Windows User Profiles…The Mysteries Untold – Part 1


Happy New Year Everone…This is my first blog post of 2017. WooHoo!!  As aways, I love to blog about questions from the field.  This one came from a customer testing their new Virtual Desktop Infrustrure (VDI) on Nutanix and had 1 out of 50 users profiles be corrupt. He asked why did this happen and how can I avoid this in the future. Now, I would say that 1 corrupt profile out of 50 is fine during a test, but let understand why it happens. This topic is especially important to understand because directly relates to VDI and your end user experience in VDI.

Windows User Profiles

What is a Windows User Profile? It not just your desktop 🙂

Let’s do a quick primer…

Windows creates a user profile the first time that a user logs onto a physical computer or VDI session. At subsequent logons, the system loads the user’s profile, and then other system components configure the user’s environment according to the information in the profile.

A user profile consists of the following elements:

  • A registry hive. The registry hive is the file NTuser.dat. The hive is loaded by the system at user logon, and it is mapped to the HKEY_CURRENT_USER registry key. The user’s registry hive maintains the user’s registry-based preferences and configuration.
  • A set of profile folders stored in the file system. User-profile files are stored in the Profiles directory, on a folder per-user basis. The user-profile folder is a container for applications and other system components to populate with sub-folders and per-user data such as documents and configuration files. Windows Explorer uses the user-profile folders extensively for such items as the user’s Desktop, Start menu and Documents folder.

Type of User Profiles

  • Mandatory profiles:
    • Typically one pre-configured profile for many users.
    • Although during a session changes can be made, they are discarded. When the user logs on the next time, the locally cached copy of the mandatory profile is reset (replaced with the network copy).
    • The path to the mandatory profile needs to be assigned to users
    • Useful mainly for kiosk systems.
  • Local profiles:
    • One profile per user per machine.
    • No dependency on the network.
    • Since the profile is available locally, logons are very fast.
    • No configuration is necessary, local profiles are assigned to users automatically.
    • Backing up local profiles is often a challenge because the profiles are distributed across many machines with potentially slow and/or only intermittent network connectivity.
    • Another difficulty is how to transfer local profiles between computers, which becomes necessary when machines are replaced.
    • Useful for users who do not switch computers often or for computers without permanent network connectivity, like laptops. In VDI environments local profiles should not be used since users are directed to an arbitrary (the least loaded) server when they launch a new session.
  • Roaming profiles:
    • One profile per user.
    • The master copy of the profile is stored on a file server. During logon, it is copied to the local machine, which may slow down logons considerably depending on profile size and network speed.
    • During logoff, changed files are copied back to the master copy on the file server. Since a user’s registry hive is stored in a single file, this approach creates the “last writer wins” problem.
    • The path to the roaming profile needs to be assigned to users.
    • Useful for most setups where local profiles cannot be used.
  • Temporary User Profiles.
    • A temporary profile is issued each time that an error condition prevents the user’s profile from loading. Temporary profiles are deleted at the end of each session, and changes made by the user to desktop settings and files are lost when the user logs off.

Windows User Profiles

Windows User Profiles – The Reality

Ok, now let me paint a picture….A user calls the help desk to report a strange issue on an application running on their VDI Desktop. What does the help desk technician do? Analyze the root cause of the problem? Probably not. Most likely, the user’s profile will be deleted and the problem will have gone away. Happy ending? Not at all!

Deleting entire user profiles because of malfunctions caused by small data inconsistencies reveals a great deal of helplessness. While the user can work with the faulting application again, the user has lost thousands of personal settings configured both implicitly and explicitly. The help desk technician, on the other hand, has learned nothing from the case, except a brute force way of closing a call. The next time a user rings with a weird problem the technician will be all the more eager to repeat the procedure.

Deleting is cheap. Who is to blame?  Nobody, really. Given the prehistoric user profile design Windows still uses in its latest incarnations, the help desk technician has no other choice but to delete the profile. Trying to get to the root cause is way too difficult and time-consuming a task to perform routinely several times a day. It is so much cheaper to just delete everything and have the user start from scratch.

Why is it like this? Finding a “Needle in a Haystack” is expensive. User profiles are a mess, a chaotic agglomeration of data. Applications can write what they want, where they want, in what way they want into the profile. Among the piles of data junk each Windows user profile stores, there are, however, quite a few hidden gems: the settings a user actually has configured. That is the stuff users care about.

Take your favorite web browser, for example. It comes with hundreds or thousands of factory presets, most of which you could not care about less. But I bet there are a few tweaks in your configuration you would not like to live without. Unfortunately, those settings dear to your heart are buried among all the other default stuff.

Configuration Craziness with some Applications

And it gets worse. Not only are the valuable settings from individual applications intermingled with worthless data, some applications store their configuration all over the place, effectively creating a mix of settings from multiple programs. This makes it virtually impossible to easily identify and extract a single program’s settings. By the way, Microsoft is especially good at this mixing business. Try to identify all storage locations for (Internet) Explorer settings on your own. LOL 😉

Untangling the Knot – How?

The inadequacies of Windows user profiles have led to the development of quite a few profile management products and technologies.  My next post will dive into Best Practices and some of the solutions that help solve this problem.

Finally, at the beginning of the post I mentioned that this series was inspired by a customer in the field. Well, in the end, the problem was a bad registry setting loaded by the NTUSER.DAT, by a third party application. ;(

Until next time,  Rob.

