All geek questions in one place

Programming Windows User Profiles

I am trying to do something similar to what the user who asked this question is trying:

HTTPS Request from Credential Provider DLL

Regarding user profile components, I found this one .

  • What is the minimum profile that Windows recognizes and downloads?
  • How do I create and register a profile in Windows?

My goal is Windows 7 (Professional or Enterprise). I'm more of a Linux guy, so I'm pretty elusive when it comes to Windows programming, so please be careful.

PS Is there a way that I can start developing on Linux and then test on Windows without using a virtual machine?

This is what I'm trying to do.

I am creating a profile synchronization program that will be used by people who move a lot, so they don’t need to bring a laptop everywhere. This issue deals with the case when a user logs on to a new computer. Possible applications:

  • Entrepreneurs who travel frequently between offices
  • Students who use different computers daily
  • Internet cafe users in foreign countries
  • Home users who do not like to copy files when they receive a new computer.

I want to provide the greatest possible user experience that I can, and that means creating an almost instant profile. Roaming profiles are slow and inefficient at best. Providing Windows to create a profile is not really an option, because I need to perform individual authentication (I realized this), and I need to copy the settings from the server.

I need a way:

  • Create only bare items at login.
  • Update settings from the cloud if the profile is updated
  • Get the user from the login screen up to 30 seconds (preferably much faster).

This is what I think about:

  • User Authentication with Server
  • Contact your Windows service to handle creating / updating a profile.
  • The Windows service will load blank preferences when creating the profile.
  • Settings apply
  • User logged in
+4
source share
2 answers

First of all, I would recommend you read about user profiles.

The basic idea of ​​user profiles is simple and unchanged from the first version of Windows NT (I mean Windows NT 3.1): A user profile consists of a directory structure that exists on the local computer. One file (the so-called bush) from the user profile is the current user part of the registry. It is important that the user has full access to his user profile. Access permission is saved not only in the file system, but also inside the registry. Therefore, to create a profile for a user, you need to create a user account earlier, because part of the security descriptor of the registry key files must contain the security identifier (security identifier) ​​of the user.

If a new user profile is created, the prototype of the user profile will be used as the template. The path to the template can be found in the registry as the Default value in the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList . You can use GetDefaultUserProfileDirectory to get the same information.

To create a profile, you need to log in with a user account to get a login token (see LogonUser with the LOGON32_LOGON_INTERACTIVE flag for the dwLogonType parameter), and then use LoadUserProfile , which will create a local user profile if it does not exist for the user. If the user has a central or roaming profile , fill in the PROFILEINFO lpProfilePath structure so that it points to the path of the roaming user profile that is on the server. To get the path, you can use NetUserGetInfo with dwLevel equal to 4. This method is very old and is described, for example, here .

Since the login token from [LogonUser] is really only needed to obtain the SID of users that are required for access rights to their files and registry keys, starting with Vista, Microsoft introduced another simplified and very practical CreateProfile API that replaces CreateUserProfileEx (which exist only on Windows XP).

Everything that I explain earlier is really necessary only in rare situations . Basically, only if you are using a user account for a Windows service. In a standard situation, a user profile will be automatically created at the first interactive user login to a computer.

If you need to make some changes for all users on the computer, for example, after installing new software, you can do this in different ways without creating user profiles.

If you explain more precisely why you need to create user profiles, I could offer you an alternative way to archive the same goals.

+7
source

I asked a very similar question on ServerFault, and I really liked the answer I got there. To rephrase, these are the following steps:

  • Create a Windows service for creating profiles
  • Create a custom ICredentialsProvider and authenticate the user
  • Create Profile Service Call
  • Tell Windows to continue logging in.

There seems to be no direct way to override it, but that seems pretty smart and, quite possibly, the only solution.

Since no one commented or left an answer, I will slightly change the question.

0
source

Source: https://habr.com/ru/post/1346339/

More articles:


All Articles