Microsoft Windows NT 4.0 manual Encoding Permissions in the User Profile

Page 17

NOTE: Directories containing roaming User Profiles need at least Add and Read permissions for profiles to be read correctly. If you use Add permissions only, when Windows NT checks for the existence of the profile it will fail because it looks for the path first, and if Read rights are not given, the check will fail.

Permissions are also important on a client machine where the user is log- ging on interactively. If Windows NT is installed in an NTFS partition on the client computer, and the user does not have at least the default permissions as outlined in the Windows NT Server Concepts and Planning Guide (page 132), errors can occur. For example, if permissions are incorrect on the root of the system directory, the following message appears: “Can’t access this folder— the path is too long.”A blank desktop is displayed, and the user’s only option is to log off.

If permissions are set incorrectly in the %systemroot%, %system- root%\System, %systemroot%\System32, or %systemroot%\System32\Config directories, the following message appears: “Unable to log you on because your profile could not be loaded.”

Encoding Permissions in the User Profile

The registry portion of the User Profile, NTuser.xxx, is encoded with the user or group that has permission to use that profile. Once this is saved, you can use the Registry Editor to modify this information if you want to change the permissions on a profile without replacing it.

To change encoded User Profile information:

1.Follow the instructions to manually edit a profile: (Refer to the section “Administering a User Profile Manually through the Registry”later in this document).

2.Change the permissions on the root of the key to include users and groups who will have permission to use the profile.

3.Unload the hive.

Selecting a Location to Save User Profiles

As with Windows NT 3.5x, you can place a roaming profile in any shared di- rectory, and then configure the user account profile path to point to the profile. The Profiles directory in the system root stores local User Profiles, “All Users” profile settings (which apply to any user who uses the computer), the “Default User”profile, and cached User Profiles of domain users. You should avoid using the %systemroot%\Profiles directory in the domain users’profile path as

alocation to store server-based profiles, whether they are roaming or manda- tory. (The path should allow the user’s profile to roam with the user and be available on any networked computer that the user logs on to. If you specify a path to the %systemroot%\Profiles directory, the client computer always uses the local profile instead.)

Windows NT 4.0 profiles can be saved on any Windows NT 3.5x or 4.0 server because the client computer uses the path where the profile is stored only as a location to download the profile and to write the modified user profile at log off. This allows profiles to be stored on any shared network drive. The process of downloading the profile is controlled by the client computer— all the

