4/16/2003 -- Over the last few weeks, we have been examining the Installing, Configuring, and Administering Microsoft Windows 2000 Professional exam (70-210) from Microsoft. This exam can be used as credit on both the MCSA and MCSE tracks, and consists of seven major objective categories:

• Installing Windows 2000 Professional
• Implementing and Conducting Administration of Resources
• Implementing, Managing, and Troubleshooting Hardware Devices and Drivers
• Monitoring and Optimizing System Performance and Reliability
• Configuring and Troubleshooting the Desktop Environment
• Implementing, Managing, and Troubleshooting Network Protocols and Services
• Configuring, Managing, and Troubleshooting Security

In this article, we address the remaining three objective categories to complete this three-part series (click here for Part I and here for Part II). Microsoft's list of objectives for this exam can be found at http://www.microsoft.com/traincert/exams/70-210.asp.

Objective #5: Configuring and Troubleshooting the Desktop Environment

5.1: Configure and Manage User Profiles

Stored in the file NTUSER.DAT, the user profile is the portion of the Registry that is customizable for every user. It holds information about the user's desktop, wallpaper, screensavers, shortcuts, and so on. Whenever a user logs in at a system the first time, he automatically creates a local profile on that system by default.

Within the root directory, a subdirectory titled Documents and Settings holds the folder Default User. Beneath Default User exists the NTUSER.DAT file, which is the desktop template used for all new users. When a new user logs in to Windows 2000 Professional for the first time, a new folder beneath Documents and Settings is created using his or her username, and the profile (NTUSER.DAT) for the Default User is copied into his or her folder for individualized customization. On the second logon, and all subsequent logons, the NTUSER.DAT file beneath the user's folder is used for the user's profile.

NOTE: Although the name of the file itself (NTUSER.DAT) stayed the same, the location of the profiles differs from earlier versions of Windows NT. If Windows 2000 Professional is located on the C: drive and the user kdulaney logs on, the profile will be found in C:\Documents and Settings\kdulaney. In earlier versions of NT, it would have been beneath C:\Winnt\Profiles\kdulaney.

The profile can contain all of the following desktop-related items:

• Application information
• Cookies
• Favorites
• Files saved on the desktop
• Local settings
• My documents
• My pictures
• Nethood
• Printhood
• Recent
• Send to
• Shortcuts
• Start Menu
• Template items

When the user logs on, her desktop and Start Menu are based on her profile, as well as entries in the ALL USERS directory (also beneath Documents and Settings). Entries are placed in All Users so that they will appear in the environment for every user using the system.

The problem with local profiles (which have been described here and are the default) is that every workstation you log on to will have its own version of the local profile. User configuration settings will have to be set at each workstation the user logs on to. To overcome this problem, you can implement roaming profiles. With roaming profiles, the user portion of the Registry is downloaded from a designated system to the system the user is currently logged on to. Any changes to those settings will be stored in the central location so that they can be retrieved at the next workstation that they are logged on to.

Configuring Roaming Profiles
If you want to configure a user account to use a roaming profile, the first thing to do is set the profile path in the properties for that account. The most common setting to perform is to have a directory shared with a share name, such as "profiles." It should allow the local group USERS the permission of FULL CONTROL. With this share, you can set the user's profile path to be \\server\share\%username%. The next time the user logs on, his or her profile information can be saved to this central profile directory.

Naturally, in order to take advantage of a roaming profile, the computer the user uses must have joined the domain that holds the profile.

An administrator can determine whether the user profiles stored on the local system are roaming or local profiles. The administrator can then change his or her role by viewing the User Profiles tab in the System applet in the Control Panel. This dialog box shows all the profiles currently stored on the system and whether each one is a roaming or local profile. You can change the profile between roaming and local by clicking the Change Type button. In order to configure roaming, a server must be available. This dialog box is also used to configure how to handle roaming profiles when the user logs on to the network over a slow WAN link. This is an extremely useful setting for laptop users who may log on to an enterprise network from various locations.

NOTE: Remember that the roaming profile is stored on a specific server even though the user can be authenticated on any domain controller in the domain.

