 |
|
Managing Your User ProfileIntroductionThis document includes information about how to manage your win.mit.edu (WIN) Roaming Profile. This document assumes you are familiar with the Athena Account Policies as covered in Athena at MIT, including:
In addition to the material included in this document you should become familiar with the material in Working on Athena (AC-11), especially topics related to files and directories.
Default User ProfileWhen the default user logs into a WIN machine for the first time, the files in the local machine's Default User directory will be replicated to form the user's initial profile. All of the default settings can be overridden by the user, so they should be thought of as a starting point from which the user may customize. The WIN environment makes the following settings to Default User:
The Individual User's ProfileThe first time a user logs in a WIN machine, their home directory will acquire two additional subdirectories: .winprofile, and WinData. These will be set to the same permissions as the user's home directory with the exception that system:anyuser will have no rights, not even list privileges. (There may be some documents in these directories whose names alone could violate the user's privacy.) The .winprofile directory contains the portion of the user's roaming profile that is downloaded entirely to the local machine when the user logs in. This includes the user's registry (NTUSER.DAT), Templates folder, Start Menu folder, SendTo folder, Recent folder, PrintHood folder, NetHood folder, Cookies folder, and Desktop folder. Since a user's Desktop folder must be down- and uploaded every logon and logoff, it would be unwise for a user to place a large amount of data on the desktop. Please place, and advise fellow users to place, such large files elsewhere and to use the desktop for shortcuts only. The same can be said for the other folders in this directory. The WinData directory contains the portion of the user's roaming profile that is downloaded on demand after logon. This includes the My Documents directory (and the My Pictures subdirectory), the Favorites directory, and the Application Data directory. The files in these directories will not be copied to the local machine on logon. Therefore, it is fine to place large amounts of data in these directories. The user's roaming profile is described in detail later on in this document. Tweaking the User's Experience on Machines in a ContainerIn general the %SystemDrive%\Documents and Settings\All Users folder gives one a handle to the user's desktop experience. For example: If you want a program to run in the user's context at the beginning of all logons, place the program (or a shortcut to this program) in %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Startup. This may be done to each machine in a container should the container administrator use a group-policy-based startup script to do this. If the container admin wanted a program to appear on all users' desktops when they are logged into machines in a container, one would place the program (or a shortcut to the program) in %SystemDrive%\Documents and Settings\All Users\Desktop. This could be done manually on each machine in the container or automatically using a group-policy-based startup script. Protecting Your AccountYour WIN Password Log on to: ATHENA.MIT.EDU (Kerberos Realm). If the third line is not displayed click on Options>> to make it display. Although each user in the WIN Domain has a unique password, that is different from their Athena password; by default nobody knows what this passwords is. The passwords within the WIN Domain are generated by a program during account creation and never used again. All authentication to the WIN Domain is made through the use of cross-realm trust, with the ATHENA.MIT.EDU Kerberos realm being the trust realm. Changing Your Password In most Windows 2000 or later Domains a logged-in user may change their password by using Ctrl-Alt-Del and choosing the button labeled Change Password... This method is the easiest for you to use. If you have problems with it you may use an alternate method - change your password using Leash32. You can start Leash as follows:
The program asks you for your old password, then has you type in the new password twice. Neither your old password nor your new one appears on the screen as you type it. The password-changing protocol checks your choice against a dictionary, and does not let you set a password that does not meet the Athena policies. For information about choosing a password, see Working on Athena (AC-11). Your new password takes effect immediately. However, any programs you started before you changed your password, including the Windows screensaver, will continue to use the old password until you log on using the new one. If you have forgotten your password or
get the message: Keeping Your Profile Safe
By default your profile will be in two top-level directories in your DFS home directory. The .winprofile and WinData directories are created the first time you log on to a WIN machine. The .winprofile directory contains your NTUSER.DAT file, Start Menu, Desktop, and Cookies information. The WinData directory contains your My Documents folder, Favorites, and application configuration data that is unique to your usage. By default, others are prevented from listing the files contained in these directories or reading any of the contents. Working Within Your QuotaYour disk quota is the limit on the amount of space in DFS you can use to store your files and on the number of files you can have. You initially have a limit of 1000 megabytes (1 GB). As you accumulate files in your directory, you may approach this limit. If you reach your limit, you are not able to save files. Checking Quota The Windows Explorer program will report the space available in DFS directories. If your usage is over or approaching your quota, you need to take action to avoid losing any files. See You will notice that you can not create any more files or use any more disk space. Do not ignore the warning message, or any mysterious file disappearances. If you do, you risk losing the contents of any file that you try to edit.
