Kevin Remde's IT Pro Weblog
IT Pro Resources
TechNet EventsMicrosoft Security Response CenterTechNet IT Manager Community HubMicrosoft Virtual AcademyKevin’s Evaluation Download Center
IT Pro Evangelist Blogs
Blain Barton Blain Barton's Blog@BlainBar
Brian LewisMy Thoughts on IT...@BrianLewis_
Dan Stolts IT Pro Guru Blog@ITProGuru
Jennelle Crothers TechBunny@jkc137
Keith MayerIT Pros ROCK!@KeithMayer
Kevin Remde Full of I.T.@KevinRemde
Matt Hester Matthew Hester's WebLog@MatthewHester
Tommy PattersonVirtually Cloud 9@Tommy_Patterson
Yung Chou Yung Chou on Hybrid Cloud@YungChou
Well… I was quite pumped up after our series part 3 webcast today… so much so that I dove right in to the Q&A log and created this list for you!
Thanks again to my teammates for doing such a great job helping to answer questions! I give them the credit for the information in this document. Outstanding!
Also I want to make sure also have the link to the Session Resources I posted for Part 3.
Series Part 3 Webcast Q&A
”Where do I find the homework again?”
The homework for Part 3 is available HERE.
“Do you know if the new edition of the MS Press book 70-270 exam prep is available yet? I believe the scheduled release date is Feb-2005.”
I have it published 02/09/2005 - http://www.microsoft.com/MSPress/books/7870.asp
“Where can I check out the rest of this Windows Server 2003 series?”
“Is this series going to be on the technet Plus cd's”
Not that I am aware of, however What a great Idea, we will submit it!
“what is the timeline for windows 2005? or will the upgrade be called something else?”
We are about to release SP1 for Server 2003 - There will be an in-between release of Server 2003 and Longhorn Code Named R2 - Check out a chat on R2 - http://www.microsoft.com/technet/community/chats/trans/windowsnet/ec_050203.mspx
“Could you repeat the address and directions for getting the materials for this series again at some point in the presentation?”
Go back to the event page for this event 72 hours after the event and follow the directions there: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032267238&Culture=en-US
“Do you have same type of webcast on VB, C# and C++ .net? If so where can I find”
Those would be presented by our counterparts on MSDN - Here is a link to some MSDN webcasts, I am not aware of a specific series going on right now - http://msdn.microsoft.com/events/webcasts/
“Are you going to show the difference with user profiles on a 2003 Terminal Server?”
I don't believe he's doing Terminal Service profiles today
“Can users using roaming profiles on winXP and win2000 machines in the same domain?”
“Just curious.. What does the H in HKEY stand for?”
H stands for Hive.
“Are there any virus or other threats that target NTuser.dat?”
Yes there have been virus's that have attacked this file
“At times my users get the error .tmp.tmp.tmp.tmp right after they had logged into a win2k machine.”
I don't see a specific .tmp.tmp.tmp error. However I did find a few .tmp errors with Profiles - http://support.microsoft.com/default.aspx?scid=kb;en-us;328607
Also look at this search – http://search.microsoft.com/search/results.aspx?st=b&na=88&View=en-us&qu=.tmp.tmp.tmp+Error
“Where is system tray information stored? I've noticed that for users with redirected MyDocuments their Quick Launch contents can change.”
System tray info can come from the taskbar and start menu settings or from an individual app which desires to be displayed in the System tray. The following article provides some interesting info about system tray settings. http://support.microsoft.com/default.aspx?scid=kb;en-us;310429
“I lose the desktop bitmap in roaming profiles. What am I doing wrong? ”
You need to ensure to include the graphic that can be accessed irregardless of which machine you login from. As an example, this can be a home share located on a server.
“[pet peeve] no such word irregardless, the words are regardless and irrespective, irregardless is a double-negative[/pet peeve]”
Ooops. <*whack*> Sorry…
“Are roaming profiles officially supported by Microsoft? Are there any compatibility issues changing back and forth between different flavors of desktops (XP, W2K)?”
Yes they are, and this article highlights some of the differences in profiles: http://support.microsoft.com/default.aspx?scid=kb;en-us;269378
“How does an installation decide what user to put the application information under? I have noticed that it can install under all users, default users or my user name but don't what drives where it puts the information.”
It will depend on how the installation program is written. Hopefully it will adhere to guidelines set out by Microsoft as part of the Logo Certification requirements, but it’s really up to them.
“Is there a "viewer" to see the contents of an NTUSER.DAT file?”
