Appendix 15 – User Home Directories on Windows Servers & Domains

 

In Windows servers the folder that contains all of a user’s settings, plus his folders for My Documents, My Pictures, etc. is called a user “Profile”. The top level folder that contains the Windows folder is called the “Home” directory.

 

A basic Windows 2003 profile set-up in Active Directory would look like that below, where only the login script is specified. The login script is used, for example, to map shared folders to drive letters, and must be stored in the folder….

 

 C:\WINDOWS\SYSVOL\sysvol\domain name e.g. workgroup.local\scripts

 

Description: User Profile

 

You might want to set up a “Home” folder for each user, perhaps in a mapped drive such as U, shown below. The point of this is to protect the main system’s Windows folder from corruption and viruses….

 

 

Every user could have his own Drive U, so the mapping in each instance would be to a different location on the server’s drive. In the example above the folder is stored on a server called “Server” in a folder called “Users Shared Folders” which is shared as “Users”, then finally in the user’s own sub-folder called “Peter Johnson”….

 

 

Each of these Home Directories will have a “Windows” sub-folder, to allow fonts, etc, for each user to be saved separately (thereby protecting the main copy of Windows).

 

The key issue from Durell’s point of view is to create “Fonts” and “Crystal” folders in each user’s Home Windows folder, as shown below. Whereas the “Fonts” folder can be created empty, the “Crystal” one should include the contents of the “Crystal” one in the main system’s Windows folder, as these files are required to run Crystal Reports. An easy way to do this is to include the folder creation and file copying in the user’s Logon Script.

 

 

 

Terminal Server in a Multi-Server Domain

 

You might have two or more servers in a domain (for example, a domain called Workgroup.local) with the Domain Controller running Active Directory. You might then have two Domain Member servers, one running Terminal Services and the other acting as the File Server (e.g. holding the data and protected by a second hardware firewall). In this case you set-up the users for the Terminal Server and File Server only in Active Directory on the Domain Controller. You should also create a security group for them there, for example called “Remote Desktop Domain” and ensure they are all members of that group. Next login to the Terminal server as its Administrator, right-click “Computer”, select “Properties” then “Remote Settings” then click “Select Users” and add the security group preceded by the domain name, e.g. “Workgroup\Remote Desktop Domain”, as shown below…

 

 

On the Domain Controller, leave each user’s “Profile” tab blank unless you want to edit the way he logs onto the Domain Controller itself, which is unlikely. Instead you might want to edit the “Terminal Services Profile” tab, to control how he logs onto the Terminal Server, as shown below…

 

 

If you leave the “Profile Path” blank then each user’s profile will be created on the Terminal Server’s drive C in the usual location (i.e. for Windows 2000-2003 in “Documents and Settings” and in “Users” for Windows 2008 onwards). If you’d like to give the user a Home director to protect the Terminal Server’s own Windows folder, then enter it via the “Connect” option, specifying the network path from the Domain Controller to the location of the Home folders on the Terminal Server.

 

Remember that when a Remote Desktop user logs into the Terminal Server, or maps to a File Server, he must precede his user name with the domain name, for example “Workgroup\Rob”, as shown below….