White Paper Guide to Microsoft Windows NT 4.0 Profiles and Policies
Server Operating System
0997
1997 Microsoft Corporation. All rights reserved
Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA
Abstract
Page
Creating and Maintaining User Profiles
CONTENTS
Introduction
Establishing User Profiles - An Overview
Templates
Registry Keys Modified by the System Policy Editor Default
System Policy - An Introduction
The System Policy Editor
Printer Browse Thread Server Scheduler Error Beep
Start Menu Shut Down Command Saved Settings Registry Editing Tools
Welcome Tips Default Computer Settings Remote Update Communities
Permitted Managers Public Community Traps Run Command
Registry Entries Not Included in the System Policy Editor
Appendix A -Flowcharts
For More Information
Appendix C - Usage Notes
TCO and the User
Profiles, Policies, and the Zero Administration Kit
INTRODUCTION
2 Microsoft Windows NT Server White Paper
What are User Profiles and System Policies?
Before You Begin
Directory Replication
systemroot%
Technical Notes
Roaming User
System Policy
User Profile Structure
Creating and Administering User Profiles
ESTABLISHING USER PROFILES - AN OVERVIEW
The NTuser.dat file contains the following configuration settings
Windows NT 4.0 file
Windows NT 4.0 and Windows User Profile Differences
User Profile Planning and Implementation
To change encoded User Profile information
There are three methods to correct this
Working Around Slow Network Links
3. Delete the network connection and reconnect
To create a new roaming user profile
CREATING AND MAINTAINING USER PROFILES
Creating a New Roaming User Profile for Windows NT
e Continue to Step
14 Microsoft Windows NT Server White Paper
∙ To copy an existing user’s profile to another user
∙ To copy a template profile manually to a number of users
To create a new mandatory User Profile
Creating a New Mandatory User Profile for Windows NT
16 Microsoft Windows NT Server White Paper
called TemplateUser
Making a Roaming Profile Mandatory in Windows NT
pdm, and will check again
Creating a New Roaming User Profile for a Windows 95 User
To create a mandatory user profile for a Windows 95 user
Creating a New Mandatory User Profile for Windows
Maintaining User Profiles with Control Panel System Properties
Deleting Profiles
ddays
See the Windows NT Server Resource Kit for more information
c\\computername
Valid profile types are
will open to the profile directory used by that account
Viewing the Contents of the Profiles Directory on a Local Computer
26 Microsoft Windows NT Server White Paper
Log Files Used by Profiles
The All Users Shared Profile
systemroot%\Profiles\All Users\Start Menu\Programs
Default User Template Profiles
Profile Names and Storage in the Registry
Manually Administering a User Profile through the Registry
process. For this reason, we recommend that you use the user name
\%systemroot%\Profiles\Default User\Desktop
30 Microsoft Windows NT Server White Paper
Extracting a User Profile for Use on Another Domain or Machine
Creating Profiles Without User-Specific Connections
Troubleshooting User Profiles with the UserEnv.log File
Sample Log
System Policy Files
SYSTEM POLICY - AN INTRODUCTION
How Policies Are Applied
Policy Replication
Additional Implementation Considerations
∙ What type of restrictions do you want to impose on users?
THE SYSTEM POLICY EDITOR
Installing the System Policy Editor on a Windows NT Workstation
Installing the System Policy Editor on a Windows 95 Computer
System Policy Editor Template .Adm Files
Updating the Registry with the System Policy Editor
To install the System Policy Editor from a Windows NT 4.0 Server
Your Own Custom .Adm File,”later in this document
Creating a System Policy
tem Policy Editor
Creating Alternate Folder Paths
Deploying Policies for Windows NT 4.0 Machines
3. In the Update mode box, select Manual use specific path
Deploying Policies for Windows 95 Machines
Modifying Policy Settings on Stand-Alone Workstations
Creating a Custom .Adm File
To close the category after filling in the options, you would use
KEYNAME System\CurrentControlSet\Services\ LanManServer\Parameters
3. Choose the CLASS in which you want your custom entries to appear
would use
Checked REGDWORD with a value of
VALUENAME ValueToBeChanged VALUEON “Turned On” VALUEOFF “Turned Off”
PART !!MyPolicy NUMERIC DEFAULT VALUENAME ValueToBeChanged END PART
PART !!MyPolicy EDITTEXT EXPANDABLETEXT VALUENAME ValueToBeChanged
MAXLEN 4 END PART
Clearing the Documents Available List
Configuring System Policies Based on Geographic Location
Building Fault Tolerance for Custom Shared Folders
