Server Operating System
White Paper Guide to Microsoft Windows NT 4.0 Profiles and Policies
Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA
1997 Microsoft Corporation. All rights reserved
0997
Abstract
Page
CONTENTS
Introduction
Establishing User Profiles - An Overview
Creating and Maintaining User Profiles
Registry Keys Modified by the System Policy Editor Default
System Policy - An Introduction
The System Policy Editor
Templates
Start Menu Shut Down Command Saved Settings Registry Editing Tools
Welcome Tips Default Computer Settings Remote Update Communities
Permitted Managers Public Community Traps Run Command
Printer Browse Thread Server Scheduler Error Beep
Appendix A -Flowcharts
For More Information
Appendix C - Usage Notes
Registry Entries Not Included in the System Policy Editor
INTRODUCTION
Profiles, Policies, and the Zero Administration Kit
TCO and the User
Before You Begin
What are User Profiles and System Policies?
2 Microsoft Windows NT Server White Paper
Directory Replication
Technical Notes
Roaming User
System Policy
systemroot%
ESTABLISHING USER PROFILES - AN OVERVIEW
Creating and Administering User Profiles
User Profile Structure
The NTuser.dat file contains the following configuration settings
Windows NT 4.0 and Windows User Profile Differences
Windows NT 4.0 file
User Profile Planning and Implementation
To change encoded User Profile information
There are three methods to correct this
3. Delete the network connection and reconnect
Working Around Slow Network Links
Creating a New Roaming User Profile for Windows NT
CREATING AND MAINTAINING USER PROFILES
To create a new roaming user profile
e Continue to Step
∙ To copy a template profile manually to a number of users
∙ To copy an existing user’s profile to another user
14 Microsoft Windows NT Server White Paper
Creating a New Mandatory User Profile for Windows NT
To create a new mandatory User Profile
called TemplateUser
16 Microsoft Windows NT Server White Paper
Making a Roaming Profile Mandatory in Windows NT
pdm, and will check again
Creating a New Roaming User Profile for a Windows 95 User
Maintaining User Profiles with Control Panel System Properties
Creating a New Mandatory User Profile for Windows
To create a mandatory user profile for a Windows 95 user
Deleting Profiles
c\\computername
See the Windows NT Server Resource Kit for more information
ddays
Valid profile types are
will open to the profile directory used by that account
Viewing the Contents of the Profiles Directory on a Local Computer
The All Users Shared Profile
Log Files Used by Profiles
26 Microsoft Windows NT Server White Paper
Profile Names and Storage in the Registry
Default User Template Profiles
systemroot%\Profiles\All Users\Start Menu\Programs
Manually Administering a User Profile through the Registry
\%systemroot%\Profiles\Default User\Desktop
process. For this reason, we recommend that you use the user name
30 Microsoft Windows NT Server White Paper
Extracting a User Profile for Use on Another Domain or Machine
Creating Profiles Without User-Specific Connections
Troubleshooting User Profiles with the UserEnv.log File
Sample Log
SYSTEM POLICY - AN INTRODUCTION
System Policy Files
Policy Replication
How Policies Are Applied
Additional Implementation Considerations
∙ What type of restrictions do you want to impose on users?
Installing the System Policy Editor on a Windows 95 Computer
Installing the System Policy Editor on a Windows NT Workstation
THE SYSTEM POLICY EDITOR
To install the System Policy Editor from a Windows NT 4.0 Server
Updating the Registry with the System Policy Editor
System Policy Editor Template .Adm Files
Your Own Custom .Adm File,”later in this document
Creating a System Policy
tem Policy Editor
Creating Alternate Folder Paths
Deploying Policies for Windows NT 4.0 Machines
Deploying Policies for Windows 95 Machines
3. In the Update mode box, select Manual use specific path
Modifying Policy Settings on Stand-Alone Workstations
Creating a Custom .Adm File
KEYNAME System\CurrentControlSet\Services\ LanManServer\Parameters
3. Choose the CLASS in which you want your custom entries to appear
would use
To close the category after filling in the options, you would use
Checked REGDWORD with a value of
PART !!MyPolicy NUMERIC DEFAULT VALUENAME ValueToBeChanged END PART
PART !!MyPolicy EDITTEXT EXPANDABLETEXT VALUENAME ValueToBeChanged
MAXLEN 4 END PART
VALUENAME ValueToBeChanged VALUEON “Turned On” VALUEOFF “Turned Off”
Building Fault Tolerance for Custom Shared Folders
Configuring System Policies Based on Geographic Location
Clearing the Documents Available List
