In Windows, user data is stored within the
user profile along with any configuration information and data related
to the user's preferences. Data includes user-generated documents,
desktop preferences, Internet favorites, and so on. Application
settings are also contained within the profile and include items such
as custom dictionaries, custom toolbars, and anything else that
pertains to the application itself and how it has been customized by
the user. Other application-related data — data that pertains to every
user of the system — is stored within special profiles that apply to
all users.
Profile
information is not only stored within the file system, but also is
included in special sections of the Windows Registry under the
HKey_Users hierarchy. When users are logged on, their profile
information is copied from the HKey_Users hierarchy into the
HKey_Current_User section of the Registry. It remains there until the
user logs off at which point updates are copied back to HKey_Users.
Some information is stored in memory only while the user is logged on.
This information is contained within the NTUSER.DAT file, a core
profile file, which requires special handling because it is always
locked while in use.
The first thing you
notice when you begin looking at profiles in Windows Vista is that they
are completely different from previous versions. Information is stored
in a different file structure than with any of the legacy versions of
Windows. Because of this, Microsoft has introduced the concept of junction points,
redirection points that appear as normal folders to applications and
users. Junction points provide backwards compatibility for older
applications that need to address the legacy folder structure used for
profile storage. Finally, the profile folder structure itself has been
completely modified to provide better support for features such as roaming profiles — profiles that are stored on network shares to make them accessible to users on any computer in your network.
NOTE
If
you view junction points in Windows Explorer and you double-click on
them, you will get an access denied error which is not pretty, but this
is the implementation in Vista.
Microsoft modified the profile structure in Vista to facilitate profile management, as shown in Figure 1. Because of this, several items have changed within the profile file structure:
Profiles are stored under the C:\Users folder.
Data assigned to every user is stored within the C:\Users\Public folder.
Data used to generate a new profile is stored within the C:\Users\Default folder.
Application data that is required for all users is stored within the C:\ProgramData folder.
A new folder, C:\Users\username\AppData contains user-specific application data. Note that username is the user's account name in Windows.
The AppData folder includes three subfolders:
Local
includes data that does not move with the user when they change from
computer to computer. Most often, data in this folder is too large to
transfer from the local PC to a network share. For example, Outlook
personal storage files (.PST) are located in this folder.
LocalLow includes data that is local but considered low priority.
Roaming includes data that can be copied to a network share for availability to roaming users. As shown in Figure 2, the Start Menu is located under this folder.
Data
folders include Contacts, Desktop, Documents, Downloads, Favorites,
Links, Music, Pictures, Saved Games, Searches, and Videos. Some apply
to business use while others are more focused on personal use.
When you plan to protect user data, you must carefully consider which of the folders in the user profile you will protect.
