Have you ever wondered how do Users Get Their Profile loaded on Windows PCs? Here is an overview of how it happens…
Roaming Profile – New User
- The user logs on.
- The path to the users roaming profile is retrieved from the user object on the Domain Controller (\<domain name><path to profiles><user roaming profile>).
- Windows checks to see if a profile exists in the roaming path, if no profile exists a folder is created.
- Windows checks the list of user profiles located in
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList to determine if a cached copy of the profile exists. - If a local copy of the profile is not found, and the computer is part of a domain, Windows checks to determine if a domain wide default profile exists in the Default User folder on the domain controllers NETLOGON share. (\<domain name>sysvol<domain name>scriptsDefault User)
- If a domain wide profile exists, it is copied to a subfolder on the local
computer with their user name under %Systemdrive%Documents and Settings. - If a default domain profile does not exist, then the local default profile is copied from the %Systemdrive%Documents and SettingsDefault User folder to a subfolder on the local computer with their user name under %Systemdrive%Documents and Settings.
- The users registry hive (NTUSER.DAT) is mapped to the HKEY_CURRENT_USER portion of the registry.
- The users %userprofile% environment variable is updated with the value of the local profile folder
- The user can then run applications and edit documents as normal.
When the user logs off, their local profile is copied to the path configured by the administrator. If a profile already exists on the server, the local profile is merged with the server copy.
Roaming Profile – Existing User
- The user logs on.
- The path to the users roaming profile is retrieved from the user object on the Domain Controller.
- Windows checks to see if a profile exists in the roaming path, if no profile exists a folder is created.
- Windows checks the list of user profiles located in
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList
to get the path to the users cached profile if it exists. - The contents of the local cached profile are compared with the copy of the profile on the server, and the two profiles are merged. (See the new merge algorithm later in this paper for more details).
- The users registry hive (NTUSER.DAT) is mapped to the HKEY_CURRENT_USER portion of the registry.
- The users %userprofile% environment variable is updated with the value of the local profile folder
- The user can then run applications and edit documents as normal.
When the user logs off, the local profile is copied to the path configured by the administrator. If a profile already exists on the server, the local profile is merged with the server copy.
Configuration Preferences Stored in the Registry Hive
The user profile registry hive is the NTuser.dat in file form, and is mapped to the HKEY_CURRENT_USER portion of the registry when the user logs on. The NTuser.dat hive maintains the users environment preferences when the user is logged on.
The NTuser.dat file contains the following configuration settings:
- Windows Explorer settings. All user-definable settings for Windows Explorer, as well as persistent network connections.
- Taskbar settings.
- Printer settings. All network printer connections.
- Control Panel. All user-defined settings made in the Control Panel.
- Accessories. All user-specific application settings affecting the Windows environment, including: Calculator, Clock, Notepad, Paint, and HyperTerminal, among others.
- Application Settings. Many applications store some per user settings in the users registry hive (HKEY_CURRENT_USER). An example of these types of settings would be Microsoft Word 2000s toolbar settings.
