Implementing and Creating Preconfigured Profiles
Preconfigured user profiles are used to define default user configuration and environment settings. They make it easier for new users to get started in a new environment and can be used for local, roaming, or mandatory profiles. For instance, you could have one preconfigured user profile for each department in the organization. Any of these preconfigured profiles could be saved and then used as a local, roaming, or mandatory profile for new users.
Before creating a preconfigured user profile, you should be aware of these guidelines:
- Use NTFS file system volumes for user profiles that are on shares. This allows you to configure profiles with different file and share permissions. By doing this you can have multiple roaming user profiles for users or groups. It also allows for higher security than a file allocation table (FAT) or FAT32 volume does.
- Do not use Encrypted File System for shared profiles. Encryption is configured on a per-user basis and the user logging on won't have access to the profile.
- It is a good idea to use a test computer that has video and hardware components similar to the production computers.
For mandatory user profiles, the shares where the mandatory user profiles are stored should have permissions set to read-only. A mandatory profile must also be created before a user logs on to a computer for the first time and copied to the user's profile location.
To create a preconfigured user profile, follow these steps:
- Log on to the test computer. (If you are creating multiple profiles, it is a good idea to create a separate account for each preconfigured profile to ensure that the configurations are correct.)
- Install or configure all programs that meet the requirements of the department or group of users for which you are creating the profile. Arrange the desktop and the Start menu as desired. Configuring the applications and the user desktop will create a model desktop profile template.
- Log off, and then log on again as a member of the Administrators group.
- Click System And Maintenance\System in Control Panel. Under Tasks, click Advanced System Settings. This displays the System Properties dialog box with the Advanced tab selected. On the Advanced Tab, under User Profiles, click Settings. The User Profiles dialog box appears.
- Select the user profile you just created, and then click Copy To. In the Copy To
dialog box, type the path where you want to save a copy of the selected profile.
Save a local profile to the %SystemDrive%\Documents and Settings\Default User
folder. If you want a default profile for the domain, copy the preconfigured profile
to a location on a network share. Then, when you set up a user's account, you can
copy the saved profile to the path for the user's profile. For example, if the path
for the user's profile is \\CorpSvr17\Profiles\MartinP, you would enter this as the Copy Profile To path.
Note: In Windows Explorer, you must enable the Show Hidden Files And Folders option to access profile folders. To do this, select Folder Options from the Tools menu. This displays the Folder Options dialog box. On the View tab, select Show Hidden Files And Folders, clear the Hide Protected Operating System Files check box, and then click OK. - Set the profile permissions so that the profile can be used by other users. To do this, click Change under Permitted To Use, and then, in the Select User Or Group dialog box, type Everyone or the name of the specific user or group that should have access to the profile, and then click OK.
- Click OK twice to close the open dialog boxes.
In this tutorial:
- Managing Users, Groups, and Computers
- Managing Domain User Accounts
- Configuring User Account Policies
- Enforcing Password Policy
- Configuring Account Lockout Policy
- Creating Password Settings Objects and Applying Secondary Settings
- Understanding User Account Capabilities, Privileges, and Rights
- Assigning User Rights
- Creating and Configuring Domain User Accounts
- Configuring Account Options
- Configuring Profile Options
- Troubleshooting User Accounts
- Implementing and Creating Preconfigured Profiles
- Configuring Local User Profiles
- Implementing Mandatory User Profiles
- Managing User Data
- Using Offline Files
- Configuring Offline Files on Clients
- Maintaining User Accounts
- Moving User Accounts
- Resetting a User's Domain Password
- Creating a User Account Password Backup
- Managing Groups
- Understanding the Scopes of Groups
- Creating a Group
- Creating group accounts at the command line
- Modifying Groups
- Managing Computer Accounts
- Moving a Computer Account
- Configuring Properties of Computer Accounts
- Troubleshooting Computer Accounts