User Profile Basics - Page 2
As you can see, profiles offer users almost as much flexibility on shared computers as they would have on their own machine. The only difference is that the core system files are still shared by all users. For example, if by some freak chance a user figured out how to delete the WINNT directory, the process would affect everyone, regardless of their profile, because the user deleted a shared set of files. The same concept holds true for less extreme measures, as well. Any files other than those listed above are shared.
Suppose I have a profile called Brien stored on a local machine. All that a nosy user has to do to access my files is to navigate to C:\Documents and Settings\Brien\My Documents. If you want to ensure total privacy for users, you'll have to regulate the permissions for each user's folders in the same way you'd secure any other folder. For example, in the situation I just described, you might set permissions on the Brien folder so that only Brien and the administrator have access.
The Three Types of Profiles
There are three different types of profiles, and it's important to know when to use each type. In the sections that follow, I'll explain each type of profile along with its limits and capabilities.
In the earlier examples, when I discussed the nightmares of not using profiles, I was referring to operating systems such as Windows 98. When a user logs in to a Windows 2000 Professional machine, Windows checks to see if the user has an existing profile in the Documents and Settings folder. If no profile exists, Windows automatically creates one for the user. The next time the user uses the machine, the machine will remember all of his or her settings.
Unfortunately, local profiles are limited to each local machine. If a user routinely uses 30 different machines, the user will have 30 different profiles. In such a situation, it may make more sense to use roaming profiles.
As the name suggests, a roaming profile follows the user from PC to PC. No matter where the user logs in, they will always have their own desktop, documents, application settings, and so on. Windows 2000 accomplishes this task by storing the profile on the server. The first time a user logs in on a given PC, the PC copies the user's profile from the server to the workstation and then deals with the profile as if it were a local profile. During this copy process, the workstation also downloads the user's documents.
The next time the user comes back to the PC, the login process is much quicker because a local profile already exists. However, this profile contains a flag that tells Windows 2000 the profile is a roaming profile. Windows then checks the server for updates to the profile and to the user's documents. This time, the workstation copies only the updated profile settings and documents. If nothing has changed, nothing has to be copied, and the user is logged in instantly.