Manuals / Microsoft / Computer Equipment / Server

Microsoft Windows NT 4.0 manual Additional Implementation Considerations

Models: Windows NT 4.0

1 104

Download 104 pages 4.81 Kb

Page 45

Additional Implementation Considerations

e applied to the HKEY_CURRENT_USER key in the registry.

NOTE: If a setting is ignored (gray) in the group settings, but the same setting is marked as enabled or disabled in the Default User settings, the Default User setting are used. The Default User settings take precedence over only those settings that are ignored in the group settings.

∙If the policy file includes settings for the specific computer name, these are applied to the HKEY_LOCAL_MACHINE registry key. Otherwise, the De- fault Computer settings are applied. This process is independent of the user account for the user who is currently logged on. All users receive these settings when they use this computer.

NOTES:

∙Group policies do not operate in a NetWare only environment, because Windows NT checks for Windows NT global groups only, not NetWare groups.

∙If an administrator logs on, a policy is in effect, no explicit settings exist for the administrative ac- count, and the Default User settings are present, the administrator will receive the settings of the Default User. Administrative accounts are not exempt from policies. This should be a key factor to consider when implementing policies.

The System Policy Editor provides a hierarchical Group Priority dialog that helps you see and manage the order in which group policies are applied. The next illustration shows the dialog and explains these priorities.

Additional Implementation Considerations

Although a properly implemented policy can simplify system administration in the long term, such policy requires careful planning. Before you implement system policies, consider the following:

∙Would administration be simplified by defining group settings rather than creating settings for individual users?

∙Where are the computers located in your network? Is geographic location an important aspect of your network’s design— for example, is your net- work distributed over a large geographic area? If so, computers from a certain locale may benefit from retrieving policy files from a machine that is close at hand, as opposed to using a domain controller that may not be nearby.

