For more control over user accounts, you can
configure user properties. Through the user's Properties dialog box, you
can change the original password options, add the user to existing
groups, and specify user profile information.
To open a user's
Properties dialog box, access the Local Users And Groups utility, open
the Users folder, and double-click the user account. The user's
Properties dialog box has tabs for the three main categories of
properties: General, Member Of, and Profile.
The General tab contains
the information you supplied when you set up the new user account,
including the full name and a description, the password options you
selected, and whether the account is disabled. If you want to modify any
of these properties after you've created the user, simply open the
user's Properties dialog box and make the changes on the General tab.
You can use the Member Of tab
to manage the user's membership in groups. The Profile tab lets you set
properties to customize the user's environment. The following sections
discuss the Member Of and Profile tabs in detail.
1. Managing User Group Membership
The Member Of tab of the user's Properties dialog box displays all the groups that the user belongs to, as shown in Figure 1.
From this tab, you can add the user to an existing group or remove them
from a group. To add a user to a group, click the Add button and select
the group that the user should belong to. If you want to remove the
user from a group, highlight the group and click the Remove button.
Complete Exercise 1 to add a user to an existing group.
Open the Local Users And Groups MMC Desktop snap-in that you created previously. Open the Users folder and double-click user WPanek. The WPanek Properties dialog box appears. Select the Member Of tab and click the Add button. The Select Groups dialog box appears. Under Enter The Object Names To Select, type Backup Operators, and click the Check Names button. After the name is confirmed, click OK. Click OK to close the WPanek Properties dialog box.
|
The final tab in the user's
properties is called the Profile tab. Now let's take a look at that
Profile tab and what options can be configured within that tab.
2. Setting Up User Profiles, Logon Scripts, and Home Folders
The Profile tab of the user's Properties dialog box, shown in Figure 2, allows you to customize the user's environment. Here, you can specify the following items for the user:
User profile path
Logon script
Home folder
The following sections describe how these properties work and when you might want to use them.
2.1. Setting a Profile Path
User profiles contain
information about the Windows 7 environment for a specific user. For
example, profile settings include the Desktop arrangement, program
groups, and screen colors that users see when they log on.
Each time you log on to a
Windows 7 computer, the system checks to see if you have a local user
profile in the Users folder, which was created on the boot partition
when you installed Windows 7.
The first time users log on,
they receive a default user profile. A folder that matches the user's
logon name is created for the user in the Users folder. The user profile
folder that is created holds a file called NTUSER. DAT as well as
subfolders that contain directory links to the user's Desktop items.
In Exercise 2, you'll create two new users and set up local user profiles.
Using
the Local Users And Groups utility, create two new users: APanek and
PPanek. Deselect the User Must Change Password At Next Logon option for
each user. Select Start => All Programs => Accessories =>
Windows Explorer. Expand Computer, then Local Disk (C:), and then
Users. Notice that the Users folder does not contain user profile
folders for the new users. Log off and log on as APanek. Right-click
an open area on the Desktop and select Personalize. In the
Personalization dialog box, select a color scheme and click Apply, and
then click OK. Right-click an open area on the Desktop and select New => Shortcut. In the Create Shortcut dialog box, type CALC. Accept CALC as the name for the shortcut and click Finish. Log
off as APanek and log on as PPanek. Notice that user PPanek sees the
Desktop configuration stored in the default user profile. Log off as PPanek and log on as APanek. Notice that APanek sees the Desktop configuration you set up in steps 3, 4, and 5. Log off as APanek and log on as your user account. Select Start => All Programs => Accessories =>
Windows Explorer. Expand Computer, then Local Disk (C:), and then
Users. Notice that this folder now contains user profile folders for
APanek and PPanek.
|
The drawback of local
user profiles is that they are available only on the computer where they
were created. For example, suppose all of your Windows 7 computers are a
part of a domain and you use only local user profiles.
User Rick logs on at
Computer A and creates a customized user profile. When he logs on to
Computer B for the first time, he will receive the default user profile
rather than the customized user profile he created on Computer A. For
users to access their user profile from any computer they log on to, you
need to use roaming profiles; however, these require the use of a
network server because they can't be stored on a local Windows 7
computer.
In the next sections,
you will learn about how roaming profiles and mandatory profiles can be
used. To have a roaming profile or a mandatory profile, your computer
must be a part of a network with server access.
