Configuring User State Management Features1

Configuring User State Management Features1

Chapter 7

Implementing UserState Management

By implementing the user data management and user settings management features that IntelliMirror® management technologies offer, you can centrally manage and control desktops, settings, and user data for large or small groups throughout your organization. Users can also move from one workstation to another and still have access to their own data, settings, and familiar desktop.

In This Chapter

Implementing UserState Management Overview

Planning for UserState Management

Designing Configurations for Managed Desktops

Preparing for Deployment

Configuring UserState Management Features

Additional Resources

Related Information

• For more information about managing and reconfiguring desktops, managing user data and settings, and the infrastructure and mechanics of Group Policy, see theDistributed Services Guide of the Microsoft® Windows®Server2003 Resource Kit(or see the Distributed Services Guide on the Web at
• For more information about implementing Group Policy, see “Designing a Group Policy Infrastructure” in this book.

Implementing UserState Management Overview

To ensure that users’ data, applications, and settings remain constant throughout the users’ environments, you can use IntelliMirror technologies on the server and the clients. Active Directory® directory service and Group Policy provide the foundation for IntelliMirror. Using Group Policy to define managed desktop configurations enables IntelliMirror to deploy, recover, restore, and replace users’ data, software, and personal settings.

By deploying IntelliMirror technologies to manage users’ data and settings, you provide the following advantages:

• Users’ data is protected, up to date, and highly accessible. Users can access their data from any computer on the network. To enable these capabilities, you can redirect specific user data folders, such as the My Documentsfolder, to a network location, and then make this location available to users for offline use.
• Users’ preferences and settings for the desktop and applications are available wherever the users log on. By creating a preconfigured, customized desktop, based on the users’ jobs, you can provide a consistent desktop environment and system settings, and you can reduce support calls and minimize the time and cost that is associated with replacing computers.
• You can also centrally manage software installations, updates, repairs, upgrades, and software removal by performing a Group Policy–based software installation.

You start your deployment plan by defining your objectives for managing user data and settings, and then you assess the needs and resources of your organization. You can then determine which IntelliMirror technologies meet the needs of your users and your organization. After you design the managed desktop configurations for the various types of users and computers in your organization based on their requirements, you must test your designs in a controlled environment and instruct your users about the technologies that you are deploying.

UserState Management Implementation Process

The process of implementing user state management typically entails four phases. Begin by developing a plan for managing user data and settings. Before beginning your design, you must fully understand your organization in terms of the users’ requirements, computer roles, the current network environment, your organization’s security requirements, and corporate policies. Then design your managed desktop configurations based on the requirements of the various types of users and computers in your organization. The next phase consists of thoroughly testing the configurations before you deploy them and preparing your users by informing them about the technologies you will use to configure and manage their data and settings.

Figure7.1 illustrates how to structure your approach to implementing user state management.

Figure7.1Process for Implementing UserState Management

Technology Background

Many users must work with network-based files, even when their computers are not connected to the network. IntelliMirror technologies, such as Folder Redirection and Offline Files, make data and settings available to users even when the network is not. This increased availability is a result of storing user data and settings on network servers, while maintaining local copies of selected files and folders.

The IntelliMirror management technologies that are included in Microsoft® Windows®2000, Microsoft® Windows®XP, and Microsoft® Windows® Server2003, Standard Edition; Windows® Server2003, Enterprise Edition; and Windows® Server2003, Datacenter Edition, operating systems provide directory-based change and configuration management capabilities. By using IntelliMirror technologies on the server and the client, a user’s data, applications, and settings remain consistent throughout the user’s environment. When you use WindowsXP and Windows2000 clients, and Windows2000 Server, and Windows Server2003 networks with Active Directory, you can take full advantage of IntelliMirror and Group Policy management features. Active Directory and Group Policy provide the foundation for IntelliMirror. Based on the Group Policy settings you specify, IntelliMirror can deploy, recover, restore, and replace a user’s data, software, and personal settings.

For more information about Group Policy, see the Distributed Services Guide of the Windows Server2003 Resource Kit(or see the Distributed Services Guide on the Web at For more information about Active Directory, see the Directory Services Guide of the Windows Server2003 Resource Kit (or see the Directory Services Guide on the Web at

Table7.1 describes the advantages of using the core technologies in IntelliMirror that support user state management.

