Server Operating System
White Paper Guide to Microsoft Windows NT 4.0 Profiles and Policies
0997
1997 Microsoft Corporation. All rights reserved
Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA
Abstract
Page
CONTENTS
Introduction
Establishing User Profiles - An Overview
Creating and Maintaining User Profiles
Registry Keys Modified by the System Policy Editor Default
System Policy - An Introduction
The System Policy Editor
Templates
Start Menu Shut Down Command Saved Settings Registry Editing Tools
Welcome Tips Default Computer Settings Remote Update Communities
Permitted Managers Public Community Traps Run Command
Printer Browse Thread Server Scheduler Error Beep
Appendix A -Flowcharts
For More Information
Appendix C - Usage Notes
Registry Entries Not Included in the System Policy Editor
TCO and the User
Profiles, Policies, and the Zero Administration Kit
INTRODUCTION
2 Microsoft Windows NT Server White Paper
What are User Profiles and System Policies?
Before You Begin
Directory Replication
Technical Notes
Roaming User
System Policy
systemroot%
User Profile Structure
Creating and Administering User Profiles
ESTABLISHING USER PROFILES - AN OVERVIEW
The NTuser.dat file contains the following configuration settings
Windows NT 4.0 and Windows User Profile Differences
Windows NT 4.0 file
User Profile Planning and Implementation
To change encoded User Profile information
There are three methods to correct this
3. Delete the network connection and reconnect
Working Around Slow Network Links
To create a new roaming user profile
CREATING AND MAINTAINING USER PROFILES
Creating a New Roaming User Profile for Windows NT
e Continue to Step
14 Microsoft Windows NT Server White Paper
∙ To copy an existing user’s profile to another user
∙ To copy a template profile manually to a number of users
Creating a New Mandatory User Profile for Windows NT
To create a new mandatory User Profile
called TemplateUser
16 Microsoft Windows NT Server White Paper
Making a Roaming Profile Mandatory in Windows NT
pdm, and will check again
Creating a New Roaming User Profile for a Windows 95 User
To create a mandatory user profile for a Windows 95 user
Creating a New Mandatory User Profile for Windows
Maintaining User Profiles with Control Panel System Properties
Deleting Profiles
ddays
See the Windows NT Server Resource Kit for more information
c\\computername
Valid profile types are
will open to the profile directory used by that account
Viewing the Contents of the Profiles Directory on a Local Computer
26 Microsoft Windows NT Server White Paper
Log Files Used by Profiles
The All Users Shared Profile
systemroot%\Profiles\All Users\Start Menu\Programs
Default User Template Profiles
Profile Names and Storage in the Registry
Manually Administering a User Profile through the Registry
\%systemroot%\Profiles\Default User\Desktop
process. For this reason, we recommend that you use the user name
30 Microsoft Windows NT Server White Paper
Extracting a User Profile for Use on Another Domain or Machine
Creating Profiles Without User-Specific Connections
Troubleshooting User Profiles with the UserEnv.log File
Sample Log
SYSTEM POLICY - AN INTRODUCTION
System Policy Files
Policy Replication
How Policies Are Applied
Additional Implementation Considerations
∙ What type of restrictions do you want to impose on users?
THE SYSTEM POLICY EDITOR
Installing the System Policy Editor on a Windows NT Workstation
Installing the System Policy Editor on a Windows 95 Computer
System Policy Editor Template .Adm Files
Updating the Registry with the System Policy Editor
To install the System Policy Editor from a Windows NT 4.0 Server
Your Own Custom .Adm File,”later in this document
Creating a System Policy
tem Policy Editor
Creating Alternate Folder Paths
Deploying Policies for Windows NT 4.0 Machines
Deploying Policies for Windows 95 Machines
3. In the Update mode box, select Manual use specific path
Modifying Policy Settings on Stand-Alone Workstations
Creating a Custom .Adm File
KEYNAME System\CurrentControlSet\Services\ LanManServer\Parameters
3. Choose the CLASS in which you want your custom entries to appear
would use
To close the category after filling in the options, you would use
Checked REGDWORD with a value of
PART !!MyPolicy NUMERIC DEFAULT VALUENAME ValueToBeChanged END PART
PART !!MyPolicy EDITTEXT EXPANDABLETEXT VALUENAME ValueToBeChanged
MAXLEN 4 END PART
VALUENAME ValueToBeChanged VALUEON “Turned On” VALUEOFF “Turned Off”
Clearing the Documents Available List
Configuring System Policies Based on Geographic Location
Building Fault Tolerance for Custom Shared Folders