Important Information About Your ProfileThe family of Microsoft Windows operating systems maintains its configuration information in a manner that is very different from that with which what most experienced Macintosh or UNIX users are familiar. When all the applications and operating system components are cooperating correctly, all of the configuration information that is specific to an individual resides in the user's profile. In the WIN environment we use by default what are called Roaming Profiles. Simply put, this means that each user has his or her own unique profile that will be used whenever and wherever the user logs into a machine that is a member of the win.mit.edu Domain. Most machines in the Domain are configured so that the user's profile is deleted from the local machine's hard disk when the user logs out. Typically, a Domain using the Microsoft operating systems roaming profile feature copies the entire user's profile from the file server to the local workstation and back to the file server as each user logs in and logs out. A user's profile contains more than just startup scripts, registry data, shortcuts, and menus. It also contains the user's browser bookmarks, and all of their data files. It may even contain the user's own private applications. All of this can add up to a lot of bytes that need to be copied back and forth across the network. From the user's perspective this means that it takes a lot of time to log on and log out. In order to optimize the use of the network bandwidth, and decrease the amount of time that it takes the user to log on and out, the WIN environment takes advantage of a feature called folder redirection. Folder redirection means that we are only copying a portion of the user's profile during logon and logout. Other portions of the user's profile remain on the remote file server, until a specific file is needed by the user on the local machine. Understanding how this works and how to control some of the behavior is important to each and every user. Bad user habits will lead to excessively long log on and log out times. In testing worst and best case scenarios it is possible to create a profile that will vary the log on times from a few seconds to several hours. Users are strongly encouraged to learn about profile management and how their use of their profile will affect them. As mentioned in the section on Keeping Your Profile Safe, user's profiles are split into two subdirectories that are created in each user's home directory in DFS. These two subdirectories are .winprofile and WinData. The .winprofile directory is not redirected. This means that anything in the .winprofile directory will be copied to the local workstation each time the user logs on to a WIN machine. The entire .winprofile directory will also be copied back to the user's home directory in DFS each time the user logs out. To optimize performance, users should minimize the amount of data that they store in the .winprofile directory, or any of its subdirectories. By default the .winprofile directory contains the following information:
By default the WinData directory contains the following information:
Over time the My Documents subdirectory is the most likely subdirectory to grow the largest. This is the primary reason that this directory is being redirected. Please notice that the Desktop directory is not being redirected. Since the contents of the Desktop are always copied to the local machine, no advantage would be derived by using folder redirection on this subdirectory. However, the Desktop directory is one area that is likely to cause users problems. Do not store large data files or any applications directly on the Desktop. If you want to use the Desktop to provide easy access to data files and applications you are welcome to do so. However, you should put only shortcuts to the actual data files and applications on your desktop. Shortcut files are small files that do not take long to transfer over the network. To stretch a simile almost to the breaking point, shortcut files are like symlinks or aliases used by other operating systems, in that they are a reference to the actual file. However, they behave much differently than traditional symlinks. Instead of being an extension of the file system they are more like a hint to some applications about what to do with the information that is contained in the shortcut file. Other Information about your Profile If you want to launch a script or program on logon and logoff, place a file called ".winlogon" or ".winlogoff" with an executable extension (.cmd, .bat, .exe, .wsf, etc.) in your home directory. That is, if you create a file "H:\.winlogon.cmd" it will be run automatically for you at logon. Similarly, "H:\.winlogoff.wsf" would be run automatically at logoff. Important: Create at most one of each. If you have both a ".winlogon.exe" and a ".winlogon.cmd" program in your home directory, only one will be run at logon, and the choice of which one is not guaranteed to be deterministic. If you require multiple programs to be run on logon, create a single batch file which calls these multiple programs. (The same is true for logoff.) As an aside, another way to run programs at logon (but not at logoff) is to place them in your Start Menu\Programs\Startup folder. Veteran Windows users should already be aware of this. About NTFS PermissionsDo not set NTFS access control on portions of your roaming profile which get copied to the local machine from DFS.
|