will refer the client to multiple servers for the same path. For example, on a Dfs server, the administrator has defined that users connecting to the UNC path \\Dfsserver\Dfsshare\Customfolder, will be returned a response with three dif- ferent servers, \\Server1\Customerfolder, \\Server2\Customerfolder, and \\Server3\Customerfolder, all of which contain the same data. The client ma- chine, which can be either a Windows NT-based 4.0 machine or a
Wallpaper
REGISTRY KEYS MODIFIED BY THE SYSTEM POLICY EDITOR DEFAULT TEMPLATES
Default User Settings
Control Panel Display Application
can start unauthorized applications. To further restrict the
Start Menu Run Command
Settings Folders
Color Scheme
56 Microsoft Windows NT Server White Paper
Settings Taskbar
Start Menu Find Command
NoDrives
My Computer Drive Icons
Network Neighborhood Icon
Network Neighborhood Display
58 Microsoft Windows NT Server White Paper
Network Neighborhood Workgroup Contents
Start Menu Shut Down Command
Desktop Display
Registry Editing Tools
Saved Settings
remove the user’s name from the “Shut down the system”
60 Microsoft Windows NT Server White Paper
Windows Applications Restrictions
playing the folders, files, and shortcuts the user receives
Custom Programs
user selects Programs from the Start menu. The user’s
Custom Desktop Icons
62 Microsoft Windows NT Server White Paper
Custom Startup Folder
Custom Network Neighborhood
Shell Extensions
Custom Start Menu
Start Menu Common Program Groups
Disables the display of common groups when the user
Explorer File Menu
Removes the File option from Explorer’s toolbar. This
Remove the Map Network Drive and Disconnect Net
Explorer Context Menu
Network Connections
Determines whether the shell waits for the logon script to
When enabled, link file tracking uses the configured path
When this value is 1, the environment variables declared
shown in properties for the shortcut to an application in
Task Manager
Enables or disables the user’s ability to start Task Man
when the user logs on for the first and second time. This
group are started. If this value is also set in the Computer
Communities
Default Computer Settings
Remote Update
Permitted managers
Category
Subcategory
Selection
Drive Shares - Workstation
Run Command
When enabled, creates administrative shares for physical
Printer Browse Thread
ministrators the ability to control this feature. This setting
Drive Shares - Server
physical drives. These shares were created automatically
Authentication Time Limit
Error Beep
Enables beeping every 10 seconds when a remote job
Authentication Retries
RAS Auto-disconnect
SelectionWait interval for callback
SelectionAuto disconnect
RAS Call-back Interval
74 Microsoft Windows NT Server White Paper
Shared Programs Folder Path
Shared Desktop Icons Path
Shared Start Menu Path
Logon Banner
Shared Startup Folder Path
Before the user logs on, displays a custom dialog box
Enable shutdown from Authentication dialog box
Enables or disables the Shut Down button on the logon
name when the user presses CTRL+ALT+DEL and the
Category
Cached Roaming Profiles
Read Only Files - Last Access Time
Do not update last access time
For files that are only to be read, specifies do not update
Dialog Box Timeout
SelectionSlow network connection timeout
SelectionTimeout for dialog boxes
Slow Network Timeout
80 Microsoft Windows NT Server White Paper
onds in hexadecimal. Decimal = 0-600 default =
Show
REGDWORD Off = 0 or value is removed On = time in sec
Start Banner
REGISTRY ENTRIES NOT INCLUDED IN THE SYSTEM POLICY EDITOR
Autorun
Description
0 = enabled 1= disabled
Registry Value
Registry Data
FOR MORE INFORMATION
84 Microsoft Windows NT Server White Paper
APPENDIX A - FLOWCHARTS
User Profile Flowcharts
Begin Profile Process Does the
86 Microsoft Windows NT Server White Paper
Flowchart 2. User Logon Part
Set USERPROFILE environment variable Check build number for version
Continued from Command to Load Profile Load the User Profile
Apply System Policy Save settings to Registry
Flowchart 3. User Logon Part
88 Microsoft Windows NT Server White Paper
Flowchart 4. User Logon - Accessing Server-based Profile
System Policy Flowchart
Existing Windows NT 3.5x Roaming Profile
APPENDIX B - IMPLEMENTING USER PROFILES
Existing Windows NT 3.5x Roaming Profile
∙ User action To automatically upgrade the profile, log on to the
Creating a New Windows NT 4.0 Mandatory Profile
Creating a New Windows NT 4.0 Roaming Profile
92 Microsoft Windows NT Server White Paper
Updating and Changing a Roaming Profile to a Mandatory Profile
Changing a Roaming Profile to a Mandatory Profile
Regarding User Logons and User Logoffs
Important Information for Administrators
Recent Updates to Profiles Since Retail Release
APPENDIX C - USAGE NOTES
94 Microsoft Windows NT Server White Paper
Recent Updates to Policies Since Retail Release
Policies
APPENDIX D - RELATED KNOWLEDGE BASE ARTICLES
Profiles
Q155956
Windows NT 4.0 Policy Restriction Error at Logon
Cannot Restore Default Setting for Shutdown Button
Q156432