White Paper Guide to Microsoft Windows NT 4.0 Profiles and Policies
Server Operating System
Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA
1997 Microsoft Corporation. All rights reserved
0997
Abstract
Page
Introduction
CONTENTS
Establishing User Profiles - An Overview
Creating and Maintaining User Profiles
System Policy - An Introduction
Registry Keys Modified by the System Policy Editor Default
The System Policy Editor
Templates
Welcome Tips Default Computer Settings Remote Update Communities
Start Menu Shut Down Command Saved Settings Registry Editing Tools
Permitted Managers Public Community Traps Run Command
Printer Browse Thread Server Scheduler Error Beep
For More Information
Appendix A -Flowcharts
Appendix C - Usage Notes
Registry Entries Not Included in the System Policy Editor
INTRODUCTION
Profiles, Policies, and the Zero Administration Kit
TCO and the User
Before You Begin
What are User Profiles and System Policies?
2 Microsoft Windows NT Server White Paper
Directory Replication
Roaming User
Technical Notes
System Policy
systemroot%
ESTABLISHING USER PROFILES - AN OVERVIEW
Creating and Administering User Profiles
User Profile Structure
The NTuser.dat file contains the following configuration settings
Windows NT 4.0 file
Windows NT 4.0 and Windows User Profile Differences
User Profile Planning and Implementation
To change encoded User Profile information
There are three methods to correct this
Working Around Slow Network Links
3. Delete the network connection and reconnect
Creating a New Roaming User Profile for Windows NT
CREATING AND MAINTAINING USER PROFILES
To create a new roaming user profile
e Continue to Step
∙ To copy a template profile manually to a number of users
∙ To copy an existing user’s profile to another user
14 Microsoft Windows NT Server White Paper
To create a new mandatory User Profile
Creating a New Mandatory User Profile for Windows NT
16 Microsoft Windows NT Server White Paper
called TemplateUser
Making a Roaming Profile Mandatory in Windows NT
pdm, and will check again
Creating a New Roaming User Profile for a Windows 95 User
Maintaining User Profiles with Control Panel System Properties
Creating a New Mandatory User Profile for Windows
To create a mandatory user profile for a Windows 95 user
Deleting Profiles
c\\computername
See the Windows NT Server Resource Kit for more information
ddays
Valid profile types are
will open to the profile directory used by that account
Viewing the Contents of the Profiles Directory on a Local Computer
The All Users Shared Profile
Log Files Used by Profiles
26 Microsoft Windows NT Server White Paper
Profile Names and Storage in the Registry
Default User Template Profiles
systemroot%\Profiles\All Users\Start Menu\Programs
Manually Administering a User Profile through the Registry
process. For this reason, we recommend that you use the user name
\%systemroot%\Profiles\Default User\Desktop
30 Microsoft Windows NT Server White Paper
Extracting a User Profile for Use on Another Domain or Machine
Creating Profiles Without User-Specific Connections
Troubleshooting User Profiles with the UserEnv.log File
Sample Log
System Policy Files
SYSTEM POLICY - AN INTRODUCTION
How Policies Are Applied
Policy Replication
Additional Implementation Considerations
∙ What type of restrictions do you want to impose on users?
Installing the System Policy Editor on a Windows 95 Computer
Installing the System Policy Editor on a Windows NT Workstation
THE SYSTEM POLICY EDITOR
To install the System Policy Editor from a Windows NT 4.0 Server
Updating the Registry with the System Policy Editor
System Policy Editor Template .Adm Files
Your Own Custom .Adm File,”later in this document
Creating a System Policy
tem Policy Editor
Creating Alternate Folder Paths
Deploying Policies for Windows NT 4.0 Machines
3. In the Update mode box, select Manual use specific path
Deploying Policies for Windows 95 Machines
Modifying Policy Settings on Stand-Alone Workstations
Creating a Custom .Adm File
3. Choose the CLASS in which you want your custom entries to appear
KEYNAME System\CurrentControlSet\Services\ LanManServer\Parameters
would use
To close the category after filling in the options, you would use
Checked REGDWORD with a value of
PART !!MyPolicy EDITTEXT EXPANDABLETEXT VALUENAME ValueToBeChanged
PART !!MyPolicy NUMERIC DEFAULT VALUENAME ValueToBeChanged END PART
MAXLEN 4 END PART
VALUENAME ValueToBeChanged VALUEON “Turned On” VALUEOFF “Turned Off”
Building Fault Tolerance for Custom Shared Folders
Configuring System Policies Based on Geographic Location
Clearing the Documents Available List