Configuring Mandatory Profiles
A mandatory profile is a deviation on a roaming profile. It must be configured in the same manner as a roaming profile, only the file is renamed from NTUSER.DAT to NTUSER.MAN. In essence, this makes the file behave as if it is read-only. The profile is read in the same manner when the user logs on, but changes made to any of the profile items while the user is logged on are not kept when the user logs out. This can be a lifesaver when you're working with users who need a static desktop environment. If they accidentally delete half their Start menu, the solution is simply to have them log off and back on again. Mandatory profiles do not work well with users who must constantly change their environment for work-related reasons (such as software developers). Therefore, you should consider individual scenarios and situations to determine what is the best fit for a site's needs.

If you are using a mandatory profile for a group of users, you need to cater to the lowest common denominator. For example, if two different desktop sizes (large and small) are in use throughout the organization and you define a bitmap as wallpaper, the bitmap must be to the small desktop in order to work throughout the organization.

NOTE: If changes are needed to a user who has a mandatory profile, you must first rename the mandatory profile back to NTUSER.DAT. Make the changes, and make certain they took effect (log out and back in, etc.). Then complete the process by renaming the file back to mandatory (NTUSER.MAN).

5.2: Configure Support for Multiple Languages or Multiple Locations

One of the new features of Windows 2000 is its ability to work with multiple languages and in multiple settings simultaneously. We will look at each of these items in the following section.

Multiple-language support allows you to create documents that can be read in different languages, as well as change the information text presented in Professional. To enable this feature you must be a member of the Administrators group. First, open the Regional Options applet in Control Panel and then check the languages you wish to install support for.

NOTE: Although multiple languages are turned on at the local machine, you can turn them off by using settings in a Group Policy-either locally or on a network you are connected to.

As soon as multiple languages have been configured, the System Tray at the bottom right of the Taskbar displays the language currently in use. When composing a document, you can right-click on this icon to view a list of the languages available, allowing you to choose which you want to compose in. Both Notepad and WordPad can let you compose in any character set.

The variables on the General tab of Regional Options allow you to change the language settings for reading and writing documents, as well as to specify your locale. Your locale is important because changes made at this drop-down box fill in standard settings for the other tabs within this applet. You can configure the other tabs independently, but you should assume their default setting from the value in the Your Locale (Location) box on the General tab.

The Numbers tab allows you to specify list separators, decimal symbols, and other numerical values. The Currency tab contains settings related to monetary figures. Variables include the following:

• Currency Symbol
• Positive Currency Format
• Negative Currency Format
• Decimal Symbol
• Number of Digits to Display After the Decimal
• Digit Grouping Symbol
• Digit Grouping

The Time tab allows you to specify four variables related to this entity: the format in which time is displayed, the separator between values, the symbol for AM, and the symbol for PM. The Date tab allows you to choose the century in which two-digit years are interpreted to fall within and the formats to use for short and long dates.

The Input Locales tab allows you to choose the keyboard layout to be used currently on the system. It also allows you to turn off the language indicator that shows by default in the System Tray of the taskbar, and specify key sequences. By default, Left Alt+Shift is used to switch between locales, but the key sequence can be changed to Ctrl+Shift.

For other items, such as switching to a native language, you must configure a keyboard sequence. Each keyboard sequence must be either Ctrl+Shift+(a number between 0 and 9) or Left Alt+Shift+(a number between 0 and 9). The only deviations from using a number in the sequences above are that you can also use the tilde (~) and the grave accent (`).

Whenever you add a language (whether it's the second or the tenth), you must reboot the system for the language to be available. Additionally, if you want to enable the reading of documents in multiple languages, you must copy additional files from the CD.

NOTE: The ability to support so many languages is provided through the use of the Unicode standard. In Unicode, and the Unicode Character Set (UCS), each character has a 16-bit value. This allows the same character to be interpreted/represented by 65,536 different entities.

5.3: Manage Applications by Using Windows Installer Packages

Windows Installer is a program intended to simplify the installation of new software and manage existing software. It can be used to add, delete, and modify full applications as well as components. It can alter the Registry, make shortcuts, and prompt for interaction, where needed.

