There are many articles talking about how you can move the entire "Users" folder to a different drive other than `C:`.
However, it has been hard for me to figure out how to move only one specific user's profile folder out of `C:\Users\` without touching those of other users.
This could be useful when I want to separate the profiles of certain users from the others.
For example, on a lab machine, I want to encrypt the system drive with BitLocker. This will also encrypt the user profile of my own account which is an administrator.
However, at the same time I would like to leave the profiles of some other users (e.g. a customized guest account with persistent settings) unencrypted so they can retrieve their data later from the hard drive without me, even using a different machine.
This is very straight forward in UNIX systems because the home folder location information is part of `/etc/passwd`.
Therefore the first thing that I tried was "Local Users and Groups" in "Computer Management". It appears to be promising -- basically I can find my user in the list of local users:
(Image expired...)
And there are two text-boxes in the user's properties:
(Image expired...)
However, as I annotated in the figure, none of these actually servers the purpose.
If I fill in any or both (yes, I tried all three combinations) of these two text-boxes with the desired path (e.g. `C:\desired\profile\folder\path\`), the next time the target users logs in he receives a warning that Windows could not find his profile folder hence is using a temporary one.
At the same time, an empty folder named with the desired path string plus ".V6" is created (e.g. `C:\desired\profile\folder\path.V6\`), and I have to first gain ownership of that folder before I could delete it.
This does not work even if I have moved the user's original profile folder from `C:\Users\` to that desired path.
Here is what actually works --
The profile path is stored in the system registry in `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-*\ProfileImagePath`. That `S-1-5-*` is the internal user ID associated with the target user which I have to click on each to figure out which is the corresponding one.
(Image expired...)
Note that this key in registry only exists after the target user has logged in successfully for at least once (i.e. its user profile has been created under `C:\Users\`).
After I change the path to the desired path, I also need to use the "Administrator: Command Prompt" (i.e. run "Command Prompt" as Administrator), and move the user's profile folder from `C:\Users\` to the desired path. The syntax is `move SOURCE DESTINATION`, e.g.
move C:\Users\user_name C:\desired\profile\folder\path
As long as the destination is consistent with the one I set earlier in the registry, the migration is successful; the target user will log in with no hassle and use the new profile path from now on.
The complaint here is: Why in the hell does Windows have the two text-boxes in the management console for local users to confuse us?
Possible excuse: It is probably some backward compatible feature. Materials that I found seem to say those boxes are for users whose profiles are located on other machines in the local network.
I do not care though...
No comments:
Post a Comment