will refer the client to multiple servers for the same path. For example, on a Dfs server, the administrator has defined that users connecting to the UNC path \\Dfsserver\Dfsshare\Customfolder, will be returned a response with three dif- ferent servers, \\Server1\Customerfolder, \\Server2\Customerfolder, and \\Server3\Customerfolder, all of which contain the same data. The client ma- chine, which can be either a Windows NT-based 4.0 machine or a
REGISTRY KEYS MODIFIED BY THE SYSTEM POLICY EDITOR DEFAULT TEMPLATES
Default User Settings
Control Panel Display Application
Wallpaper
Start Menu Run Command
Settings Folders
Color Scheme
can start unauthorized applications. To further restrict the
Start Menu Find Command
Settings Taskbar
56 Microsoft Windows NT Server White Paper
My Computer Drive Icons
Network Neighborhood Icon
Network Neighborhood Display
NoDrives
Network Neighborhood Workgroup Contents
Start Menu Shut Down Command
Desktop Display
58 Microsoft Windows NT Server White Paper
remove the user’s name from the “Shut down the system”
Saved Settings
Registry Editing Tools
Windows Applications Restrictions
60 Microsoft Windows NT Server White Paper
Custom Programs
user selects Programs from the Start menu. The user’s
Custom Desktop Icons
playing the folders, files, and shortcuts the user receives
Custom Network Neighborhood
Custom Startup Folder
62 Microsoft Windows NT Server White Paper
Custom Start Menu
Shell Extensions
Disables the display of common groups when the user
Explorer File Menu
Removes the File option from Explorer’s toolbar. This
Start Menu Common Program Groups
Network Connections
Explorer Context Menu
Remove the Map Network Drive and Disconnect Net
When enabled, link file tracking uses the configured path
When this value is 1, the environment variables declared
shown in properties for the shortcut to an application in
Determines whether the shell waits for the logon script to
Enables or disables the user’s ability to start Task Man
when the user logs on for the first and second time. This
group are started. If this value is also set in the Computer
Task Manager
Remote Update
Default Computer Settings
Communities
Category
Subcategory
Selection
Permitted managers
When enabled, creates administrative shares for physical
Run Command
Drive Shares - Workstation
ministrators the ability to control this feature. This setting
Drive Shares - Server
physical drives. These shares were created automatically
Printer Browse Thread
Error Beep
Enables beeping every 10 seconds when a remote job
Authentication Retries
Authentication Time Limit
SelectionWait interval for callback
SelectionAuto disconnect
RAS Call-back Interval
RAS Auto-disconnect
Shared Programs Folder Path
Shared Desktop Icons Path
Shared Start Menu Path
74 Microsoft Windows NT Server White Paper
Shared Startup Folder Path
Logon Banner
Enable shutdown from Authentication dialog box
Enables or disables the Shut Down button on the logon
name when the user presses CTRL+ALT+DEL and the
Before the user logs on, displays a custom dialog box
Category
Read Only Files - Last Access Time
Do not update last access time
For files that are only to be read, specifies do not update
Cached Roaming Profiles
SelectionSlow network connection timeout
SelectionTimeout for dialog boxes
Slow Network Timeout
Dialog Box Timeout
onds in hexadecimal. Decimal = 0-600 default =
Show
REGDWORD Off = 0 or value is removed On = time in sec
80 Microsoft Windows NT Server White Paper
Autorun
REGISTRY ENTRIES NOT INCLUDED IN THE SYSTEM POLICY EDITOR
Start Banner
0 = enabled 1= disabled
Registry Value
Registry Data
Description
FOR MORE INFORMATION
User Profile Flowcharts
APPENDIX A - FLOWCHARTS
84 Microsoft Windows NT Server White Paper
Begin Profile Process Does the
Flowchart 2. User Logon Part
86 Microsoft Windows NT Server White Paper
Continued from Command to Load Profile Load the User Profile
Apply System Policy Save settings to Registry
Flowchart 3. User Logon Part
Set USERPROFILE environment variable Check build number for version
Flowchart 4. User Logon - Accessing Server-based Profile
88 Microsoft Windows NT Server White Paper
System Policy Flowchart
APPENDIX B - IMPLEMENTING USER PROFILES
Existing Windows NT 3.5x Roaming Profile
∙ User action To automatically upgrade the profile, log on to the
Existing Windows NT 3.5x Roaming Profile
Creating a New Windows NT 4.0 Roaming Profile
Creating a New Windows NT 4.0 Mandatory Profile
Changing a Roaming Profile to a Mandatory Profile
Updating and Changing a Roaming Profile to a Mandatory Profile
92 Microsoft Windows NT Server White Paper
Important Information for Administrators
Recent Updates to Profiles Since Retail Release
APPENDIX C - USAGE NOTES
Regarding User Logons and User Logoffs
Recent Updates to Policies Since Retail Release
94 Microsoft Windows NT Server White Paper
Profiles
APPENDIX D - RELATED KNOWLEDGE BASE ARTICLES
Policies
Windows NT 4.0 Policy Restriction Error at Logon
Cannot Restore Default Setting for Shutdown Button
Q156432
Q155956