Microsoft Windows NT Server White Paper

37

Image 45

Microsoft Windows NT 4.0 manual Additional Implementation Considerations

Contents

White Paper Guide to Microsoft Windows NT 4.0 Profiles and Policies Server Operating System1997 Microsoft Corporation. All rights reserved Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA0997 Abstract Page Introduction CONTENTSEstablishing User Profiles - An Overview Creating and Maintaining User ProfilesSystem Policy - An Introduction Registry Keys Modified by the System Policy Editor DefaultThe System Policy Editor TemplatesWelcome Tips Default Computer Settings Remote Update Communities Start Menu Shut Down Command Saved Settings Registry Editing ToolsPermitted Managers Public Community Traps Run Command Printer Browse Thread Server Scheduler Error BeepFor More Information Appendix A -FlowchartsAppendix C - Usage Notes Registry Entries Not Included in the System Policy EditorProfiles, Policies, and the Zero Administration Kit INTRODUCTIONTCO and the User What are User Profiles and System Policies? Before You Begin2 Microsoft Windows NT Server White Paper Directory Replication Roaming User Technical NotesSystem Policy systemroot%Creating and Administering User Profiles ESTABLISHING USER PROFILES - AN OVERVIEWUser Profile Structure The NTuser.dat file contains the following configuration settings Windows NT 4.0 file Windows NT 4.0 and Windows User Profile DifferencesUser Profile Planning and Implementation To change encoded User Profile information There are three methods to correct this Working Around Slow Network Links 3. Delete the network connection and reconnectCREATING AND MAINTAINING USER PROFILES Creating a New Roaming User Profile for Windows NTTo create a new roaming user profile e Continue to Step ∙ To copy an existing user’s profile to another user ∙ To copy a template profile manually to a number of users14 Microsoft Windows NT Server White Paper To create a new mandatory User Profile Creating a New Mandatory User Profile for Windows NT16 Microsoft Windows NT Server White Paper called TemplateUserMaking a Roaming Profile Mandatory in Windows NT pdm, and will check again Creating a New Roaming User Profile for a Windows 95 User Creating a New Mandatory User Profile for Windows Maintaining User Profiles with Control Panel System PropertiesTo create a mandatory user profile for a Windows 95 user Deleting Profiles See the Windows NT Server Resource Kit for more information c\\computernameddays Valid profile types are will open to the profile directory used by that account Viewing the Contents of the Profiles Directory on a Local Computer Log Files Used by Profiles The All Users Shared Profile26 Microsoft Windows NT Server White Paper Default User Template Profiles Profile Names and Storage in the Registrysystemroot%\Profiles\All Users\Start Menu\Programs Manually Administering a User Profile through the Registry process. For this reason, we recommend that you use the user name \%systemroot%\Profiles\Default User\Desktop30 Microsoft Windows NT Server White Paper Extracting a User Profile for Use on Another Domain or Machine Creating Profiles Without User-Specific Connections Troubleshooting User Profiles with the UserEnv.log File Sample Log System Policy Files SYSTEM POLICY - AN INTRODUCTIONHow Policies Are Applied Policy ReplicationAdditional Implementation Considerations ∙ What type of restrictions do you want to impose on users? Installing the System Policy Editor on a Windows NT Workstation Installing the System Policy Editor on a Windows 95 ComputerTHE SYSTEM POLICY EDITOR Updating the Registry with the System Policy Editor To install the System Policy Editor from a Windows NT 4.0 ServerSystem Policy Editor Template .Adm Files Your Own Custom .Adm File,”later in this document Creating a System Policy tem Policy Editor Creating Alternate Folder Paths Deploying Policies for Windows NT 4.0 Machines 3. In the Update mode box, select Manual use specific path Deploying Policies for Windows 95 MachinesModifying Policy Settings on Stand-Alone Workstations Creating a Custom .Adm File 3. Choose the CLASS in which you want your custom entries to appear KEYNAME System\CurrentControlSet\Services\ LanManServer\Parameterswould use To close the category after filling in the options, you would useChecked REGDWORD with a value of PART !!MyPolicy EDITTEXT EXPANDABLETEXT VALUENAME ValueToBeChanged PART !!MyPolicy NUMERIC DEFAULT VALUENAME ValueToBeChanged END PARTMAXLEN 4 END PART VALUENAME ValueToBeChanged VALUEON “Turned On” VALUEOFF “Turned Off”Configuring System Policies Based on Geographic Location Building Fault Tolerance for Custom Shared FoldersClearing the Documents Available List will refer the client to multiple servers for the same path. For example, on a Dfs server, the administrator has defined that users connecting to the UNC path \\Dfsserver\Dfsshare\Customfolder, will be returned a response with three dif- ferent servers, \\Server1\Customerfolder, \\Server2\Customerfolder, and \\Server3\Customerfolder, all of which contain the same data. The client ma- chine, which can be either a Windows NT-based 4.0 machine or a Default User Settings REGISTRY KEYS MODIFIED BY THE SYSTEM POLICY EDITOR DEFAULT TEMPLATESControl Panel Display Application WallpaperSettings Folders Start Menu Run CommandColor Scheme can start unauthorized applications. To further restrict theSettings Taskbar Start Menu Find Command56 Microsoft Windows NT Server White Paper Network Neighborhood Icon My Computer Drive IconsNetwork Neighborhood Display NoDrivesStart Menu Shut Down Command Network Neighborhood Workgroup ContentsDesktop Display 58 Microsoft Windows NT Server White PaperSaved Settings remove the user’s name from the “Shut down the system”Registry Editing Tools 60 Microsoft Windows NT Server White Paper Windows Applications Restrictionsuser selects Programs from the Start menu. The user’s Custom ProgramsCustom Desktop Icons playing the folders, files, and shortcuts the user receivesCustom Startup Folder Custom Network Neighborhood62 Microsoft Windows NT Server White Paper Shell Extensions Custom Start MenuExplorer File Menu Disables the display of common groups when the userRemoves the File option from Explorer’s toolbar. This Start Menu Common Program GroupsExplorer Context Menu Network ConnectionsRemove the Map Network Drive and Disconnect Net When this value is 1, the environment variables declared When enabled, link file tracking uses the configured pathshown in properties for the shortcut to an application in Determines whether the shell waits for the logon script towhen the user logs on for the first and second time. This Enables or disables the user’s ability to start Task Mangroup are started. If this value is also set in the Computer Task ManagerDefault Computer Settings Remote UpdateCommunities Subcategory CategorySelection Permitted managersRun Command When enabled, creates administrative shares for physicalDrive Shares - Workstation Drive Shares - Server ministrators the ability to control this feature. This settingphysical drives. These shares were created automatically Printer Browse ThreadEnables beeping every 10 seconds when a remote job Error BeepAuthentication Retries Authentication Time LimitSelectionAuto disconnect SelectionWait interval for callbackRAS Call-back Interval RAS Auto-disconnectShared Desktop Icons Path Shared Programs Folder PathShared Start Menu Path 74 Microsoft Windows NT Server White PaperLogon Banner Shared Startup Folder PathEnables or disables the Shut Down button on the logon Enable shutdown from Authentication dialog boxname when the user presses CTRL+ALT+DEL and the Before the user logs on, displays a custom dialog boxCategory Do not update last access time Read Only Files - Last Access TimeFor files that are only to be read, specifies do not update Cached Roaming ProfilesSelectionTimeout for dialog boxes SelectionSlow network connection timeoutSlow Network Timeout Dialog Box TimeoutShow onds in hexadecimal. Decimal = 0-600 default =REGDWORD Off = 0 or value is removed On = time in sec 80 Microsoft Windows NT Server White PaperREGISTRY ENTRIES NOT INCLUDED IN THE SYSTEM POLICY EDITOR AutorunStart Banner Registry Value 0 = enabled 1= disabledRegistry Data DescriptionFOR MORE INFORMATION APPENDIX A - FLOWCHARTS User Profile Flowcharts84 Microsoft Windows NT Server White Paper Begin Profile Process Does the 86 Microsoft Windows NT Server White Paper Flowchart 2. User Logon PartApply System Policy Save settings to Registry Continued from Command to Load Profile Load the User ProfileFlowchart 3. User Logon Part Set USERPROFILE environment variable Check build number for version88 Microsoft Windows NT Server White Paper Flowchart 4. User Logon - Accessing Server-based ProfileSystem Policy Flowchart Existing Windows NT 3.5x Roaming Profile APPENDIX B - IMPLEMENTING USER PROFILES∙ User action To automatically upgrade the profile, log on to the Existing Windows NT 3.5x Roaming ProfileCreating a New Windows NT 4.0 Mandatory Profile Creating a New Windows NT 4.0 Roaming ProfileUpdating and Changing a Roaming Profile to a Mandatory Profile Changing a Roaming Profile to a Mandatory Profile92 Microsoft Windows NT Server White Paper Recent Updates to Profiles Since Retail Release Important Information for AdministratorsAPPENDIX C - USAGE NOTES Regarding User Logons and User Logoffs94 Microsoft Windows NT Server White Paper Recent Updates to Policies Since Retail ReleaseAPPENDIX D - RELATED KNOWLEDGE BASE ARTICLES ProfilesPolicies Cannot Restore Default Setting for Shutdown Button Windows NT 4.0 Policy Restriction Error at LogonQ156432 Q155956