with the user (roaming profile) so that the same look and feel can be provided in different locations with a minimum of administrative overhead. From the point of view of the IT security professional, the user profile adds an invaluable tool that can be used to clamp down on unnecessary sys- tem access and possible security breaches. User profiles can be used to con- trol access to sensitive system tools such as the registry editor and the task manager. Types of User Profiles Three types of user profiles are available on Windows NT machines.