will refer the client to multiple servers for the same path. For example, on a Dfs server, the administrator has defined that users connecting to the UNC path \\Dfsserver\Dfsshare\Customfolder, will be returned a response with three dif- ferent servers, \\Server1\Customerfolder, \\Server2\Customerfolder, and \\Server3\Customerfolder, all of which contain the same data. The client ma- chine, which can be either a Windows NT-based 4.0 machine or a
REGISTRY KEYS MODIFIED BY THE SYSTEM POLICY EDITOR DEFAULT TEMPLATES
Default User Settings
Control Panel Display Application
Wallpaper
Start Menu Run Command
Settings Folders
Color Scheme
can start unauthorized applications. To further restrict the
56 Microsoft Windows NT Server White Paper
Settings Taskbar
Start Menu Find Command
My Computer Drive Icons
Network Neighborhood Icon
Network Neighborhood Display
NoDrives
Network Neighborhood Workgroup Contents
Start Menu Shut Down Command
Desktop Display
58 Microsoft Windows NT Server White Paper
Registry Editing Tools
Saved Settings
remove the user’s name from the “Shut down the system”
Windows Applications Restrictions
60 Microsoft Windows NT Server White Paper
Custom Programs
user selects Programs from the Start menu. The user’s
Custom Desktop Icons
playing the folders, files, and shortcuts the user receives
62 Microsoft Windows NT Server White Paper
Custom Startup Folder
Custom Network Neighborhood
Custom Start Menu
Shell Extensions
Disables the display of common groups when the user
Explorer File Menu
Removes the File option from Explorer’s toolbar. This
Start Menu Common Program Groups
Remove the Map Network Drive and Disconnect Net
Explorer Context Menu
Network Connections
When enabled, link file tracking uses the configured path
When this value is 1, the environment variables declared
shown in properties for the shortcut to an application in
Determines whether the shell waits for the logon script to
Enables or disables the user’s ability to start Task Man
when the user logs on for the first and second time. This
group are started. If this value is also set in the Computer
Task Manager
Communities
Default Computer Settings
Remote Update
Category
Subcategory
Selection
Permitted managers
Drive Shares - Workstation
Run Command
When enabled, creates administrative shares for physical
ministrators the ability to control this feature. This setting
Drive Shares - Server
physical drives. These shares were created automatically
Printer Browse Thread
Error Beep
Enables beeping every 10 seconds when a remote job
Authentication Retries
Authentication Time Limit
SelectionWait interval for callback
SelectionAuto disconnect
RAS Call-back Interval
RAS Auto-disconnect
Shared Programs Folder Path
Shared Desktop Icons Path
Shared Start Menu Path
74 Microsoft Windows NT Server White Paper
Shared Startup Folder Path
Logon Banner
Enable shutdown from Authentication dialog box
Enables or disables the Shut Down button on the logon
name when the user presses CTRL+ALT+DEL and the
Before the user logs on, displays a custom dialog box
Category
Read Only Files - Last Access Time
Do not update last access time
For files that are only to be read, specifies do not update
Cached Roaming Profiles
SelectionSlow network connection timeout
SelectionTimeout for dialog boxes
Slow Network Timeout
Dialog Box Timeout
onds in hexadecimal. Decimal = 0-600 default =
Show
REGDWORD Off = 0 or value is removed On = time in sec
80 Microsoft Windows NT Server White Paper
Start Banner
REGISTRY ENTRIES NOT INCLUDED IN THE SYSTEM POLICY EDITOR
Autorun
0 = enabled 1= disabled
Registry Value
Registry Data
Description
FOR MORE INFORMATION
84 Microsoft Windows NT Server White Paper
APPENDIX A - FLOWCHARTS
User Profile Flowcharts
Begin Profile Process Does the
Flowchart 2. User Logon Part
86 Microsoft Windows NT Server White Paper
Continued from Command to Load Profile Load the User Profile
Apply System Policy Save settings to Registry
Flowchart 3. User Logon Part
Set USERPROFILE environment variable Check build number for version
Flowchart 4. User Logon - Accessing Server-based Profile
88 Microsoft Windows NT Server White Paper
System Policy Flowchart
APPENDIX B - IMPLEMENTING USER PROFILES
Existing Windows NT 3.5x Roaming Profile
∙ User action To automatically upgrade the profile, log on to the
Existing Windows NT 3.5x Roaming Profile
Creating a New Windows NT 4.0 Roaming Profile
Creating a New Windows NT 4.0 Mandatory Profile
92 Microsoft Windows NT Server White Paper
Updating and Changing a Roaming Profile to a Mandatory Profile
Changing a Roaming Profile to a Mandatory Profile
Important Information for Administrators
Recent Updates to Profiles Since Retail Release
APPENDIX C - USAGE NOTES
Regarding User Logons and User Logoffs
Recent Updates to Policies Since Retail Release
94 Microsoft Windows NT Server White Paper
Policies
APPENDIX D - RELATED KNOWLEDGE BASE ARTICLES
Profiles
Windows NT 4.0 Policy Restriction Error at Logon
Cannot Restore Default Setting for Shutdown Button
Q156432
Q155956