Table7.1IntelliMirror Features and Technologies for UserState Management

IntelliMirror Feature / Advantages / Technologies
User data management / Data is protected and highly available. Users can access their data from any computer on the network. / Active Directory
Group Policy
Offline Files
Folder Redirection
Synchronization Manager
Disk Quotas
Enhancements to the Windows shell
User settings management / Users get their preferred desktop configuration from any computer on the network. User preferences and settings for the desktop and applications are available wherever the user logs on. / Active Directory
Group Policy
Offline Files
Roaming User Profiles
Enhancements to the Windows shell
Computer settings management / Administrators can use Group Policy to define the appearance and behavior of the desktop. For example, you can set options for the programs that appear on the desktop and options for the Start menu. / Active Directory Users and Computers snap-in
Group Policy
Software installation and maintenance / Administrators can centrally manage software installations, updates, repairs, and removal. / Active Directory
Group Policy
Software Installation (an extension of Group Policy Object Editor)
Windows Installer

Active Directory

Windows–based directory service, Active Directory, stores information about objects on a network and makes this information available to administrators and users. By using Active Directory, you can view and manage network objects on the network from a single location, and users can access permitted network resources by using a single logon. Active Directory Users and Computers Microsoft Management Console (MMC) snap-in is the recommended tool for managing Active Directory objects, including organizational units (OUs), users, contacts, groups, computers, printers, and shared-file objects.

To manage sites and services, use the Active Directory Sites and ServicesMMC snap-in. To administer domains and trusts, use the Active Directory Domains and Trusts snap-in.

Group Policy

The infrastructure within Active Directory that enables directory-based configuration management of user and computer settings on computers running Windows® Server2003, the Windows®2000 family, and the Microsoft® WindowsXP Professional operating systems. By using Group Policy, you can define configurations for groups of users and computers, including policy settings for Windows Server2003 registry-based policies, software installation, scripts, folder redirection, Remote Installation Services, Microsoft® Internet Explorer maintenance, and security.

The Group Policy settings that you create are contained in a Group Policy object (GPO). To create a GPO, use the Group Policy Management Console MMC snap-in (GPMC). To edit policy settings in GPOs, use the Group Policy Object Editor, which can be started from the GPMC. By using GPMC to link a GPO to selected Active Directory system containers — sites, domains, and OUs — you apply the policy settings in the GPO to the users and computers in those Active Directory containers.

For more information about Group Policy and GPMC, see “Designing a Group Policy Infrastructure” in this book. To download GPMC from the Microsoft Download Center; see the Group Policy Management Console link on the Web Resources page at

User Data and User Settings

Before you deploy IntelliMirror technologies, it is useful to understand the distinctions between user data and user settings. User data describes the files that a user creates and uses; user data belongs to the user. Examples of user data include word processing documents, spreadsheets, or graphics files. Examples of user-accessed data that is not considered to be user data include database records that exist in a corporate database and documents that are shared by many users but that are not exclusively owned by any single user.

In a managed environment, user data is stored in files in the My Documents folder. Administrators can use Folder Redirection to redirect the paths of the following special folders to a network location to back up and protect the data: My Documents, My Pictures, Application Data, Desktop, and Start Menu.

User settings are the configuration choices — stored by the operating system or applications — that the user applies to a desktop or to applications. Typically, settings include variables such as the customized toolbar settings in an application, icon arrangement and color scheme of the desktop, mouse pointers, and language options. User settings are stored in the registry, the Application Data folder, on the Desktop, and on the Start Menu in the user’s user profile.

User Profiles

A user profile includes a user’s unique settings, such as printer connections, desktop icons, mouse settings, folder settings, and the special folders that can be redirected. (Table7.2 lists the contents of each user profile folder.) A user profile is automatically created the first time that a user logs on.

A user profile consists of a registry hive and a set of profile folders.

Registry hive

NTuser.dat in file form. It is loaded by the system at logon and mapped to the registry subtree HKEY_CURRENT_USER. NTuser.dat stores the user’s registry-based preferences and configuration.