will refer the client to multiple servers for the same path. For example, on a Dfs server, the administrator has defined that users connecting to the UNC path \\Dfsserver\Dfsshare\Customfolder, will be returned a response with three dif- ferent servers, \\Server1\Customerfolder, \\Server2\Customerfolder, and \\Server3\Customerfolder, all of which contain the same data. The client ma- chine, which can be either a Windows NT-based 4.0 machine or a
Default User Settings
REGISTRY KEYS MODIFIED BY THE SYSTEM POLICY EDITOR DEFAULT TEMPLATES
Control Panel Display Application
Wallpaper
Settings Folders
Start Menu Run Command
Color Scheme
can start unauthorized applications. To further restrict the
Start Menu Find Command
Settings Taskbar
56 Microsoft Windows NT Server White Paper
Network Neighborhood Icon
My Computer Drive Icons
Network Neighborhood Display
NoDrives
Start Menu Shut Down Command
Network Neighborhood Workgroup Contents
Desktop Display
58 Microsoft Windows NT Server White Paper
remove the user’s name from the “Shut down the system”
Saved Settings
Registry Editing Tools
60 Microsoft Windows NT Server White Paper
Windows Applications Restrictions
user selects Programs from the Start menu. The user’s
Custom Programs
Custom Desktop Icons
playing the folders, files, and shortcuts the user receives
Custom Network Neighborhood
Custom Startup Folder
62 Microsoft Windows NT Server White Paper
Shell Extensions
Custom Start Menu
Explorer File Menu
Disables the display of common groups when the user
Removes the File option from Explorer’s toolbar. This
Start Menu Common Program Groups
Network Connections
Explorer Context Menu
Remove the Map Network Drive and Disconnect Net
When this value is 1, the environment variables declared
When enabled, link file tracking uses the configured path
shown in properties for the shortcut to an application in
Determines whether the shell waits for the logon script to
when the user logs on for the first and second time. This
Enables or disables the user’s ability to start Task Man
group are started. If this value is also set in the Computer
Task Manager
Remote Update
Default Computer Settings
Communities
Subcategory
Category
Selection
Permitted managers
When enabled, creates administrative shares for physical
Run Command
Drive Shares - Workstation
Drive Shares - Server
ministrators the ability to control this feature. This setting
physical drives. These shares were created automatically
Printer Browse Thread
Enables beeping every 10 seconds when a remote job
Error Beep
Authentication Retries
Authentication Time Limit
SelectionAuto disconnect
SelectionWait interval for callback
RAS Call-back Interval
RAS Auto-disconnect
Shared Desktop Icons Path
Shared Programs Folder Path
Shared Start Menu Path
74 Microsoft Windows NT Server White Paper
Logon Banner
Shared Startup Folder Path
Enables or disables the Shut Down button on the logon
Enable shutdown from Authentication dialog box
name when the user presses CTRL+ALT+DEL and the
Before the user logs on, displays a custom dialog box
Category
Do not update last access time
Read Only Files - Last Access Time
For files that are only to be read, specifies do not update
Cached Roaming Profiles
SelectionTimeout for dialog boxes
SelectionSlow network connection timeout
Slow Network Timeout
Dialog Box Timeout
Show
onds in hexadecimal. Decimal = 0-600 default =
REGDWORD Off = 0 or value is removed On = time in sec
80 Microsoft Windows NT Server White Paper
Autorun
REGISTRY ENTRIES NOT INCLUDED IN THE SYSTEM POLICY EDITOR
Start Banner
Registry Value
0 = enabled 1= disabled
Registry Data
Description
FOR MORE INFORMATION
User Profile Flowcharts
APPENDIX A - FLOWCHARTS
84 Microsoft Windows NT Server White Paper
Begin Profile Process Does the
86 Microsoft Windows NT Server White Paper
Flowchart 2. User Logon Part
Apply System Policy Save settings to Registry
Continued from Command to Load Profile Load the User Profile
Flowchart 3. User Logon Part
Set USERPROFILE environment variable Check build number for version
88 Microsoft Windows NT Server White Paper
Flowchart 4. User Logon - Accessing Server-based Profile
System Policy Flowchart
Existing Windows NT 3.5x Roaming Profile
APPENDIX B - IMPLEMENTING USER PROFILES
∙ User action To automatically upgrade the profile, log on to the
Existing Windows NT 3.5x Roaming Profile
Creating a New Windows NT 4.0 Mandatory Profile
Creating a New Windows NT 4.0 Roaming Profile
Changing a Roaming Profile to a Mandatory Profile
Updating and Changing a Roaming Profile to a Mandatory Profile
92 Microsoft Windows NT Server White Paper
Recent Updates to Profiles Since Retail Release
Important Information for Administrators
APPENDIX C - USAGE NOTES
Regarding User Logons and User Logoffs
94 Microsoft Windows NT Server White Paper
Recent Updates to Policies Since Retail Release
Profiles
APPENDIX D - RELATED KNOWLEDGE BASE ARTICLES
Policies
Cannot Restore Default Setting for Shutdown Button
Windows NT 4.0 Policy Restriction Error at Logon
Q156432
Q155956