以编程方式创建 Windows 用户配置文件
我正在尝试执行类似于提出此问题的用户尝试执行的操作:
关于用户配置文件的组件,我发现 这个。
- Windows 能够识别和加载的最低配置文件是什么?
- 如何在 Windows 中创建和注册配置文件?
我的目标是 Windows 7(专业版或企业版)。我更喜欢 Linux,所以对于 Windows 编程我一无所知,所以请温柔一点。
PS 有没有一种方法可以让我在 Linux 上开始开发,然后在 Windows 上进行测试,而无需使用虚拟机?
这就是我正在尝试做的事情,
我正在构建一个配置文件同步程序,供经常走动的人们使用,这样他们就不必随身携带笔记本电脑。此问题解决用户登录到新计算机的情况。可能的应用包括:
- 经常往返办公室的商人
- 每天使用不同计算机的学生
- 国外网吧的用户
- 购买新计算机时不喜欢复制文件的家庭用户
我希望提供尽可能最佳的用户体验,这意味着近乎即时的配置文件创建。漫游配置文件充其量是缓慢且有问题的。让 Windows 创建配置文件实际上并不是一种选择,因为我需要进行自定义身份验证(我想出了这个)并且我需要从服务器复制设置。
我需要的是一种方法:
- 仅创建用户登录时的基本要素
- 如果配置文件已更新,则从云端更新设置
- 让用户在 30 秒内从登录屏幕开始工作(最好快得多)
这就是我想要的考虑这样做: 使用
- 服务器对用户进行身份验证
- 联系 Windows 服务来处理配置文件创建/更新
- Windows 服务将在创建配置文件时下载裸设置
- 应用设置
- 用户已登录
I am trying to do something similar to what the user who asked this question is trying to do:
HTTPS Request From a Credential Provider DLL
Concerning the components of a user profile, I found this.
- What is the minimum profile that Windows will recognize and load?
- How do I create and register a profile with Windows?
My target is Windows 7 (Professional or Enterprise). I'm more of a Linux guy, so I'm pretty clueless when it comes to programming on Windows, so please be gentle.
P.S. Is there a way that I can start developing on Linux then test on Windows without using a VM?
This is what I'm trying to do
I am building a profile synchronization program to be used by people that move around a lot so they don't have to bring a laptop everywhere. This question addresses the case where the user logs in to a new computer. Possible applications are:
- Businessmen that travel between offices frequently
- Students who use different computers everyday
- Users of internet cafes in foreign countries
- Home users who don't like copying files when they get a new computer
I want to provide the best possible user experience that I can, and this means near-instantaneous profile creation. Roaming profiles are slow and buggy at best. Letting Windows create a profile is not really an option because I need to do custom authentication (I figured this one out) and I need to copy down settings from a server.
