Windows 7 / Security and Privacy

Implementing and Creating Preconfigured Profiles

Preconfigured user profiles are used to define default user configuration and environment settings. They make it easier for new users to get started in a new environment and can be used for local, roaming, or mandatory profiles. For instance, you could have one preconfigured user profile for each department in the organization. Any of these preconfigured profiles could be saved and then used as a local, roaming, or mandatory profile for new users.

Before creating a preconfigured user profile, you should be aware of these guidelines:

  • Use NTFS file system volumes for user profiles that are on shares. This allows you to configure profiles with different file and share permissions. By doing this you can have multiple roaming user profiles for users or groups. It also allows for higher security than a file allocation table (FAT) or FAT32 volume does.
  • Do not use Encrypted File System for shared profiles. Encryption is configured on a per-user basis and the user logging on won't have access to the profile.
  • It is a good idea to use a test computer that has video and hardware components similar to the production computers.

For mandatory user profiles, the shares where the mandatory user profiles are stored should have permissions set to read-only. A mandatory profile must also be created before a user logs on to a computer for the first time and copied to the user's profile location.

To create a preconfigured user profile, follow these steps:

  1. Log on to the test computer. (If you are creating multiple profiles, it is a good idea to create a separate account for each preconfigured profile to ensure that the configurations are correct.)
  2. Install or configure all programs that meet the requirements of the department or group of users for which you are creating the profile. Arrange the desktop and the Start menu as desired. Configuring the applications and the user desktop will create a model desktop profile template.
  3. Log off, and then log on again as a member of the Administrators group.
  4. Click System And Maintenance\System in Control Panel. Under Tasks, click Advanced System Settings. This displays the System Properties dialog box with the Advanced tab selected. On the Advanced Tab, under User Profiles, click Settings. The User Profiles dialog box appears.
  5. Select the user profile you just created, and then click Copy To. In the Copy To dialog box, type the path where you want to save a copy of the selected profile. Save a local profile to the %SystemDrive%\Documents and Settings\Default User folder. If you want a default profile for the domain, copy the preconfigured profile to a location on a network share. Then, when you set up a user's account, you can copy the saved profile to the path for the user's profile. For example, if the path for the user's profile is \\CorpSvr17\Profiles\MartinP, you would enter this as the Copy Profile To path.
    Note: In Windows Explorer, you must enable the Show Hidden Files And Folders option to access profile folders. To do this, select Folder Options from the Tools menu. This displays the Folder Options dialog box. On the View tab, select Show Hidden Files And Folders, clear the Hide Protected Operating System Files check box, and then click OK.
  6. Set the profile permissions so that the profile can be used by other users. To do this, click Change under Permitted To Use, and then, in the Select User Or Group dialog box, type Everyone or the name of the specific user or group that should have access to the profile, and then click OK.
  7. Click OK twice to close the open dialog boxes.
[Previous] [Contents] [Next]

In this tutorial:

  1. Managing Users, Groups, and Computers
  2. Managing Domain User Accounts
  3. Configuring User Account Policies
  4. Enforcing Password Policy
  5. Configuring Account Lockout Policy
  6. Creating Password Settings Objects and Applying Secondary Settings
  7. Understanding User Account Capabilities, Privileges, and Rights
  8. Assigning User Rights
  9. Creating and Configuring Domain User Accounts
  10. Configuring Account Options
  11. Configuring Profile Options
  12. Troubleshooting User Accounts
  13. Implementing and Creating Preconfigured Profiles
  14. Configuring Local User Profiles
  15. Implementing Mandatory User Profiles
  16. Managing User Data
  17. Using Offline Files
  18. Configuring Offline Files on Clients
  19. Maintaining User Accounts
  20. Moving User Accounts
  21. Resetting a User's Domain Password
  22. Creating a User Account Password Backup
  23. Managing Groups
  24. Understanding the Scopes of Groups
  25. Creating a Group
  26. Creating group accounts at the command line
  27. Modifying Groups
  28. Managing Computer Accounts
  29. Moving a Computer Account
  30. Configuring Properties of Computer Accounts
  31. Troubleshooting Computer Accounts