Deploying Windows XP, Managing User State

by Marcin Policht

Still planning your NT 4 migration? We look at what's involved in moving to XP. Our series kicks off with a look at the most complex facet of any operating system deployment: managing user state.

Despite the termination of Microsoft's support for Windows NT 4.0 Workstation (hotfix and paid incident support ended on June 30, 2004) and similar changes for Windows NT 4.0 Server at the door (Dec. 31, 2004), these operating systems are still running on many corporate workstations, desktops, and servers.

Deploying a new operating system is certainly not a trivial task and requires careful planning, testing, and execution. When other equally relevant factors are taken into account, such as the cost of licensing or infrastructure and desktop upgrades, application compatibility issues, and the need for additional training of end users and support teams, one gets a better idea why the expected adoption of Windows XP Professional and Windows Server 2003 has been slower than expected among business customers.

User state consists of several components that make one users's computing environment distinct from another's.

This series of articles will look into some of the challenges associated with deploying Windows XP. Windows XP Professional, introduced well over a year ago, has been widely accepted as considerably more efficient, stable, and secure (especially following release of Service Pack 1) alternative to Windows 98 and ME (for which critical security updates and paid incident support will be available until June 30, 2006).

Our discussions starts with a look at the migration of user state, which is probably most complex factor (next to resolving application compatibility issues) due to its unique, and sometimes difficult to predict, characteristics. Complexity results from the fact that user states can be managed in many ways and are highly application (and, to some degree, operating system) dependent. At the same rate, this is also one of the most critical elements (besides user data) that simplifies user transition from an old to a new system, preventing downtime and an increase in volume of help desk calls.

User state consists of several components that make one users's computing environment distinct from another's. System settings, application settings, and files used are customized on a per-user basis. Migration affects mainly these, which are local to the user's computer (and therefore hardware or operating system replacement puts them at risk of being lost or no longer applicable). The majority are confined to a location on a computer's hard drive known as the user's profile. Starting with Windows 2000, this is the subfolder in the "Documents and Settings" folder (located on the Windows boot drive, which means that, typically, its path is C:\Documents and Settings) named after the user's Windows account name (in earlier version of Windows, this used to be a subfolder of the Profiles folder residing in the Windows installation directory). User profile contains two types of components:

  • Registry Settings, which are, in turn, stored in two .DAT files. The first one is NTUSER.DAT and resides directly in the user's profile root folder (i.e., Documents and Settings\UserName, where UserName is the name of user Windows account). This file consists of entries in the HKEY_CURRENT_USER registry hive, which become part of the user's roaming profile (assuming one has been assigned). The other is USRCLASS.DAT, located in the Documents and Settings\UserName\Local Settings\Application Data\Microsoft\Windows and intended for application-specific entries, which are excluded from the roaming profile.

  • Files, which are organized in a fairly elaborate directory structure, including, such subfolders as:

    • Desktop, NetHood, PrintHood, SendTo, Start Menu, or Recent Documents correspond to some of the features of graphical interface of Windows Explorer and contain user-specific settings for each. For example, by adding a shortcut to an application in the SendTo folder under a user's profile, another option is automatically added to the SendTo submenu of the Windows Explorer's File menu. NetHood is intended for shortcuts to users' custom items defined in My Network Places, while PrintHood serves the same role in regard to shortcuts to items in Printer folders. Shortcuts placed in the Start Menu folder complement those available in the All Programs menu for all users.
    • Application Data contains configuration and data files that define users' custom application settings that are part of the roaming profile. For example, it includes the cryptography data needed when using the encryption/decryption features of EFS.
    • Local Settings stores configuration and data files defining a user's custom application settings that are (or can be) excluded from the roaming profile. This applies, for example, to Internet Explorer's Temporary Internet Files or its History entries.
    • My Documents constitutes a default location for data files created by the user. Although by default the My Documents folder becomes part of the roaming profile, it is recommended to implement Folder Redirection to avoid downloading and uploading its content during logons and logoffs, which, in turn, negatively affects the speed of both operations. Folder Redirection is a collection of Active Directory-based Group Policy settings (located under the User Configuration -> Windows Settings -> Folder Redirection node), which replaces the default location of some of the user's profile folders with arbitrarily chosen network-based directories. This means that for such users, there is only a single location of corresponding roaming profile files, regardless of how many computers this user logs on to. This eliminates the need for time-consuming synchronization and makes user-roaming a more pleasant experience. Folder Redirection can be applied to My Documents, My Pictures, Application Data, Desktop, and the Start Menu.
    • Templates contains templates for (mostly legacy) applications, including older versions of Microsoft Office.

>> Managing the Migration Process

In addition, the root directory also contains NTUSER.INI, with a list of folders excluded from roaming profiles (this setting is configurable through group policies).

The listing above indicates the complexity involved in maintaining and migrating user state. To make matters even more confusing, both file and registry structure have changed between different versions of Windows. Some of the settings might not be desired once the new operating system is installed (e.g., in cases where one application is replaced by another with equivalent or improved functionality). Older applications might not be truly XP compliant, placing user-specific settings outside of the profile. Furthermore, typically, you would want to backup user personal and shared data that has been stored (accidentally or intentionally) elsewhere on computer's hard drives (which means you must search for it).

One way to simplify the migration process is to implement alternative methods of managing some of the profile settings.

