Although redirecting the My Documents folder to the default server folder is the simplest approach, you might want to use a shared folder at a different loca- tion. This requires setting several types of permissions on the shared folder to be sure that the user’s My Documents folder is accessible to the user but not to the world at large. To redirect all users’ My Documents folder to a network folder, complete the following steps:
1. In Windows Explorer, create the folder you want to use and give it a descriptive name.
2. Right-click the folder and select Sharing And Security from the short- cut menu. The Properties dialog box appears.
3. On the Sharing tab, select Share This Folder, and then click the Permis- sions button.
4. Click the Add button and add the groups Domain Users, Domain Admins, and Folder Operators. Assign all three groups Full Control. (Remove the Everyone group.) Click OK.
5. On the Security tab, click the Advanced button, and clear the check box for Allow Inheritable Permissions. A security prompt appears ask- ing how to assign permissions. Click Remove.
G09KR01
6. Click the Add button and add the Creator Owner group. In the Permis- sion Entry dialog box, select This Folder Only from the Apply Onto drop-down list. Then select the options to allow List Folder/Read Data, Read Attributes, and Create Folders/Append Data. Click OK.
7. Repeat Step 6, adding Domain Admins, Folder Operators, and SYSTEM. When finished, close the open dialog boxes.
8. Launch System Management and click Users in the console tree. Click Configure My Documents Redirection. The Client Document Redirec- tion dialog box appears.
9. Select the option to redirect to a network folder, and type in or browse to the network folder you created (Figure 9-10). Click OK.
F09KR10
Figure 9-10. Redirecting the My Documents folder to a shared folder on the network.
When completed, all the My Documents folders are redirected to the new folder. Admittedly, this is a tedious process, but fortunately it has to be done only once.
Tip To stop redirecting folders, select Server Management from the Start menu and click Users. Click Configure My Documents Redirection and select the option Do Not Redirect My Documents Folders.
Tip In addition to My Documents, other special folders are Application Data, Desktop, and Start Menu on Windows 2000 or later systems. These folders can also be redirected either to a single location or to locations based on group membership. To configure this form of redirection, see “Redi- recting Special Folders Using Group Policy” in Chapter 10.
Maintaining User Profiles
A profile is an environment specifically customized for a user. The profile con- tains the desktop and program settings for the user. Every user has a profile, whether the administrator configures one or not, because a default profile is automatically created for each user who logs on to a computer. Profiles offer a number of advantages:
•
Multiple users can use the same computer, with the settings for each user restored at logon time to the same state as when he or she logged off.•
If user profiles are stored on a server, they can follow users to any computer on the network running Windows Server 2003, Windows XP Professional, Windows 2000, or Windows NT 4.0.Administrators can also set up mandatory profiles that allow a user to make changes to the desktop while logged on but not to save any of the changes. A mandatory profile always looks exactly the same every time a user logs on. There are three types of profiles:
•
Local profiles Profiles created on a computer when a user logs on. The profile is specific to a user, local to that computer, and stored on the local computer’s hard disk.•
Roaming profiles Profiles created by an administrator and stored on a server. These profiles follow a user to any computer on the network running Windows Server 2003, Windows XP Professional, Windows 2000, or Windows NT 4.0.•
Mandatory profiles Roaming profiles that can be changed only by an administrator.Real World What’s Stored in a Profile?
All profiles start out as a copy of the Default User profile that is installed on every computer running Windows Server 2003, Windows XP Profes- sional, Windows 2000, and Windows NT 4.0. Registry data for Default User is in the Ntuser.dat file contained in the Default User profile. Profiles contain some or all of the following folders:
•
Application Data Program-specific settings determined by the program manufacturer plus specific user security settings•
Cookies Messages sent to a Web browser by a Web server and stored locally to track user information and preferences (not in Windows NT 4.0)•
Desktop Desktop files, folders, shortcuts, and the desktop appearance•
Favorites Shortcuts to favorite locations, particularly Web sites•
Local Settings Application data, History, and Temporary files (not in Windows NT 4.0)•
My Documents User documents and My Pictures, which con- tains user graphics files (not in Windows NT 4.0)•
PrintHood Shortcuts to items in the Printers folder•
My Recent Documents Shortcuts to the most recently accessed folders and files•
SendTo Items on the Send To menu•
Start Menu Items on the user’s Start menu•
Templates Application templatesBy default, only the Cookies, Desktop, Favorites, My Documents, and Start Menu folders are visible in Microsoft Windows Explorer. The other folders are hidden; to see them, in Windows Explorer, click the Tool menu, click Folder Options, click the View tab, and select Show Hidden Files And Folders.