DVS4SBC and Profile Management

If you would like to have SVS working in your terminal server and/or Citrix environment, but you don't know how to set up the profile management, this document's for you, pal.

Let's make this easy and get you in control of your environment again.

Mandatory Profile

The Mandatory profile is a common way to handle profiles in a SBC environment. It is not used in a standard client server environment. The biggest disadvantage is that they are designed to be used in an on-line environment, and that keeps them from working on most portable computers.

The mandatory profile is a way to give every user the same profile (with the same settings) while they're logged in. User settings are not stored during logoff. Every time you logon, you get a clean profile.

Building a Mandatory Profile

To build a clean mandatory profile follow the steps below:

1. Install Windows XP with no additional software. Give the machine the name template1 and make it a member of your domain. The name template1 is a easy way to find polution in your mandatory profile.
2. Start Programs\administrative tools: Active Directory Users and Computers on a Windows 2003 server.
3. Create a new user account.
4. Click on the organizational unit were you have your users. Click with the right mouse button and select new User.
5. Give the account a name that cann be easily found in the registry. Clik next.
6. Give the account an easy password. De-select "User Must change password at next logon".
7. Select User cannot change password.
8. Select Password never Expires.
9. Clik Next.
10. Clik Finish

The account is now ready.

Start the Windows XP client, and login with the created account. Go to c:\documents and settings\username, and make sure you see all files and folders in the explorer tools. Make a copy of ntuser.dat, and move it to the desktop. Rename the extension from dat to man.

Copy Ntuser.man to a network drive.

Your new mandatory profile is now ready. There are settings in the profile that you do not want. For instance, the username and computername you used are store there. Follow the steps below to clean them out.

Cleaning Your Mandatory Profile

1. Start regedit on your server.
2. Select HKEY_LOCAL_MACHINE.
3. Go to File, and select load Hive.
4. Select the file NTUSER.MAN. Now a popup is asking for a name. I called it manprof but any name will do.
5. Double-click on HKEY_LOCAL_MACHINE and a HKEY will appear with the name you assigned.
6. Then go to Edit and select Find, or press CTRL F.
7. First find all keys with the accountname you used, and remove them.
8. Then do the same for all keys with the machinename.
9. Then go to File and select Unload Hive.
10. If the popups is asking for a name, name it NTUSER.MAN.

Configuring useraccounts to use the Mandatory Profile

Your mandatory profile is now finished. Here's how to use it.

Place the file NTuser.man on a location were all users can access it.

In this article it is on the domaincontroller in a directory named Man_Profile, and it is shared under the same name. The group "everyone" should have read and execute rights on the drive and the share.

To let users start it as their profile go to the user account, and assign the share as the terminal server profile.

When a user now logs on, the profile will be loaded. Remember that no usersettings will be stored anymore. That is not a situation you wish to have.

Saving User Settings at Logoff

With a mandatory profile you cannot save settings. Now the best part of profile management comes up. Let's get the flexprofile kit located in the Office 2003 resource kit. You can also download this on the Microsoft site.

Create a directory on your domaincontroller named DVSPROF. Use the same name to share it. Grant all administrators full access.

dvs4sbc.ini

Copy proflwiz.exe to this directory. Download DVS4SBC.doc, and rename it dvs4sbc.ini, and save it in the same directory where you have saved proflwiz.exe.

ALWAYS USE THE TEMPLATE.INI TO CONFIGURE THE PROFILE KIT.
REMOVE UNUSED SECTIONS!

Edit this file to change which files and registry keys are included into the OPS file.

Syntax is documented in each section.

All include and exclude strings are case insensitive, except the entries in the [IncludeFolderTrees] section.

Comments are denoted with # at the beginning of the line.

