dcsimg

70-240 in 15 minutes a week: Configuring the Desktop Environment and Managing Security

By ServerWatch Staff (Send Email)
Posted Mar 23, 2001


by Dan DiNicolo
http://www.win2000trainer.com

Welcome to article number 6 in my 70-240 in 15 minutes a week series. This week's article takes a look at both Configuring and Troubleshooting the Desktop Environment as well as Implementing, Monitoring and Troubleshooting Security. This includes a look at user profiles, windows installer packages, desktop settings, accessibility services, policies, managing domain accounts, and more. This article is a tiny bit longer than usual at 6 pages - a good deal, since we're combining two major topic areas (hey, it could have been 10 pages!). Note that some of the topics discussed in this article, such as Group Policy, are only meant as an overview since you are not required to know all the details for the Professional portion of the exam. The full-blown versions of these topics will be covered in future parts of the series in much greater depth - so worry not!

The material that this article will cover includes:

- User Profiles and Logon Scripts
- Multiple Language and Location Support
- Windows Installer Packages
- Desktop Environment and Accessibility Options
- Policies
- Managing Domain Users, Groups, and Authentication


User Profiles

Windows 2000 maintains a user's desktop configuration and environment settings in what is called a user profile. Settings found in a user profile include things like the wallpaper the user has set, the placement of the icons on their desktop, mouse settings and so forth. In Windows 2000, a user's profile can be found under the folder Documents and Settings, in a folder that maps to their user name, as shown below:This week's article takes a look at both Configuring and Troubleshooting the Desktop Environment as well as Implementing, Monitoring and Troubleshooting Security. This includes a look at user profiles, windows installer packages, desktop settings, accessibility services, policies, managing domain accounts, and more.

If the system has been upgraded from NT 4, however, profiles will still be found under the %systemroot%\profiles folder. By default, all user profiles are local. That means that when a user logs on to a system for the first time, they receive a new profile, and any changes they make are stored on that machine only. By contrast, you can also store user profiles on a server such that they follow users as they move from machine to machine. These are referred to as roaming profiles. When a user logs off a system, their settings (including any changes they have made) are saved back to the central server. Note that certain folders, such as My Pictures and My Documents, are part of the user profile. As such, if you are using roaming profiles, and a user has a number of large files in these folders, it can cause significant network disruption. However, Windows 2000 does keep a locally cached copy of roaming profiles on a system. As such, if a user has a large roaming profile and usually uses the same machine, only the changes are copied back and forth, not the entire profile every time they log on.

Roaming profiles are configured in the properties of a user account (on the Profile tab), by providing a UNC path to where the profile is stored such as \\server2\profiles\dan. In order to make things simpler, consider setting user accounts up for roaming profiles by using the %username% variable instead of the actual user name. This will automatically create a profile location on the server with the same name as that of the user (if you do this, only the administrator and user will have full control over the profile by default if the target volume is formatted NTFS). If you want to take an existing local profile and change it to roaming, you must set the properties on the user account as mentioned above, as well as copy the local profile to the server using the Copy To button on the Profiles tab in the System Program as shown below:

As in NT 4, you can still make a profile mandatory (unchangeable) by renaming the Ntuser.dat file in the profile to Ntuser.man.

Page 1 of 6


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.