Microsoft Windows NT 4.0 manual Making a Roaming Profile Mandatory Windows NT

NOTES:

∙When entering the path to the target directory, you can use universal naming convention (UNC) names. However, if you are going to use the Browse function to locate the target directory for the profile, it is important that you first map a drive to the \\server\share where the profile will be stored.

∙The mydomainuser name shown in Step 2 does not have to be the user’s name. Many user accounts or groups can be configured to point to the same profile. Because this is a mandatory profile, this may be the desired use of the profile since the administrator wants all the users in the group to re- ceive the same settings.

∙The profile does not need to be stored one directory below the \\server\share. The profile can be nested several directories below, or the profile path can be local.

∙If the profile path points to a directory on the local machine, a share is not needed.

∙The variable %USERNAME% is replaced by the user name only once in the User Profile path, in User Manager, and it must be the last subdirectory in the path. However, extensions can still be added, such as .usr or .man.

∙The %LOGONSERVER% variable can be used for mandatory profiles to provide fault tolerance. Do not place double slashes ( \\) in front of %LOGONSERVER%; doing so will prevent the variable from being read properly. See Microsoft Knowledge Base article Q141714 for more information.

∙You can use the TemplateUser account to test changes before making them available to users by copying the adjusted profile directory to test accounts prior to rollout.

∙You can select any group or a specific user when setting the permissions. However, only the user or group specified will be able to use the profile. For this reason, it is recommended that the Everyone group be given permission to use template profiles.

Making a Roaming Profile Mandatory in

Windows NT 4.0

You have two options when configuring a mandatory roaming profile: you can change the user’s ability to modify the User Profile, or you can change the user’s ability to modify the User Profile and enforce the use of the server- based profile at logon. With the second option, the user is not able to log on to the system if the network profile is unavailable. Each of these procedures will be explained more fully below.

Changing the User’s Ability to Modify a Profile

When creating a User Profile or at any time thereafter, you have the option of enforcing whether or not the user can modify the profile by changing the ex- tension on the NTuser.dat file. The NTuser.dat file is located in the root of the user’s profile directory. If you change the name of this file to NTuser.man, when Windows NT reads the profile, it marks the profile as read-only, and any changes that the user makes while logged on are not written back to the server-based profile when he or she logs off.

To change the user’s ability to make modifications to the User Profile

1.Locate the user’s profile in the account’s User Profile path.

2.While the user is logged off, rename the NTuser.dat file to NTuser.man. (Note that if you make this change while the user is logged on, the user’s copy of the profile will overwrite your changes, because at the time the user logged on, he or she had permission to overwrite the profile.)