************************** File/Folder Sections ***************************
[IncludeFolderTrees]
List folder trees to be included into the OPS file.
Syntax is one folder per line; no trailing backslash.
Includes all subfolders in specified tree.
Wildcards are not supported.
These entries are CASE SENSITIVE and must begin with one of
the following Folder tokens:
<AppData>, <Desktop>, <Favorites>, <NetHood>, <Personal>,
<PrintHood>, <ProgramsMenu>, <RecentFiles>, <SendTo>,
<StartMenu>, <StartupMenu>, <UserProfile>.
[IncludeIndividualFolders]
List individual folders to be included into the OPS file.
Syntax same as [IncludeFolderTrees] but does not include subfolders.
Wildcards are not supported.
[IncludeIndividualFiles]
List individual files to be included into the OPS file.
Syntax is one path\filename per line.
Entries must begin with one of the Folder tokens listed under
[IncludeFolderTrees].
Wildcards are not supported.
Example for including Normal.dot:
<AppData>\Microsoft\<SubFolder_Templates>\Normal.dot
[ExcludeFiles]
List files to not include into the OPS file.
Syntax is one filename or path\filename per line.
Folder-token (e.g. <AppData>) is optional.
Path relative to folder-token is optional.
Wildcards are supported in the filename.
Wildcards are not supported in the path.
Examples for excluding Normal.dot:
Normal.dot
Normal.*
Norm??.dot
<AppData>\Microsoft\<SubFolder_Templates>\Normal.dot
***************************** Registry Sections ***************************
[IncludeRegistryTrees]
List registry trees to include.
All values and subkeys within the specified tree are included.
Syntax is one key per line.
Wildcards are not supported.
[IncludeIndividualRegistryKeys]
List individual registry keys to include.
Syntax is same as [IncludeRegistryTrees] but includes only values
in the specified key, not subkeys.
Wildcards are not supported.
[IncludeIndividualRegistryValues]
List individual registry values to include.
Same as [IncludeIndividualRegistryKeys] but includes only specific named
value, not subkeys.
Syntax is key\valuename.
Wildcards are not supported.
Name can be blank to denote the default value (use a trailing backslash).
[ExcludeRegistryTrees]
List registry trees to exclude.
All values and subkeys within the specified tree are excluded.
Syntax is one key per line.
Wildcards are not supported.
[ExcludeIndividualRegistryKeys]
List individual registry keys to exclude.
Syntax is same as [ExcludeRegistryTrees] but excludes only values
in the specified key, not subkeys.
Wildcards are not supported.
[ExcludeIndividualRegistryValues]
List individual registry values to exclude.
Same as [ExcludeIndividualRegistryKeys] but excludes only
specific named value, not subkeys.
Syntax is key\valuename.
Wildcards are not supported.
Name can be blank to denote the default value (use a trailing backslash /.

A Few Final Touches

Now create a scheduled task to synchronize the folder with the files to all you're SBC servers.

You're almost ready. The only thing you need to do is build a script that saves the desired settings after logoff, and loads them after login.

Below you find the code for the logoff script that will store the users settings to his profile

C:\dvsprof\proflwiz.exe /s "%temp%\MySettings.ops" /i C:\dvsprof\dvs4sbc.INI /q copy /Y "%temp%\MySettings.ops" "%homedrive%\profile\dvs4sbc.ops"

When the user now logs off, the settings are written to a file named dvs4sbc.ops.

Now you have to create a script to load the settings when a user logs on. Again I did it for you, so just cut and paste it from below.

Copy /Y "%homedrive%\profile\dvs4sbc.ops" "%temp%\dvs4sbc.ops" C:\PROFLWIZ\proflwiz.exe /r "%temp%\dvs4sbc.ops" /q

This method can only be used with DVS4SBC because in SVS the layers will be de-activated before the logoff script runs.

Using the above method gives you full control of what you wish to save from you're layers.

And now the biggest advantage of this!

You have completely build Office 2007 in a layer, and you activate it for your users in DVS4SBC. The users are going to use it, and then something goes wrong. In a common environment resetting the layer will destroy all user settings like the credentials and even your signatures in e-mail.

Now you can store these settings in the profile. Resetting the application will no longer destroy the user settings.

The users will love you again.

Regards
Erik