Deploying Windows XP, Managing User State (Part 2) Page 3

Frequently Used Switches

TargetServerTargetShareTargetDirectory designates an intermediate location where collected user state data will be stored. By default, it is stored in compressed format in the USMT2.UNC subfolder, although compression can be turned off using the /compress switch, which allows you to manipulate the content of the collected data. Typically, it makes sense to assign a name to TargetDirectory that reflects the name of the user’s Windows account and source computer (especially if the same user works on several, differently configured computers). The /i switch is followed by the name of an INF file that contains settings affecting migration behavior. There are also a number of other switches, the following of which are used most often:

• /x specifies only custom entries defined in INF files will be applied (ignoring all default entries).
• /o causes data in the target location to be overwritten.
• /localonly ensures only files stored on local drives are copied to the target location (it is possible, through changes to INF files, to include files from mapped network drives in the migration).
• /v followed by the colon and a number from 1 to 7 produces verbose output (with 1 corresponding to the lowest level of detail, and 7 to the highest). The output is written by default to the SCANSTATE.LOG file in the folder from which USMT is executed. You can modify its location with a /l switch, followed by the path and name of the log file.
• /f migrates files (but not system or user settings) and can be supplemented with others, such as /u or /s.
• /u migrates the entire HKEY_CURRENT_USER registry hive.
• /s limits the migration of user settings to elements like mapped network drives and printers or Internet cookies.
• /p in combination with the /compress option estimates the amount of a space necessary to store user state (results are written into USMTSIZE.TXT file).
• /c continues operation even if a non-critical error is encountered (such as the presence of EFS files).
• /all migrates state for all users whose profiles exist on the source computer (otherwise, the migration applies only to the currently logged-on user).
• /user:DomainNameUserName migrates state only for the DomainNameUserName user specified.
• /efs dictates the behavior when EFS files are encountered. It can be used with the following values:
  • /efs:abort, which is enabled by default, causes SCANSTATE.EXE to fail if an encrypted file is found on the source computer.
  • /efs:skip ignores EFS files during copy.
  • /efs:decryptcopy attempts to decrypt EFS files before copying takes place. If this is not possible, SCANSTATE.EXE fails unless /c switch is specified.
  • /efs:copyraw forces EFS files to be copied to the target location in encrypted format.

Syntax of LOADSTATE.EXE is similar, although in this case, one additional INF file – MIGRATION.INF is generated automatically when running SCANSTATE.EXE (or SCANSTATEA.EXE). MIGRATION.INF determines some of the migration settings used during data loading. This INF file, as well as the others used during the scanning phase, is applied implicitly — so they do not appear on the command line. Some of the switches used by SCANSTATE.EXE (such as the ones specifying the type of data to copy or determining EFS-related behavior) are no longer applicable; however, there are some new ones that are specific to the loading phase, such as:

• /md:OldDomain:NewDomain allows user state to be transferred from one computer to another for user accounts that are being migrated between domains.
• /mu:OldUserName:NewUserName is similar to the previously described option but is used when the user name changes during migration.
• /lac:Password results in the creation of local accounts (with appropriate password) on the target computer (in scenarios where such accounts were used on the old computer — instead of domain-based ones),
• /lae enables newly created local accounts.
• /rollback records changes applied during the loading phase into a backup file, which allows rollback in case of LOADSTATE.EXE failure
• /q allows LOADSTATE.EXE to run without checking whether the current user has Administrative privileges.

Note that both File and Settings Transfer Wizard and USMT do not transfer application passwords (this might impact applications like Outlook Express, Internet Explorer, or settings like those for mapped network drives). As per Microsoft Knowledge Base article KB283734, this is a feature intended to reduce the possibility of compromising your personal data. The tools also do not transfer ACLs on migrated files, so permissions must be applied separately following the migration to properly secure users’ data. Similarly, as indicated before, additional precautions must be taken in situations where users have EFS-encrypted files. If EFS certificates are stored locally on the migrated computer, they must be transferred manually (typically using Certificates MMC snap-in) for each of the users.