Microsoft Azure Cloud Series – Understanding the Stack, Who Manages What? – Part 2

In today’s IT, there are lot of discussions in the about different terms like PaaS, IaaS, and SaaS.  So what do all of these cloud acronyms mean?

I’m going to give you the simplest explanation I can, to help you understand the difference between SaaS, IaaS, and PaaS. First, let’s expand those acronyms! Software as a Service, Infrastructure as a Service, and Platform as a Service are all just different types of clouds.

Understanding the Stack

New Choices for Delivering IT

The cloud provides options for approach, sourcing, and control.  It delivers a well-defined set of services, which are perceived by the customers to have infinite capacity, continuous availability, increased agility, and improved cost efficiency. To achieve these attributes in their customers’ minds, IT must shift its traditional server-centric approach to a service-centric approach.  This implies that IT must go from deploying applications in silos with minimal leverage across environments to delivering applications on pre-determined standardized platforms with mutually agreed upon service levels.  A hybrid strategy that uses several cloud options at the same time will become the norm as organizations choose a mix of various cloud models to meet their specific needs.

Typical Service Models

Software as a Service

Software as a Service (SaaS) delivers business processes and applications, such as CRM, collaboration, and email, as standardized capabilities for a usage-based cost at an agreed, business-relevant service level. SaaS provides significant efficiencies in cost and delivery in exchange for minimal customization and represents a shift of operational risks from the consumer to the provider. All infrastructure and IT operational functions are abstracted away from the consumer.

Platform as a Service

Platform as a Service (PaaS) delivers application execution services, such as application runtime, storage, and integration for applications written for a pre-specified development framework. PaaS provides an efficient and agile approach to operate scale-out applications in a predictable and cost-effective manner. Service levels and operational risks are shared because the consumer must take responsibility for the stability, architectural compliance, and overall operations of the application while the provider delivers the platform capability (including the infrastructure and operational functions) at a predictable service level and cost.

Infrastructure as a Service

Infrastructure as a Service (IaaS) abstracts hardware (server, storage, and network infrastructure) into a pool of computing, storage, and connectivity capabilities that are delivered as services for a usage-based (metered) cost. Its goal is to provide a flexible, standard, and virtualized operating environment that can become a foundation for PaaS and SaaS.

IaaS is usually seen to provide a standardized virtual server. The consumer takes responsibility for configuration and operations of the guest Operating System (OS), software, and Database (DB). Compute capabilities (such as performance, bandwidth, and storage access) are also standardized.
Service levels cover the performance and availability of the virtualized infrastructure. The consumer takes on the operational risk that exists above the infrastructure.

Understanding the Stack

Infrastructure as a Service with Azure Virtual Machines

In short, IaaS gives you a server in the cloud (virtual machine) that you have complete control over. With an Azure VM, you are responsible for managing everything from the Operating System on up to the application you are running.

On-demand data centers, also known as IaaS, provide compute power, memory, and storage, typically priced per hour, based on resource consumption. You pay only for what you use, and the service provides all the capacity you need, but you are responsible for monitoring, managing, and patching your on-demand infrastructure.

The biggest advantage of IaaS is that it offers a cloud-based data center without requiring you to install new equipment or to wait for the hardware procurement process. This means you can get IT resources that otherwise might not be available.

This mode of operation will feel most like a typical on premises virtual machine where you remote desktop into the server to manage it instead of sitting down in front of a physical keyboard and mouse.

Platform as a Service – Azure Cloud Services

An Azure Cloud Service consists of two components: your application files (source code, DLLs, etc.) and a configuration file. Together, these two elements will spin up a combination of Web Roles and Worker Roles to execute your application. With Cloud Services, Azure handles all of the tedious Operating System details for you, so you can focus on what matters – building a quality application for your users.

A Web Role is an Azure VM that is pre-configured as a web server (running IIS) and will automatically have your application loaded on it by the time the server fully spins up. This will create the public endpoint for your application – usually a website, but it could also be an API or something similar.

Worker Roles run alongside your Web Roles and are responsible for performing computing functions to support your application. Typically, the Web Role will accept some sort of user input and queue up an action for the Worker Role to process at a later time. This allows the Web Roles to be more responsive and to fire-and-forget tasks to be processed later.

Understanding the Stack

Software as a Service – Basecamp, Salesforce, Office 365, Azure Websites

Finally, Software as a Service applications are built and hosted through 3rd party vendors who typically charge for a certain level of service – $30/month for X projects and Y users.

Azure Websites can serve as a SaaS offering as well. You can configure a WordPress, Drupal, OpenX, or even phpBB site with a single click. No code, no deployment hassles, and minimal configuration. Azure Websites lets you stand up the service you need in minutes, not hours or days.

Most SaaS applications today are built on a cloud platform due to the low cost of entry – with prices continually falling – and the ability to scale up as your customer base grows. If Dropcam, SmugMug, or Netflix got one million new customers tomorrow, their infrastructure (Amazon Web Services) would be able to accommodate them.


  • Software-as-a-Service (SaaS) means you’re renting the app or software
  • Platform-as-a-Service (PaaS) means that you’re renting everything but the app or software
  • Infrastructure-as-a-Service (IaaS) means you’re renting only the hardware as well as the tools used to manage the hardware

While each Azure Compute (IaaS) offering has their pros and cons, I personally prefer to build my projects around PaaS. With PaaS, you get the maximum possible amount of flexibility before you have to start worrying about the tedious world of OS maintenance, versions, security, patches, etc. Until next time, Rob.