Windows Installer is divided into two components: an installer service for the client (MSIEXEC.EXE) and package files (which have the extension .MSI). The .MSI files are the applications themselves and most often will come from software vendors; they can also be created internally by developers.

MSIEXEC uses the MSI.DLL library to read the package files and incorporates items from transform files (with a .MST extension). Transform files are nothing more than deviations from the MSI routine. (To use a different language, for example, also include a patch.)

MSI files contain relational databases (multiple tables) of instructions that need to be carried out. The tables are known as groups. The following tables are included:

• Core table
• File table
• Installation procedure
• Locator table
• Program installation
• Registry table
• System table

  NOTE: Windows Installer is a component of IntelliMirror and is tightly integrated with Group Policy. In addition to Windows Installer, IntelliMirror also includes the ability to administer user settings, perform remote installation, and mirror data between the network and local machines.

Windows Installer can work in four ways: with Windows Explorer, from the command line, with Add/Remove program, and within Group Policy.

Assume you are using Windows Installer to update 20 machines, and it fails on one. The solution is to restart Windows Installer on the machine it failed on. From within Windows Explorer, double-click on any .MSI file to begin the installation automatically. Right-clicking on the file allows you to choose to Install (the default), Repair, or Uninstall the package.

You can perform a number of operations from the command line. Not only can you install, uninstall/remove, and repair .MSI files, you can also advertise a package and make the installation package.

NOTE: With advertising, the program is not installed automatically, but the ability for it to be installed is advertised to the user. The user can then install it from Add/Remove Programs, or another method.

To install a package, use the following command:

MSIEXEC /i {.MSI filename}

Optionally, you can create a log file of the installation by using this syntax:

MSIEXEC /i {.MSI filename} /L[parameter] {logfile}

You can use the following parameters with /L to dictate what information should go in the log file:

To remove a package, use the following command:

MSIEXEC /x {.MSI filename}

To repair a package, use this command

MSIEXEC /F[parameter] {.MSI filename}

where [parameter] can be any of the following parameters:

If no parameter is specified with /f, the default is to use "pecms."

To advertise a package, use this command:

MSIEXEC /j[parameter] {.MSI file}

where [parameter] is replaced with one of these two valid parameters:

m -- Advertises to all users on the computer
u -- Advertises to the current user only

Finally, to create an administrative installation package, use the following syntax:

MSIEXEC /a {.MSI filename}

Windows Installer and Add/Remove Programs
Windows Installer support is built into Add/Remove Programs. Simply choose Change or Remove Programs within the applet, and Windows Installer is invoked automatically.

Windows Installer and Group Policy
One of the key features of Group Policy is Windows Installer integration. Administrators can include packages within Group Policy and tie them to computer options or user options to have them installed automatically where needed. Parameters for Windows Installer are located beneath both Computer Configuration and User Configuration, as well as beneath Windows Components, which is beneath Administrative Templates.

All that aside, one of the main features of Group Policy is the ability it affords an administrator to enforce desktop settings. Group Policy will only work with Windows 2000 clients, while System Policies work with previous clients.

If you double-click on the setting Disable Windows Installer, a dialog box appears, allowing you to change the setting from Not Configured to either Enabled or Disabled. You can also choose whether installation of applications will be allowed with elevated privileges and whether to log the installation (among other options).

5.4: Configure and Troubleshoot Desktop Settings

Windows 2000 incorporates the Active Desktop, which was first popularized with Windows 98, and first available in Windows 95 OSR2. Active Desktop allows you to make your desktop function like a Web site. You can add Web content to the desktop along with the desktop icons.

Right-click on the desktop and choose Properties to bring up the dialog box for the desktop. A new tab -- Web -- allows you to configure where the Web content will come from. You can specify not only the sites to incorporate but also the depth of pages to download, disk usage limitations, and the frequency schedule.

The New Active Desktop Item wizard walks you through the process of setting up each item and simplifies the process.

The properties dialog box is, in actuality, the DESKTOP.CPL file; you can summon it from the command prompt or from the Run dialog box that appears when you choose Start, Run.

When you walk away from the desktop, you can "lock it" by choosing Lock Computer from the Windows Security dialog box. This requires your password to be re-entered again before the desktop can be used, but allows all background processes to continue to run while you are away.