2.2. Using Roaming Profiles
A roaming profile is stored
on a network server and allows users to access their user profile
regardless of the client computer to which they're logged on. Roaming
profiles provide a consistent Desktop for users who move around, no
matter which computer they access. Even if the server that stores the
roaming profile is unavailable, the user can still log on using a local
profile.
If you are using roaming profiles, the contents of the user's systemdrive:\Users\
UserName folder will be copied to the local computer each time the
roaming profile is accessed. If you have stored large files in any
subfolders of your user profile folder, you may notice a significant
delay when accessing your profile remotely as opposed to locally.
If this problem occurs, you
can reduce the amount of time the roaming profile takes to load by
moving the subfolder to another location, such as the user's home
directory, or you can use group policy objects within Active Directory
to specify that specific folders should be excluded when the roaming
profile is loaded.
2.3. Using Mandatory Profiles
A mandatory profile
is a profile that can't be modified by the user. Only members of the
Administrators group can manage mandatory profiles. You might consider
creating mandatory profiles for users who should maintain consistent
Desktops.
For example, suppose you have a
group of 20 salespeople who know enough about system configuration to
make changes but not enough to fix any problems they create. For ease of
support, you could use mandatory profiles. This way, all of the
salespeople will always have the same profile, which they will not be
able to change.
You can create mandatory profiles for a single user or a group of users. The mandatory profile is stored in a file named NTUSER.MAN.
A user with a mandatory profile can set different Desktop preferences
while logged on, but those settings will not be saved when the user logs
off.
NOTE
You can use only roaming profiles as mandatory profiles. Mandatory profiles do not work for local user profiles.
There is a second type of mandatory profile called super mandatory profile. Let's take a look at this other type of profile.
2.4. Using Super Mandatory Profiles
A super mandatory profile is
a mandatory user profile with an additional layer of security. With
mandatory profiles, a temporary profile is created if the mandatory
profile is not available when a user logs on. However, when super
mandatory profiles are configured, temporary profiles are not created if
the mandatory profile is not available over the network, and the user
is unable to log on to the computer.
The process for
creating super mandatory profiles is similar to creating mandatory
profiles, except that instead of renaming the user folder Username.v2.
you name the folder Usemante.man.v2.
Another configurable item
within the Profile tab of the user's properties is using logon scripts.
Let's take a look at logon scripts.
2.5. Using Logon Scripts
Logon scripts are files that
run every time a user logs on to the network. They are usually batch
files, but they can be any type of executable file.
You might use logon
scripts to set up drive mappings or to run a specific executable file
each time a user logs on to the computer. For example, you could run an
inventory management file that collects information about the computer's
configuration and sends that data to a central management database.
Logon scripts are also useful for compatibility with non-Windows 7
clients who want to log on but still maintain consistent settings with
their native operating system.
To run a logon script for a
user, enter the script name in the Logon Script text box in the Profile
tab of the user's Properties dialog box. Another item that can be
configured in the Profile tab is the user's home folder. Let's take a
look at home folders.
2.6. Setting Up Home Folders
Users usually store
their personal files and information in a private folder called a home
folder. In the Profile tab of the user's Properties dialog box, you can
specify the location of a home folder as a local folder or a network
folder.
To specify a local path
folder, choose the Local Path option and type the path in the text box
next to that option. To specify a network path for a folder, choose the
Connect option and specify a network path using a Universal Naming
Convention (UNC) path.
A UNC consists of the computer
name and the share that has been created on the computer. In this case, a
network folder should already be created and shared. For example, if
you wanted to connect to a folder called \Users\Will on a server called
SALES, you'd choose the Connect option, select a drive letter that would
be mapped to the home directory, and then type \\SALES\Users\Will in the To box.
[f the home folder you are
specifying does not exist, Windows 7 will attempt to create the folder
for you. You can also use the variable %username% in place of a specific user's name.
Complete Exercise 3 to assign a home folder to a user.
Open the Admin Console MMC Desktop shortcut and expand the Local Users And Groups snap-in. Open the Users folder and double-click user WPanek. The WPanek Properties dialog box appears. Select the Profile tab and click the Local Path radio button to select it. Specify the home folder path by typing C:\HoflieFo1ders\WPanek in the text box for the Local Path option. Then click OK. Use Windows Explorer to verify that this folder was created. Close the Local Users And Groups MMC.
|
After creating your user
accounts, there is a possibility that you can run into errors or issues
with the accounts.
