Encoding Permissions in the User Profile

NOTE: Directories containing roaming User Profiles need at least Add and Read permissions for profiles to be read correctly. If you use Add permissions only, when Windows NT checks for the existence of the profile it will fail because it looks for the path first, and if Read rights are not given, the check will fail.

Permissions are also important on a client machine where the user is log- ging on interactively. If Windows NT is installed in an NTFS partition on the client computer, and the user does not have at least the default permissions as outlined in the Windows NT Server Concepts and Planning Guide (page 132), errors can occur. For example, if permissions are incorrect on the root of the system directory, the following message appears: “Can’t access this folder— the path is too long.”A blank desktop is displayed, and the user’s only option is to log off.

If permissions are set incorrectly in the %systemroot%, %system- root%\System, %systemroot%\System32, or %systemroot%\System32\Config directories, the following message appears: “Unable to log you on because your profile could not be loaded.”

The registry portion of the User Profile, NTuser.xxx, is encoded with the user or group that has permission to use that profile. Once this is saved, you can use the Registry Editor to modify this information if you want to change the permissions on a profile without replacing it.

To change encoded User Profile information:

1.Follow the instructions to manually edit a profile: (Refer to the section “Administering a User Profile Manually through the Registry”later in this document).

2.Change the permissions on the root of the key to include users and groups who will have permission to use the profile.

3.Unload the hive.

Selecting a Location to Save User Profiles

As with Windows NT 3.5x, you can place a roaming profile in any shared di- rectory, and then configure the user account profile path to point to the profile. The Profiles directory in the system root stores local User Profiles, “All Users” profile settings (which apply to any user who uses the computer), the “Default User”profile, and cached User Profiles of domain users. You should avoid using the %systemroot%\Profiles directory in the domain users’profile path as

alocation to store server-based profiles, whether they are roaming or manda- tory. (The path should allow the user’s profile to roam with the user and be available on any networked computer that the user logs on to. If you specify a path to the %systemroot%\Profiles directory, the client computer always uses the local profile instead.)

Windows NT 4.0 profiles can be saved on any Windows NT 3.5x or 4.0 server because the client computer uses the path where the profile is stored only as a location to download the profile and to write the modified user profile at log off. This allows profiles to be stored on any shared network drive. The process of downloading the profile is controlled by the client computer— all the

Microsoft Windows NT Server White Paper

Windows NT 4.0 specifications

Microsoft Windows NT 4.0, released on July 29, 1996, marked a significant milestone in the evolution of Microsoft's operating systems. As the successor to Windows NT 3.51, this version brought a range of enhancements and features that appealed to both enterprise users and consumers.

One of the standout characteristics of Windows NT 4.0 was its introduction of the Windows 95 user interface, which significantly improved user experience and accessibility. This graphical interface made it easier for users to navigate the operating system, transitioning from the more complex interfaces of previous NT versions. The integration of familiar elements such as the Start menu and taskbar helped bridge the gap between professional and personal computing environments.

Windows NT 4.0 was built on a robust and secure architecture. It utilized the NT kernel, which provided improved multitasking and stability compared to its predecessors. This operating system was designed to handle multiple user sessions simultaneously, making it suitable for servers as well as workstations. The inherent stability of NT 4.0 made it a favorite in enterprise environments, particularly for critical applications and systems.

Another defining feature of NT 4.0 was its support for a wide range of hardware, making it versatile across various machine configurations. It included compatibility with numerous devices and peripherals, which facilitated its adoption in diverse settings.

In addition to user interface enhancements and hardware compatibility, Windows NT 4.0 introduced powerful networking capabilities. The operating system supported TCP/IP natively, alongside NetBEUI and IPX/SPX protocols. This meant that it could seamlessly integrate into existing network environments, providing essential services for file and printer sharing, domain management, and remote access through features like Remote Access Service (RAS).

Security was another key focus area for Windows NT 4.0. Built around security principles, it employed a discretionary access control system, allowing administrators to define user permissions and manage access to resources effectively. This was particularly appealing to businesses that needed to enforce strict security policies.

Windows NT 4.0 also included improved support for backup and recovery, through the inclusion of the NT Backup utility. The operating system allowed for the creation of scheduled backups and simplified data recovery processes, enhancing data integrity and reliability.

As NT 4.0 entered its later years, it laid the groundwork for future Windows operating systems, influencing the design of later versions, particularly Windows 2000. It combined user-friendly features with enterprise-level robustness, ultimately shaping expectations for modern operating systems across various industries.

Microsoft Windows NT 4.0 manual Encoding Permissions in the User Profile

Models: Windows NT 4.0