One way to simplify the migration process is to implement alternative methods of managing some of the profile settings. One of them, taking advantage of folder redirection through Active Directory-based group policies, has already been described. Another one involves assigning user network drives or network printer mappings dynamically via a login script (note that this applies to drive mappings other than the one defining the home directory, which, in a domain environment, is configured using Home folder and Connect entries on the Profile tab of the user account's Properties dialog box in Active Directory Users and Computers). This method has a number of additional benefits, including the capability to change settings remotely, thus eliminating the need for visits to users' desks whenever mappings must be modified. Login scripts can take the form of simple batch files, although they are typically created with more flexible, convenient, and feature-rich scripting languages. Specifics of a drive mapping (such as drive letter, as well as the target server, share, and directory defining the UNC path) are usually determined by a user's group membership. So be sure to check which groups the user belongs to within the login script).

Unfortunately, network printer mappings are a bit more complicated because they are typically computer-specific, not user-specific.

Frequently, users prefer to print to devices located nearby, which means that when they move from one location to another, mappings should be adjusted accordingly. One way to address this issue is to build logic into the login script that checks for either the IP subnet of the workstation a user logs into (for environments where you still have legacy operating systems) or its membership in a designated Active Directory group. Unlike in Windows NT 4.0 domains, in Active Directory environments, computers function as security principals and can be added to domain-based groups. If one of these conditions is satisfied, you can use scripting methods to create temporary (for the duration of login session) mappings to the closest printers. Obviously, this requires the creation and maintenance of a list of such printers.

Note that you can use the same approach to locate the closest server for user drive mappings, if desired. This is assuming you have multiple, synchronized replicas of servers residing on the network. With Windows XP clients in a Windows 2003 Active Directory environment, you can rely for this purpose on the Distributed File System, which automatically redirects the client to the closest server, as determined using Active Directory Site information. In such cases, you do not need to compare the client IP subnet against a list of servers in the login script.

Maintaining user state is relatively simple during operating system upgrades. User's profiles (and all of their data files) are preserved. Note, however, that upgrades from Windows 98 or ME require additional precautions that upgrades from Windows NT 4.0 do not, due to more significant differences in registry layout and file structure. On the other hand, fresh installations offer several important advantages over upgrades and therefore are recommended as the way to migrate to Windows XP. An operating system's state deteriorates during the course of its lifetime as the result of misconfigurations and changes introduced by installed applications, which have a potentially negative impact both during the upgrade process and following it. (They trigger difficult to troubleshoot problems.) The main drawback of an operating system installation is the need to transfer user state and setup all applications that might require access to their source files.

>> Approaching Migration

There are three general approaches to migrating user state during new operating system deployments.

  1. Organizations can use Microsoft user state migration tools, which include Files and Settings Transfer Wizard (intended primarily for individual use) and User State Migration Tool (USMT, geared toward higher volume migrations), which will be covered in the next article of this series.

  2. Organizations can also use third-party tools, the more common of which are:

    • Unicenter Desktop DNA and Desktop DNA Professional from Computer Associates (currently at version 4.7) are complete migration solutions that, as part of a desktop deployment, automate the transfer of user and application settings between computers using a variety of media and methods, including network-based, one-to-many scenarios. They contain a number of useful features, such as real-time and scheduled migrations, a high degree of customization via templates or scripts easily created with DNA Studio, as well as the capability to manually select files and settings to migrate or rollback. One of the major advantages of these tools is their capability to transfer remotely state data for all users of a particular computer together. Both Microsoft tools perform transfer one user at a time and require the user be logged on interactively when the transfer takes place. Another feature worth mentioning is the capability to copy applications (not just their settings) from one computer to another. This greatly simplifies hardware replacement and new operating system deployments.
    • Migration Suite from Altiris (currently at version 6.0) is similar to Desktop DNS products from Computer Associates. The suite offers a complete solution for migration to Windows XP, covering hardware and software inventory, backup of user and computer state, desktop deployment (via imaging) with application installation, configuration, and user-specific customization.
    • Ghost Solution Suite from Symantec is another enterprise-level solution. In addition to functionality to migrate user data and settings, it includes multicast-based PC imaging with inherent backup and recovery capabilities, automated application deployment, as well as secure data disposal, making it compliant with Department of Defense standards.
    • The Professional Edition of the agent-based PC-Relocator from Eisenworld enables entire applications to be transferred between computers (using a variety of means, such as network, USB, or parallel connections) or can store them to removable media. However, unlike the previously described solutions, PC-Relocator is intended for individual migrations. The same functionality is also available in the Enterprise Edition, which offers remote administration, automation (through custom scripting), and other customization features geared toward high-volume migrations.
    • Personality Tranxport Professional and Tranxition Migration Studio are two offerings from Tranxition Corporation. The first \ is a standard user state migration product; the second provides a fairly intuitive development environment, which can be used to further customize settings for applications not natively supported.
    • Intellimover from Detto Technologies allows highly customizable user state migrations involving both PCs and Macintosh computers (with equivalent Move2Mac product) for individual and SMB customers.
    • MoveMe from SpearitSoftware is intended for individual use and small-scale real-time and deferred migrations with a limited need for customization. It supports copying of entire applications (in addition to transferring only their settings).

  3. Custom methods are most appropriate in small environments or in scenarios where desktop migration to the new operating system requires additional, significant changes, such as an overhaul of the client application set or the way users are configured (and there is no budget for enterprise-level third-party solutions). In such cases, it might be necessary to adjust user state settings beyond those offered by free tools from Microsoft.

    Our next article will discuss in more detail two user state migration tools from Microsoft: Files and Settings Transfer Wizard and User State Migration Tool.

This article was originally published on Thursday Dec 30th 2004
Mobile Site | Full Site