What I need is a way to:
- Create only the bare essentials on user logon
- Update settings from the cloud if the profile has been updated
- Get the user from logon screen to working in under 30 seconds (preferably much faster)
This is what I'm thinking of doing:
- Authenticate user with server
- Contact Windows service to handle profile creation/update
- windows service will download bare settings while profile is created
- Settings are applied
- User is logged in
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
首先,我建议您阅读有关用户配置文件的本文。
用户配置文件的主要思想很简单,并且从 Windows NT 的第一个版本(我的意思是 Windows NT 3.1)开始保持不变:用户配置文件由本地计算机上现有的目录结构组成。用户配置文件中的一个文件(所谓的 hive)代表注册表的当前用户部分。用户对其用户个人资料具有完全访问权限非常重要。访问权限不仅保存在文件系统中,还保存在注册表内部。因此,要为用户创建配置文件,必须先创建用户帐户,因为注册表项文件的安全描述符部分必须包含用户的 SID(安全标识符)。
如果创建新的用户配置文件,则用户配置文件的“原型”将用作模板。您可以在注册表中的
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList注册表项下找到该模板的路径,作为Default值。您可以使用 GetDefaultUserProfileDirectory 获取相同的信息。要创建配置文件,应使用用户帐户登录以获取登录令牌(请参阅 LogonUser )
dwLogonType参数的LOGON32_LOGON_INTERACTIVE标志),然后使用 LoadUserProfile 如果用户不存在本地用户配置文件,它将创建本地用户配置文件。如果用户有中央或漫游配置文件,则应填写输入PROFILEINFO 构造lpProfilePath以便它指向用户的漫游配置文件路径,该路径是在服务器上。要获取路径,可以使用 NetUserGetInfo ,dwLevel等于 4这种方式非常古老,例如此处进行了描述。因为来自 [LogonUser] 的登录令牌实际上只需要获取用户 SID,而用户 SID 是授予用户对其文件和注册表项的权限所需的,因此从 Vista 开始,Microsoft 引入了另一个简化且非常实用的 API CreateProfile 替换 CreateUserProfileEx(仅存在于 Windows XP 上)。
我之前解释的所有内容仅在极少数情况下才真正需要。大多数情况下,仅当您使用 Windows 服务的用户帐户时。在标准情况下,用户配置文件将在计算机上首次交互式用户登录时自动创建。
如果您需要对计算机上的所有用户进行一些更改(例如在安装新软件后),您可以通过多种方式执行此操作,而无需创建用户配置文件。
如果您更准确地解释为什么您需要创建用户配置文件,我可能会建议您采用某种替代方法来实现相同的目标。
First of all I would recommend you to read this about user profiles.
The main idea of user profiles is simple and it stay unchanged starting with the first version of Windows NT (I mean Windows NT 3.1): The user profile consists from the directory structure existing on the local computer. One file (so named hive) from the user profile represents the current user part of the registry. It is important that the user has full access on his user profile. The access permission is saved not only in the file system, but also inside of the registry. So to create the profile for the user one have to create the user account before because the part of security descriptor of files of keys of registry must contain the SID (security identifier) of the user.
If new user profile will be created the "prototype" of the user profile will be used as the template. The path to the template you can find in the registry as
Defaultvalue under theHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileListregistry key. You can use GetDefaultUserProfileDirectory to get the same information.To create the profile one should login with the user account to get the login token (see LogonUser with
LOGON32_LOGON_INTERACTIVEflag for thedwLogonTypeparameter) and then use LoadUserProfile which will create the local user profile if it is not exist for the user. If the user has central or roaming profile one should fill in the input PROFILEINFO structure thelpProfilePathso that it points to the user's roaming profile path which are on the server. To get the path one can use NetUserGetInfo withdwLevelequal to 4. This way is very old and is described for example here.Because the login token from [LogonUser] are really needed only to get the users SID which are needed to grand user permission to his files and registry keys, starting with Vista Microsoft introduced another simplified and very practical API CreateProfile which replaces CreateUserProfileEx (which exist only on Windows XP).
All what I explain before is really needed only in seldom situations. Mostly only if you use the user account for the windows service. In the standard situation the user profile will be automatically created at the first interactive user login on the computer.
If you need to make some changes for all users on the computer for example after the installation of new software you can do this in many ways without creating user profiles.
If you explain more exactly why you need to create the user profiles I could probably suggest you some alternative way to archive the same goals.
我在 ServerFault 上问了一个非常类似的问题,我真的很喜欢在那里得到的答案。换句话说,这些是步骤:
似乎没有直接的方法来覆盖它,但这看起来相当聪明,并且很可能是唯一的解决方案。
由于没有人发表评论或留下答案,我会稍微改变一下我的问题。
I asked a very similar question on ServerFault, and I really liked the answer I got there. To paraphrase, these are the steps:
It seems there is no direct way to override it, but this seems quite clever, and quite possibly the only solution.
Since nobody has commented or left an answer, I'll change my question a little.