There is a viewer of sorts, regedit, I have not tried this recent versions of windows, something to test. Check out this older article for assistance. http://support.microsoft.com/default.aspx?scid=kb;en-us;146050
“Please answer more fully --> How does an installation decide what user to put the application information under? I have noticed that it can install under all users, default users or my user name but don't what drives where it puts the information.”
Different software vendors can write their installation programs as they want. I have seen installation programs that ask who to put it under, that ask if only logged in user or all users, some that don't ask. It is going to depend on the installation that has been written by the software vendor. What drives it is how it is written and what calls it makes to the system as it installs.
“Can you view/hide hidden folders based on their user access or specific policy?”
Not really, but you can create DFS trees, which is a folder hierarchy of shared resources that displays as a single tree regardless of the server those resources are housed on. So your users browse that tree rather than the network. I can place only those shared resources I want the users to access in the tree and that is all they see. See http://www.microsoft.com/WindowsServer2003/technologies/fileandprint/file/dfs/default.mspx
“We recently used the Microsoft User Migration Tool (USMT) to migrate profiles to a new machine. Will USMT work when moving profiles from Win2000Pro to XP?”
Microsoft® Windows® User State Migration Tool (USMT) version 2.6 migrates user files and settings during deployments of Windows 2000 or Microsoft Windows XP. USMT 2.6 provides enterprise migration capabilities such as unattended migration, multi-user profile support and compression. USMT 2.6 is intended for administrators who are performing automated deployments. http://www.microsoft.com/downloads/details.aspx?FamilyId=4AF2D2C9-F16C-4C52-A203-8DAF944DD555&displaylang=en
“Is the [profile] copy procedure similar on XP home edition?”
“It is worth to mention to delete temp /inet temp folder item before copying a profile. Big time saver.”
“Can I copy a profile from XP to NT, and vice-versa?”
Check out USMT - http://www.microsoft.com/downloads/details.aspx?FamilyId=4AF2D2C9-F16C-4C52-A203-8DAF944DD555&displaylang=en
“I am taking users from one domain to another. Can I copy a profile just like that which was just shown from one domain to another?”
Yes, see http://support.microsoft.com/default.aspx?scid=kb;en-us;242067
“How often should we do clean up of old local profiles?”
There are no real guidelines as to how often you should clean these up. If there have been quite a few users who logged into a given machine and stored large amounts of data in their profile, I would definitely clean it up to clear up space.
“In Windows Server 2003, read only attributes keep turning on. When a domain user is logged in and try to access a specific file, it says it is read only and cannot be changed. The group is listed with R/W/C rights. When I right click the file and uncheck the read only box, then hit ok, if I go back to view the file props again, it's back to read-only again. What gives?”
Has the Creator/Owner of those files set the File attribute to read only?
“What is the definition of a ‘slow’ link?”
By default less than 128 kbps.
“Do you have to log into the new machine once with the user name prior to copying a profile?”
If copying a user profile on the local machine, yes. If you are using roaming profiles, then no since the roaming profile would be copied to a server location.
“Can you transfer profiles from a Win2000 to a WinXP PC without problems?”
This should work without any issue I have not seen any issues on that transfer. Something to test to verify for your environment.
“What happens to the profile if both pc's don't have the same programs installed?”
Nothing happens to the profile. The programs that are not installed on the other machine will not function.
“Can using a roaming profile from computers running Win2003 and others running WinXP cause problems?”
As a standard computer answer: It depends. J Please see the following best practices note the caution halfway down the page - http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/deployguide/en-us/dmebc_dsm_jxfc.asp
“Is it possible to have on the same Domain users who use local profiles and user use roaming profiles?”
Absolutely. Roaming profiles are configured as an attribute of the user object in Active Directory, if no roaming profile is configured the user uses local profiles only.
“So if I set up a new computer to replace an older one. I need to have the user log into the new one once and then back off prior to copying their profile from the old to the new?”
Yes. This will set up the registry on the new computer so that the system knows that there is a profile for that user. You then copy the user’s profile right over the top of the newly created default one.
“How does Windows know, that there is a "slow" link existing? Does it have anything to do with sites in the domain environment?”
Good Question. It does have something to do with sites. Windows uses a connection algorithm to determine whether a link is ‘slow’.
“Is Kevin going to talk about offline folders with respect to roaming profiles?”
I did mention it briefly towards the end, really as a good solution for large quantities of data having to be written or synchronized during logon and logoff. And also as a solution for giving some flexibility to those users who may be using mandatory profiles.
“Will using roaming profiles on a Terminal Server cause unusual problems not normally seen with using it on a standard OS?”