Microsoft Windows NT Server White Paper

9

Page 16 Page 18
Image 17
Page 16 Page 18
Contents Server Operating System Page Windows NT 4.0 documentation and Resource Kits AbstractUser environment than they have ever had before Page Contents System Policy Editor System Policy An IntroductionPage User Profile Flowcharts System Policy Flowchart For More Information Appendix a -FlowchartsAutorun Start Banner Appendix C Usage NotesTCO and the User Profiles, Policies, and the Zero Administration KitIntroduction Before You Begin What are User Profiles and System Policies?Key Terminology 32-bit version of the Registry EditorComputer Technical NotesUser Profile Structure Creating and Administering User ProfilesEstablishing User Profiles AN Overview Configuration Preferences Stored in Profile Directories Configuration Preferences Stored in the Registry HiveWindows NT 4.0 file Windows NT 4.0 and Windows User Profile DifferencesList, is checked for an existing entry for that user Equivalent Windows 95 fileUser Profile Planning and Implementation Setting Permissions for User ProfilesSelecting a Location to Save User Profiles Encoding Permissions in the User ProfileSetting Persistent Connections Working Around Slow Network Links Delete the network connection and reconnectTo create a new roaming user profile Creating and Maintaining User ProfilesCreating a New Roaming User Profile for Windows NT Microsoft Windows NT Server White Paper ∙ To copy a template profile manually to a number of users Copy the profile appropriate to your implementation∙ To copy an existing user’s profile to another user To create a new mandatory User Profile Creating a New Mandatory User Profile for Windows NTCalled TemplateUser Changing the User’s Ability to Modify a Profile Making a Roaming Profile Mandatory Windows NTEnforcing the Use of the Server-based Profile To create a roaming user profile for a Windows 95 user Creating a New Roaming User Profile for a Windows 95 UserTo create a mandatory user profile for a Windows 95 user Creating a New Mandatory User Profile for WindowsDeleting Profiles Ddays \\computernameDetermining Which Profile Is Displayed Copying Profiles Microsoft Windows NT Server White Paper All Users Shared Profile Log Files Used by ProfilesProfile Names and Storage in the Registry Default User Template ProfilesTo manually customize a User Profile Manually Administering a User Profile through the RegistryModifying the Default User Profile Microsoft Windows NT Server White Paper To create the profile from an existing template profile To create a mandatory profile from the old profileTo change the profile Creating Profiles Without User-Specific ConnectionsStart REGEDT32 and locate the following path Troubleshooting User Profiles with the UserEnv.log FileTo enable logging ========================================================= Sample LogSystem Policy Files System Policy AN IntroductionThis change must be made individually to each workstation Policy ReplicationHow Policies Are Applied Additional Implementation Considerations Microsoft Windows NT Server White Paper System Policy Editor Installing the System Policy Editor on a Windows 95 ComputerSystem Policy Editor Template .Adm Files Updating the Registry with the System Policy EditorYour Own Custom .Adm File,later in this document Configuring Policy SettingsTo restore the defaults Setting Folder Paths Back to DefaultsCreating a System Policy To create a new System PolicyTem Policy Editor Creating Alternate Folder Paths Setting Up Shortcuts for Server-based ProfilesTo create shared folders and alternate folder paths To resolve links correctlyTo retrieve the policy file from a specific location Deploying Policies for Windows NT 4.0 MachinesTo deploy policies for a Windows 95-based computer Update mode box, select Manual use specific pathDeploying Policies for Windows 95 Machines To create a policy file for stand-alone workstations Modifying Policy Settings on Stand-Alone WorkstationsTo change policy settings remotely To create a custom .adm file To change policy settings locallyCreating a Custom .Adm File Remember that the Valuename needs to be within a Part if Would useThese can be nested to create sub-categories as follows END Part Save and test your file Type REGEXPANDSZ, for example∙ MAXLEN- Specifies the maximum length of text, for example Building Fault Tolerance for Custom Shared Folders Configuring System Policies Based on Geographic LocationClearing the Documents Available List Each time the System Policy Editor startsMicrosoft Windows NT Server White Paper Default User Settings Selection Color scheme Key Selection Remove Run command from Start menu DescriptionSelection Remove Find command from Start menu Description Selection No Entire Network in Network Neighborhood Key Selection Hide drives in My Computer DescriptionSelection Hide Network Neighborhood Description Selection Hide all items on desktop Description Selection No workgroup contents in Network Neighborhood KeySelection Dont save settings at Exit Description Selection Disable Shut Down command DescriptionSelectionDisable registry editing tools Category SystemSelection Run only allowed Windows applications Description Selection Custom desktop icons Description Selection Custom Program folder DescriptionSelection Custom Network Neighborhood Description Selection Hide Start menu subfolders DescriptionSelection Custom Startup folder Description Selection Custom Start menu Description \CurrentVersion \Explorer \User Shell FoldersAs part of the Start menu Selection Only use approved shell extensions KeySelection Selection Disable context menus for the Taskbar DescriptionSelection Remove File menu from Explorer Description Work Drive options Selection Run logon scripts synchronously Description Selection Disable link file tracking DescriptionSelection Show welcome tips at logon Description Selection Disable Task Manager DescriptionSelection Remote update Description Default Computer Settings\Explorer \TipsSelection Permitted managers Key Selection Run Description Selection Scheduler priority Key Selection Create hidden drive shares server DescriptionError occurs on a print server Selection Beep for error enabled DescriptionCategoryWindows NT Remote Access SelectionMax number of unsuccessful authentication retriesSelectionAuto disconnect SelectionWait interval for callbackRAS Call-back Interval RAS Auto-disconnectSelection Custom shared Programs folder Description Custom shared foldersStart menu Selection Custom shared desktop icons DescriptionSelection Logon banner Selection Custom shared Start menu DescriptionSelection Custom shared Startup folder Description With text Enables or disables display of the last logged on userDialog window Logon dialog is displayedFile system Tion, this value takes precedence\System \CurrentControlSet \Control \FileSystem Selection Allow extended characters in 8.3 file namesPerformance Last access time. This increases the file system’sCategoryWindows NT User Profiles SelectionDelete cached copies of roaming profilesSelectionAutomatically detect slow network connections SelectionSlow network connection timeoutSelectionTimeout for dialog boxes Registry Value Registry Data Description Registry Entries not Included in the System Policy Editor Registry Value Registry Data Description NoStartBanner For More Information User Profile Flowcharts Appendix a FlowchartsWill the user be mandated to receive the profile for logon? Available? See Apply System Policy Save settings to Registry Call made to check Check for .man extension Server profile Do Group Policies System Policy FlowchartExisting Windows NT 3.5x Roaming Profile Appendix B Implementing User ProfilesCreating a New Windows NT 4.0 Mandatory Profile Creating a New Windows NT 4.0 Roaming ProfileChanging a Roaming Profile to a Mandatory Profile Appendix C Usage Notes Recent Updates to Profiles Since Retail ReleaseRecent Updates to Policies Since Retail Release Policies Appendix D Related Knowledge Base ArticlesProfiles Q156432