Set of profile folders

Stored in the file system. User profile files are stored in the file system in %SYSTEMDRIVE%\Documents and Settings(for example, C:\Documents and Settings), in per-user folders. The user profile folder is a container for applications and other system components to populate with subfolders and per-user data, such as documents and configuration files. Windows Explorer uses the user profile folders extensively for the user’s desktop, the Start menu, and the My Documents folder.

Table7.2Contents of the User Profile Folder

User profile folder / Contents
Application Data* / Program-specific data (for example, a custom dictionary). Program vendors decide what data to store in this user profile folder.
Cookies / User information and preferences.
Desktop / Desktop items, including files, shortcuts, and folders.
Favorites / Shortcuts to favorite locations on the Internet.
Local Settings* / Application data, history, and temporary files. The Local Settings folder and its subfolders do not roam with the roaming user profiles.
My Documents / User documents and subfolders.
My Recent Documents / Shortcuts to the most recently used documents and most accessed folders.
NetHood* / Shortcuts to My Network Places items.
PrintHood* / Shortcuts to printer folder items.
SendTo / Shortcuts to document-handling utilities.
Start Menu / Shortcuts to program items.
Templates* / User template items.

* These folders are hidden by default.

The three types of user profiles are local, roaming, and mandatory.

Local user profile

The default profile type that resides only on the computer at which the user is logged on. A local profile is created whenever a user first logs on to a computer. Local profiles are highly recommended for users who never connect over fast links (such as remote users) or those who need their user settings to roam to whichever computer they use to log on.

Roaming User Profile

Ideal for users who use different computers on the network and who need to have their customized settings and data available to them at each computer they use. A roaming user profile is copied to a specified server at logoff. When the user logs on to another computer in the network, the roaming user profile is copied from the server to that computer. When the user logs off the second computer, the profile is copied back to the server, thus maintaining the most recent version of the profile on the server.

A mandatory user profile

A profile that you create to provide specific settings for users. Any changes that users make to their desktop while they are logged on are lost when they log off. With Windows Server2003, the recommended tool for establishing strict control over workstations is Group Policy, not mandatory profiles, because mandatory profiles are less manageable and more likely to create administrative problems.

Folder Redirection

Use Folder Redirection to relocate specific user folders to centrally managed shared folders on the network. You can redirect My Documents, My Pictures, Application Data, Desktop, and StartMenu. Users can then work with the files in those folders from any computer on the network, and the folders receive the benefits of centralized security and backup.

My Documents

The standard folder in which user data is stored. By redirecting My Documents to a shared network server, the user can access all the documents from any computer. Also, important user data can be more easily backed up as part of routine system administration, requiring no action on the part of the user.

My Pictures

The default location for pictures and images in Windows2000. Typically, My Pictures is contained in the My Documents folder. By default, if My Documents is redirected, My Pictures is also redirected. Alternatively, My Pictures can be redirected independently of My Documents. However, it is recommended that you allow My Pictures to remain within My Documents, unless you need to separate these folders for a specific reason such as server scalability, for example.

Application Data

A folder in the user’s profile where applications often place large amounts of data (such as a custom dictionary). By redirecting the Application Data folder, users with roaming profiles can still access files in their Application Data folder without downloading those files every time they log on.

Desktop

A folder that includes files and shortcuts.

Start Menu

Windows Server2003 allows Folder Redirection to redirect the Start Menu folder.

Offline Files

Offline Files is a feature that complements Folder Redirection and lets users disconnect from the network and work as if they were still connected. When the computer is offline, the files and folders appear in the same directory as they did online — as if they still resided in the same location on the network. This allows the user to edit files when they are disconnected from the network. The next time the user connects to the network, the offline changes are synchronized with the shared folder on the network.

Offline Files is a stand-alone technology. You do not need to pair it with Folder Redirection. However, using the technologies together works well. To ensure that users can access their files even when the network is unavailable, it is recommended that you use Offline Files along with Folder Redirection, especially if you are redirecting the ApplicationData folder.

Synchronization Manager

File synchronization ensures that local copies of offline files match their network counterparts. When using Offline Files, users can synchronize all network resources by using the Synchronization Manager. You can set the Synchronization Manager to automatically synchronize some or all resources. For example, users can set certain files and folders to be synchronized every time they log on or off the network. The Synchronization Manager quickly scans the system for any changes, and if it detects changes, the resources are updated. Only resources that have changed are updated.