Users that connect to the Terminal Server can use their Roaming Profile but there are issues around Terminal server Disk Space and other considerations. See http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/Windows/2000/server/reskit/en-us/deploy/dgbm_win_urzk.asp
“We are having a problem where on Windows 2000 and XP when a person logs off then logs back on, they are missing things on their desktop or things they have previously deleted are back?”
Sounds like you may have Mandatory profiles setup so that any changes are discarded - kind of a read-only profile. Or perhaps you are using roaming profiles and are those users running multiple machines at a time.
“I modified the GPO to disable the screen saver password protection on my W2K3 servers but some of the servers haven't made the change. Is there something else that I need to do?”
Verify the computer accounts are in the proper scope of management of the GPO and are members of the domain.
“Is there a setting you enable to determine whether the profile is roaming or not?”
In an AD environment, if you specify a path in the user properties for a roaming profile, then they have a roaming profile. If you go to System Properties, Advanced, User Profile Settings, you can see whether you are using a Local or Roaming Profile.
Recommendations for Roaming Profiles:
“What NTFS permissions do users need to access their Roaming Profile folder?”
Check out the following - http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/deployguide/en-us/dmebc_dsm_ummq.asp
“What happens when a user with a roaming profile logs onto two different machines at the same time?”
The profile is copied to each of the machines. A better question though would be, “What happens to the profile when the user logs off these two machines?” It all depends on which profile is saved off last. You may be overwriting changes from one machine that you made on the other machine.
“Can I explicitly deny the right to log on with local profiles, and to the local computer, in a domain environment with GPOs?”
You can set the GPO for deny log-on-locally user right at the domain level this will restrict a users ability to log on to a computer completely.
“If a user has logged on to several desktops BEFORE roaming profiles are enabled, how are the profiles handled once the user's AD entry is updated to specify roaming profiles? Are the various profiles merged as the user logs on / off to each desktop or does one desktop take precedence?”
Assuming he is not logged in at the time the AD entry was modified, the next time he logs into one of the desktops the entry will be "seen" and upon logoff, that particular profile will become his roaming profile. If the administrator had also created a roaming profile for this user, then they would receive that profile upon login, and in that case the roaming profile would overwrite the local copies.
“What happens to desktop pictures that are stored locally when copying to create a roaming profile?”
If they are only available to one particular computer (because it is only stored on the local hard drive and not part of the profile or on a shared home directory or network share of some kind), they will not be accessible from another computer as they do not automatically get incorporated into the roaming profile.
“I have some roaming profiles in my company that will not save newly added printers. Is there a reason for this?”
Not that I am aware of - You might check permissions - http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/deployguide/en-us/dmebc_dsm_ummq.asp - It also might be a mandatory profile
“If windows crashes will the profile default back to the last known? If it crashes during write back to the server will the profile corrupt?”
It should default back to the last successfully updated profile. As far as corruption it would depend on when it crashed. If it is an incomplete copy then it should revert back.
“What causes access is denied on a roaming profile share on 2003 server even when the permission settings are set correctly”
First I would make sure that your Share permissions and NTFS permissions are consistent. I would also check this article: http://www.microsoft.com/downloads/details.aspx?FamilyID=1b286e6d-8912-4e18-b570-42470e2f3582&displaylang=en
“Removing administrator permission from profiles does not do anything, an administrator can simply take ownership of the directory and get rights back.”
You are right he could. If we really wanted to we could take away the administrators right to take ownership and thus guarantee the security of the profiles.
“What is the difference between the User Profile Tab and the Terminal Service Profile Tab? When should you use one or/and the another?”
The User Profile tab specifies the user environment delivered to the client regardless of what client workstation they log onto. These profiles include everything on the desktop, installed application data, Internet Explorer setting favorites etc...This can be a large amount of data. Because you may have many users logging into a Terminal server and disk space may be a priority on that server, you can specify a single generic profile that all Terminal server users utilize or a restricted profile to minimize profile size and increase security, thus reducing the overhead on the Terminal Server.
See http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/ts_usr_c_tsprofile.asp and related links for Win 2003 and http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/Windows/2000/server/reskit/en-us/deploy/dgbm_win_urzk.asp for Windows 2000
“If Folder Redirection stops working, is it best to delete roaming profile and local profile to reestablish?”
If I redirected with GP I would first use my GPMC and use the Results wizard to see what is going on. Check out a good Q&A on Profiles and Folder Redirection - http://www.microsoft.com/windowsserver2003/community/centers/management/manage_faq.mspx
“Is there a reference material that covers this subject as simple and as directly as the presenter?”
<*blush*> You might try Mark Minasi's “Mastering Windows Server 2003”
“Did he logon as a local or domain admin....I missed it”
When I was doing administrative tasks, I was logged in as the domain Administrator account.
“Can a user add a local printer to their profile without having administrative rights?”