Windows NT 4.0 specifications

Microsoft Windows NT 4.0, released on July 29, 1996, marked a significant milestone in the evolution of Microsoft's operating systems. As the successor to Windows NT 3.51, this version brought a range of enhancements and features that appealed to both enterprise users and consumers.

One of the standout characteristics of Windows NT 4.0 was its introduction of the Windows 95 user interface, which significantly improved user experience and accessibility. This graphical interface made it easier for users to navigate the operating system, transitioning from the more complex interfaces of previous NT versions. The integration of familiar elements such as the Start menu and taskbar helped bridge the gap between professional and personal computing environments.

Windows NT 4.0 was built on a robust and secure architecture. It utilized the NT kernel, which provided improved multitasking and stability compared to its predecessors. This operating system was designed to handle multiple user sessions simultaneously, making it suitable for servers as well as workstations. The inherent stability of NT 4.0 made it a favorite in enterprise environments, particularly for critical applications and systems.

Another defining feature of NT 4.0 was its support for a wide range of hardware, making it versatile across various machine configurations. It included compatibility with numerous devices and peripherals, which facilitated its adoption in diverse settings.

In addition to user interface enhancements and hardware compatibility, Windows NT 4.0 introduced powerful networking capabilities. The operating system supported TCP/IP natively, alongside NetBEUI and IPX/SPX protocols. This meant that it could seamlessly integrate into existing network environments, providing essential services for file and printer sharing, domain management, and remote access through features like Remote Access Service (RAS).

Security was another key focus area for Windows NT 4.0. Built around security principles, it employed a discretionary access control system, allowing administrators to define user permissions and manage access to resources effectively. This was particularly appealing to businesses that needed to enforce strict security policies.

Windows NT 4.0 also included improved support for backup and recovery, through the inclusion of the NT Backup utility. The operating system allowed for the creation of scheduled backups and simplified data recovery processes, enhancing data integrity and reliability.

As NT 4.0 entered its later years, it laid the groundwork for future Windows operating systems, influencing the design of later versions, particularly Windows 2000. It combined user-friendly features with enterprise-level robustness, ultimately shaping expectations for modern operating systems across various industries.
Top Page Image Contents