Microsoft Windows NT 4.0 manual Modifying Policy Settings on Stand-Alone Workstations

Page 55

Modifying Policy Settings on Stand-Alone Workstations

If you need to modify settings of a Windows NT 4.0-based workstation user who is not a member of the domain and thus will not be able to use the policy file located on the domain, you have three options available to you:

You can create a policy file for stand-alone workstations where users log on locally, or

You can change policy settings remotely, or

You can change policy settings locally.

Procedures for each option are described next. Note that you must have administrator rights to the stand-alone workstations in question.

To create a policy file for stand-alone workstations:

1.Log on as administrator, and create a policy file that includes Computer and User objects with appropriate settings for the computer and users re- spectively. The user objects may include the Default User or user accounts from the local workstation, but global group objects will be ig- nored if added to the policy file. Windows NT recognizes machine-specific policy settings for the computer if those are specified in the policy file.

2.Place the policy file in a secure directory on the stand-alone computer or on a network share to which the user has at least Read permissions.

3.In the workstation registry, locate the UpdateMode value in the following key:

HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet

\Control

\Update

4.Update the data to a hex value of 2.

5.In the same registry subkey, modify the NetworkPath value with the local or UNC path where the policy file resides. If this path does not exist, add it as a data type of REG_SZ. For example, if the policy file is named NTcon- fig.pol and is placed in the root directory of Windows NT, NetworkPath should contain the path c:\Winnt\Ntconfig.pol.

6.Have the user log on to the workstation. Windows NT will read the policy file specified by NetworkPath and then apply the appropriate policy to the computer or to the user.

NOTES:

UNC paths may be used in the NetworkPath value. This is beneficial to those administrators who want to centralize the policy file in use.

To change policy settings remotely:

1.Log on as administrator, open the System Policy Editor, and from the File menu, select Connect.

2.Type the computer name of the workstation to be modified, and click Enter. A dialog will appear displaying the user name of the currently logged on

Microsoft Windows NT Server White Paper

47

Page 54 Page 56
Image 55
Page 54 Page 56
Contents Server Operating System Page User environment than they have ever had before AbstractWindows NT 4.0 documentation and Resource Kits Page Contents System Policy Editor System Policy An IntroductionPage Appendix C Usage Notes For More Information Appendix a -FlowchartsUser Profile Flowcharts System Policy Flowchart Autorun Start BannerIntroduction Profiles, Policies, and the Zero Administration KitTCO and the User Before You Begin What are User Profiles and System Policies?Key Terminology 32-bit version of the Registry EditorComputer Technical NotesEstablishing User Profiles AN Overview Creating and Administering User ProfilesUser Profile Structure Configuration Preferences Stored in Profile Directories Configuration Preferences Stored in the Registry HiveEquivalent Windows 95 file Windows NT 4.0 and Windows User Profile DifferencesWindows NT 4.0 file List, is checked for an existing entry for that userUser Profile Planning and Implementation Setting Permissions for User ProfilesSelecting a Location to Save User Profiles Encoding Permissions in the User ProfileSetting Persistent Connections Working Around Slow Network Links Delete the network connection and reconnectCreating a New Roaming User Profile for Windows NT Creating and Maintaining User ProfilesTo create a new roaming user profile Microsoft Windows NT Server White Paper ∙ To copy an existing user’s profile to another user Copy the profile appropriate to your implementation∙ To copy a template profile manually to a number of users To create a new mandatory User Profile Creating a New Mandatory User Profile for Windows NTCalled TemplateUser Changing the User’s Ability to Modify a Profile Making a Roaming Profile Mandatory Windows NTEnforcing the Use of the Server-based Profile To create a roaming user profile for a Windows 95 user Creating a New Roaming User Profile for a Windows 95 UserTo create a mandatory user profile for a Windows 95 user Creating a New Mandatory User Profile for WindowsDeleting Profiles Ddays \\computernameDetermining Which Profile Is Displayed Copying Profiles Microsoft Windows NT Server White Paper All Users Shared Profile Log Files Used by ProfilesProfile Names and Storage in the Registry Default User Template ProfilesTo manually customize a User Profile Manually Administering a User Profile through the RegistryModifying the Default User Profile Microsoft Windows NT Server White Paper To create the profile from an existing template profile To create a mandatory profile from the old profileTo change the profile Creating Profiles Without User-Specific ConnectionsTo enable logging Troubleshooting User Profiles with the UserEnv.log FileStart REGEDT32 and locate the following path ========================================================= Sample LogSystem Policy Files System Policy AN IntroductionHow Policies Are Applied Policy ReplicationThis change must be made individually to each workstation Additional Implementation Considerations Microsoft Windows NT Server White Paper System Policy Editor Installing the System Policy Editor on a Windows 95 ComputerSystem Policy Editor Template .Adm Files Updating the Registry with the System Policy EditorYour Own Custom .Adm File,later in this document Configuring Policy SettingsTo create a new System Policy Setting Folder Paths Back to DefaultsTo restore the defaults Creating a System PolicyTem Policy Editor To resolve links correctly Setting Up Shortcuts for Server-based ProfilesCreating Alternate Folder Paths To create shared folders and alternate folder pathsTo retrieve the policy file from a specific location Deploying Policies for Windows NT 4.0 MachinesDeploying Policies for Windows 95 Machines Update mode box, select Manual use specific pathTo deploy policies for a Windows 95-based computer To change policy settings remotely Modifying Policy Settings on Stand-Alone WorkstationsTo create a policy file for stand-alone workstations Creating a Custom .Adm File To change policy settings locallyTo create a custom .adm file These can be nested to create sub-categories as follows Would useRemember that the Valuename needs to be within a Part if END Part ∙ MAXLEN- Specifies the maximum length of text, for example Type REGEXPANDSZ, for exampleSave and test your file Each time the System Policy Editor starts Configuring System Policies Based on Geographic LocationBuilding Fault Tolerance for Custom Shared Folders Clearing the Documents Available ListMicrosoft Windows NT Server White Paper Default User Settings Selection Color scheme Key Selection Remove Run command from Start menu DescriptionSelection Remove Find command from Start menu Description Selection Hide Network Neighborhood Description Selection Hide drives in My Computer DescriptionSelection No Entire Network in Network Neighborhood Key Selection Hide all items on desktop Description Selection No workgroup contents in Network Neighborhood KeyCategory System Selection Disable Shut Down command DescriptionSelection Dont save settings at Exit Description SelectionDisable registry editing toolsSelection Run only allowed Windows applications Description Selection Custom desktop icons Description Selection Custom Program folder DescriptionSelection Custom Startup folder Description Selection Hide Start menu subfolders DescriptionSelection Custom Network Neighborhood Description Selection Only use approved shell extensions Key \CurrentVersion \Explorer \User Shell FoldersSelection Custom Start menu Description As part of the Start menuSelection Remove File menu from Explorer Description Selection Disable context menus for the Taskbar DescriptionSelection Work Drive options Selection Run logon scripts synchronously Description Selection Disable link file tracking DescriptionSelection Show welcome tips at logon Description Selection Disable Task Manager Description\Tips Default Computer SettingsSelection Remote update Description \ExplorerSelection Permitted managers Key Selection Run Description Selection Scheduler priority Key Selection Create hidden drive shares server DescriptionSelectionMax number of unsuccessful authentication retries Selection Beep for error enabled DescriptionError occurs on a print server CategoryWindows NT Remote AccessRAS Auto-disconnect SelectionWait interval for callbackSelectionAuto disconnect RAS Call-back IntervalSelection Custom shared desktop icons Description Custom shared foldersSelection Custom shared Programs folder Description Start menuSelection Custom shared Startup folder Description Selection Custom shared Start menu DescriptionSelection Logon banner Logon dialog is displayed Enables or disables display of the last logged on userWith text Dialog windowSelection Allow extended characters in 8.3 file names Tion, this value takes precedenceFile system \System \CurrentControlSet \Control \FileSystemSelectionDelete cached copies of roaming profiles Last access time. This increases the file system’sPerformance CategoryWindows NT User ProfilesSelectionTimeout for dialog boxes SelectionSlow network connection timeoutSelectionAutomatically detect slow network connections Registry Value Registry Data Description Registry Entries not Included in the System Policy Editor Registry Value Registry Data Description NoStartBanner For More Information User Profile Flowcharts Appendix a FlowchartsWill the user be mandated to receive the profile for logon? Available? See Apply System Policy Save settings to Registry Call made to check Check for .man extension Server profile Do Group Policies System Policy FlowchartExisting Windows NT 3.5x Roaming Profile Appendix B Implementing User ProfilesCreating a New Windows NT 4.0 Mandatory Profile Creating a New Windows NT 4.0 Roaming ProfileChanging a Roaming Profile to a Mandatory Profile Appendix C Usage Notes Recent Updates to Profiles Since Retail ReleaseRecent Updates to Policies Since Retail Release Profiles Appendix D Related Knowledge Base ArticlesPolicies Q156432

