this change must be made individually to each workstation.

When a user of a Windows NT 4.0-based workstation logs on, if the Windows NT 4.0-based machine is working in Automatic mode (which is the default), the workstation checks the NETLOGON share on the validating do- main controller (DC) for the NTconfig.pol file. If the workstation finds the file, it downloads it, parses it for the user, group, and computer policy data, and ap- plies it if appropriate. If a user logs on to a machine that has a computer account in a resource domain, the search for the NTconfig.pol file is redirected to the validating domain controller in the account domain. In this situation, the Windows NT 4.0-based workstation has a secure communication channel es- tablished to a domain controller of the resource domain. The Windows NT- based workstation sends the user’s logon request over this communication channel, and expects a response the same way. The domain controller in the resource domain receives this request, forwards it to a domain controller in the user’s account domain, and waits for a response. Once the domain controller in the resource domain receives this response from the account domain’s DC, it returns the authentication request to the client machine, including the vali- dating domain controller’s name from the account domain. The Windows NT- based workstation now knows where to look for the NTconfig.pol file.

Policy Replication

If you implement a System Policy file for Windows NT users and computers and you intend to use the default behavior of Windows NT, be sure that direc- tory replication is occurring properly among all domain controllers that participate in user authentication. With Windows NT, the default behavior is for the computer to check for a policy file in the NETLOGON share of the validat- ing domain controller. If directory replication to a domain controller fails and a Windows NT-based workstation does not find a policy file on that server, no policy will be applied and the existing settings will remain, possibly leaving the user with a nonstandard environment or more capabilities than you want that particular user to have.

How Policies Are Applied

Once located, policies are applied as follows:

If the policy file includes settings for the specific user account, those are applied to the HKEY_CURRENT_USER registry key. Other group settings are discarded, even if the user is a member of the group, because the user settings take precedence.

If a user-specific policy is not present, and Default User settings exist, the Default User settings are applied to the HKEY_CURRENT_USER registry key.

If no user specific settings are present, and group settings exist, the user’s group membership in each of those groups is checked. If the user is a member of one or more groups, the settings from each of the groups— starting with the lowest priority and continuing through the highest priority— are applied to the HKEY_CURRENT_USER key in the registry.

36 Microsoft Windows NT Server White Paper

Page 44
Image 44
Microsoft Windows NT 4.0 manual Policy Replication, How Policies Are Applied

Windows NT 4.0 specifications

Microsoft Windows NT 4.0, released on July 29, 1996, marked a significant milestone in the evolution of Microsoft's operating systems. As the successor to Windows NT 3.51, this version brought a range of enhancements and features that appealed to both enterprise users and consumers.

One of the standout characteristics of Windows NT 4.0 was its introduction of the Windows 95 user interface, which significantly improved user experience and accessibility. This graphical interface made it easier for users to navigate the operating system, transitioning from the more complex interfaces of previous NT versions. The integration of familiar elements such as the Start menu and taskbar helped bridge the gap between professional and personal computing environments.

Windows NT 4.0 was built on a robust and secure architecture. It utilized the NT kernel, which provided improved multitasking and stability compared to its predecessors. This operating system was designed to handle multiple user sessions simultaneously, making it suitable for servers as well as workstations. The inherent stability of NT 4.0 made it a favorite in enterprise environments, particularly for critical applications and systems.

Another defining feature of NT 4.0 was its support for a wide range of hardware, making it versatile across various machine configurations. It included compatibility with numerous devices and peripherals, which facilitated its adoption in diverse settings.

In addition to user interface enhancements and hardware compatibility, Windows NT 4.0 introduced powerful networking capabilities. The operating system supported TCP/IP natively, alongside NetBEUI and IPX/SPX protocols. This meant that it could seamlessly integrate into existing network environments, providing essential services for file and printer sharing, domain management, and remote access through features like Remote Access Service (RAS).

Security was another key focus area for Windows NT 4.0. Built around security principles, it employed a discretionary access control system, allowing administrators to define user permissions and manage access to resources effectively. This was particularly appealing to businesses that needed to enforce strict security policies.

Windows NT 4.0 also included improved support for backup and recovery, through the inclusion of the NT Backup utility. The operating system allowed for the creation of scheduled backups and simplified data recovery processes, enhancing data integrity and reliability.

As NT 4.0 entered its later years, it laid the groundwork for future Windows operating systems, influencing the design of later versions, particularly Windows 2000. It combined user-friendly features with enterprise-level robustness, ultimately shaping expectations for modern operating systems across various industries.