In a sense, you have to make them a power user and add the "load and unload devices" user right. Check out this KB for assistance: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q326473
“What’s a great resource for Profiles Q&A?”
“How much longer will the webcast be? It was set for one hour.”
Yeah.. I apologize. I ran about 10 minutes over. If I ever have to deliver this one again, I might skip a portion of the part where I go through the various folders that are found inside the profile. Most of that is very basic, self-explanatory, or relatively unimportant.
I hate running long. I sincerely want to be respectful of your time, and really appreciate the time you take out of your day to attend the webcast.
“This was a useful webcast. You guys do an excellent work! Thanks. See you next time.”
Cool! And if you’ve enjoyed attending it only half as much as I’ve enjoyed delivering it, then I’ve enjoyed it twice as much as you!
“I have several profiles that are from “Unknown” users. Why are they there? Should I delete them? What should I do?”
Use the following articles to determine which issue is causing the problem. http://support.microsoft.com/default.aspx?scid=kb;en-us;156608http://support.microsoft.com/default.aspx?scid=kb;en-us;271924
“I have roaming profiles and users occasionally get roaming profiles errors when the try to log in. If I delete their profile from the server it fixes the problem and they can then log in and miraculously their roaming profile is restored...what is happening here?”
This sounds like a corruption is occurring to the roaming profile stored on the server. When you delete it and the user logs back in, the cached copy of their roaming profile will get uploaded to the server since the server copy is no longer present. If this continues, you may need to contact Product Support Services (PSS) at (800) 936-4900 to better troubleshoot this problem.
“How do you create a default profile in the NETLOGON share?”
(Answer to this one given during the webcast really didn’t address the question, so I’ve replaced it…)
A simple way to do this would be to create and then login as a dummy user account (like I did in the Mandatory Profile demo) for the sake of setting up the defaults. Then log off, and log back in as an administrator. Then, just copy that profile (System Properties à Advanced à Profiles…) to any domain controller’s NETLOGON share as a folder named “Default User”. That will cause this profile to be used as the starting place for any new local profile on any domain connected workstation or server.
“What would you consider a slow link---dialup only?”
This article talks to that issue.http://support.microsoft.com/kb/227260
“Should I let the system create Home Dir via %username%?”
There's nothing wrong with doing it this way. If you want more control over the process, then you can create the directory first and then specify it in the Home Directory path afterwards, but letting the system create it is easier to do.
“Where can I sign up for the rest of the series?”
“If you are using folder redirection directing my docs to one server & you want to change path to another server, how do you move all the existing docs?”
I am not finding an easy tool quickly - There are some Folder and GP tools - One way would be to turn off redirection and have it move it back to local machine - then turn it back on to new location.
“Is there a place to view the recording of this session?”
It will be posted in about 48 hours access it by going into www.microsoft.com/webcasts and select on-demand. Or by going back to the webcast series homepage and clicking on that part that you want to review. Registering for a webcast in this manner that was already recorded allows you to view the recording.
“We have profiles in Windows 2000 and XP that will lose files off the desktop after logging off and logging back on, we are not using mandatory profiles.”
Check access rights to the profiles folders, and files.
“What is necessary to create a roaming profile that includes Outlook 2003 with only a POP3 account? I realize it is necessary to point the data file to a central location. What else will be required to ensure Send/Receive functions when using the profile from multiple machines.”
To the best of my knowledge, that is it. Also keep in mind that the PST file is a single access file so the user cannot be logged into multiple machines running Outlook on each, but only running Outlook on one of them at a time.
“Will you be posting the link for the contest details so that we may see if we won?”
You'll be notified by email if you are a winner. I'm not sure if they will post the winners anywhere public.
“I'm having an issue with the evaluation.”
Yeah – many people were finding that the evaluation server was timing out. It was just too busy.
Try pasting this link if you still want to evaluate the webcast: https://msevents.microsoft.com/CUI/WelcomePage.aspx?EventID=1032267238&Culture=en-US
“If there is no space on the profileserver to save a roaming profile and you have the setting delete local profile, will it still delete the local profile or what?”
Good question- I don't know what would happen at that point. I wasn’t able to find anything online about what the result would be. I would hope that the local profile would be saved, but I’m betting that you would end up with corrupted data in the roaming profile on the server, and you would lose your locally cached profile.
“Can you copy NT4.0 profiles to a 2003 server for use as roaming profiles on 2000, XP and other NT4.0 machines?”
Most of what was covered today also applies to NT4. I would not recommend using a roaming profile on an NT4 and Windows XP Pro machine at the same time though.
And just for fun… here are the pictures I used in today’s webcast…