Windows NT 4.0 specifications

Microsoft Windows NT 4.0, released on July 29, 1996, marked a significant milestone in the evolution of Microsoft's operating systems. As the successor to Windows NT 3.51, this version brought a range of enhancements and features that appealed to both enterprise users and consumers.

One of the standout characteristics of Windows NT 4.0 was its introduction of the Windows 95 user interface, which significantly improved user experience and accessibility. This graphical interface made it easier for users to navigate the operating system, transitioning from the more complex interfaces of previous NT versions. The integration of familiar elements such as the Start menu and taskbar helped bridge the gap between professional and personal computing environments.

Windows NT 4.0 was built on a robust and secure architecture. It utilized the NT kernel, which provided improved multitasking and stability compared to its predecessors. This operating system was designed to handle multiple user sessions simultaneously, making it suitable for servers as well as workstations. The inherent stability of NT 4.0 made it a favorite in enterprise environments, particularly for critical applications and systems.

Another defining feature of NT 4.0 was its support for a wide range of hardware, making it versatile across various machine configurations. It included compatibility with numerous devices and peripherals, which facilitated its adoption in diverse settings.

In addition to user interface enhancements and hardware compatibility, Windows NT 4.0 introduced powerful networking capabilities. The operating system supported TCP/IP natively, alongside NetBEUI and IPX/SPX protocols. This meant that it could seamlessly integrate into existing network environments, providing essential services for file and printer sharing, domain management, and remote access through features like Remote Access Service (RAS).

Security was another key focus area for Windows NT 4.0. Built around security principles, it employed a discretionary access control system, allowing administrators to define user permissions and manage access to resources effectively. This was particularly appealing to businesses that needed to enforce strict security policies.

Windows NT 4.0 also included improved support for backup and recovery, through the inclusion of the NT Backup utility. The operating system allowed for the creation of scheduled backups and simplified data recovery processes, enhancing data integrity and reliability.

As NT 4.0 entered its later years, it laid the groundwork for future Windows operating systems, influencing the design of later versions, particularly Windows 2000. It combined user-friendly features with enterprise-level robustness, ultimately shaping expectations for modern operating systems across various industries.
Top Page Image Contents