Summary of the content on the page No. 1
Server Operating System
®
White Paper
Guide to Microsoft® Windows NT® 4.0 Profiles and Policies
Summary of the content on the page No. 2
© 1997 Microsoft Corporation. All rights reserved. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This White Paper is for informational purposes only. MICRO
Summary of the content on the page No. 3
Abstract This guide provides information and procedures for implementing Microsoft® Windows NT® 4.0 Profiles and Policies on client workstations and servers. A Microsoft Windows NT 4.0 User Profile describes the Windows NT configuration for a specific user, including the user’ s environment and preference settings. A System Policy is a set of registry settings that together define the computer resources available to a group of users or an individual. With the addition of System Policies and the
Summary of the content on the page No. 4
Summary of the content on the page No. 5
Introduction ......................................................................................... CONTENTS TCO and the User Profiles, Policies, and the Zero Administration Kit What are User Profiles and System Policies? Before You Begin Key Terminology Technical Notes Establishing User Profiles – An Overview .......................................... Creating and Administering User Profiles User Profile Structure Configuration Preferences Stored in the Registry Hive Configuration Preference
Summary of the content on the page No. 6
Upgrading Windows NT 3.5x Mandatory Profiles to Windows NT 4.0 Mandatory Profiles 30 Extracting a User Profile for Use on Another Domain or Machine 31 Creating Profiles Without User-Specific Connections 32 Troubleshooting User Profiles with the UserEnv.log File 33 System Policy – An Introduction....................................................... 35 System Policy Files 35 Policy Replication 36 How Policies Are Applied 36 Additional Implementation Considerations 37 The System Policy Editor..
Summary of the content on the page No. 7
Start Menu Shut Down Command Saved Settings Registry Editing Tools Windows Applications Restrictions Custom Programs Custom Desktop Icons Start Menu Subfolders Custom Startup Folder Custom Network Neighborhood Custom Start Menu Shell Extensions Explorer File Menu Start Menu Common Program Groups Taskbar Context Menus Explorer Context Menu Network Connections Explorer Context Menu Autoexec.bat Logon Scripts Task Manager Welcome Tips Default Computer Settings Remote Update Communities Permitted Ma
Summary of the content on the page No. 8
Extended Characters in 8.3 File Names 77 Read Only Files – Last Access Time 78 Cached Roaming Profiles 78 Slow Network Detection 79 Slow Network Timeout 79 Dialog Box Timeout 79 Registry Entries Not Included in the System Policy Editor............ 81 Autorun 81 Start Banner 81 For More Information......................................................................... 83 Appendix A –Flowcharts.................................................................... 84 User Profile Flowcharts 84 Sys
Summary of the content on the page No. 9
Not too many years ago, information technology professionals faced a serious INTRODUCTION challenge in controlling the mounting costs of mainframe use. It seemed that everyone— clerks, writers, developers, and systems administrators— all had terminals and were using the system for everything from numbers crunching to typing letters. Networks became bogged down, and IT professionals were given the task of getting “nonessential operations” off the mainframe. Their decision was to deploy personal c
Summary of the content on the page No. 10
bilities of Windows NT 4.0, and as such these techniques can readily be adapted to accommodate a corporation’ s specific computing requirements. In the near future, you will see additional TCO-reducing features appear in Micro- soft Windows® 98, Windows NT 5.0, and Microsoft Systems Management Server. Central to these features is the idea of centralized desktop control. This is accomplished through User Profiles and System Policies— the subject of this paper. What are User Profiles and System Po
Summary of the content on the page No. 11
Key Terminology Directory Replication The copying of a master set of directories from a server (called the export server) to specified servers or workstations (called import com- puters) in the same or other domains. Replication simplifies the task of maintaining identical sets of directories and files on multiple com- puters, because only a single master copy of the data is maintained. Files are replicated when they are added to an export directory and each time a change is saved to one of the
Summary of the content on the page No. 12
from any computer. A user who has a roaming profile can log on to any computer for which that profile is valid and access the profile. (Note that a profile is only valid on the platform for which it was cre- ated— for example, a Windows NT 4.0 profile cannot be used on a Windows 95 computer.) Roaming User A roaming user is a user who logs on to the network from different computers at different times. This type of user may use a kiosk or may share a bank of computers with other users. A roaming u
Summary of the content on the page No. 13
A Microsoft Windows NT 4.0 User Profile describes the Windows NT configu- ESTABLISHING USER ration for a specific user, including the user’ s environment and preference PROFILES – AN settings. A User Profile can be local, roaming, or mandatory. A local profile is OVERVIEW specific to a given computer. A user who creates a local profile on a particular computer can gain access to that profile only while logged on to that computer. Conversely, a roaming profile is stored on a network share and can
Summary of the content on the page No. 14
settings, and portions of the registry can be saved as files, called hives. These hives can then be reloaded for use as necessary. User Profiles take advantage of the hive feature to provide roaming profile functionality. The User Profile registry hive is the NTuser.dat in file form, and is mapped to the HKEY_CURRENT_USER portion of the registry when the user logs on.The NTuser.dat hive maintains the user’ s environment preferences when the user is logged on. It stores those settings that mainta
Summary of the content on the page No. 15
Windows NT 4.0 and Windows 95 User Profile Differences Windows 95 Profiles are very similar in behavior to Windows NT 4.0 Profiles, but there are some differences. Unlike Windows NT 4.0, Windows 95 downloads and writes User Profiles to the user’ s home directory. When the Windows 95 user first logs on, the UNC path specified in the user account’ s home directory path is checked for the Windows 95 User Profile. You can modify this behavior, however. See the Win- dows 95 Resource Kit for more info
Summary of the content on the page No. 16
home directory (or other specified directory if the location has been modified) on the server for the User Profile. If a profile exists in both locations, the newer of the two is used. If the User Profile exists on the server, but does not exist on the local machine, the profile on the server is downloaded and used. If the User Profile only exists on the local machine, that copy is used. If a User Profile is not found in either location, the Default User Profile from the Windows 95 machine is us
Summary of the content on the page No. 17
NOTE: Directories containing roaming User Profiles need at least Add and Read permissions for profiles to be read correctly. If you use Add permissions only, when Windows NT checks for the existence of the profile it will fail because it looks for the path first, and if Read rights are not given, the check will fail. Permissions are also important on a client machine where the user is log- ging on interactively. If Windows NT is installed in an NTFS partition on the client computer, and the user
Summary of the content on the page No. 18
client needs is the correct path. Note that storing profiles on a Windows NT 4.0 Server makes it easier for the administrator to open a user’ s NTuser.dat file to make any necessary modifications. You can also store User Profiles on Novell Servers provided that the client is configured correctly and can access the pro- file path. If a client is not receiving a User Profile at logon, use the Start menu Run command to check the profile path. For example, to see if you can locate the profile, type
Summary of the content on the page No. 19
3. Delete the network connection and reconnect. Working Around Slow Network Links Slow Net (which is configured in System Policy) was designed to offer a user faster access to his or her User Profile if the system detects a slower network speed, such as a modem line connection. Instead of automatically download- ing a profile that may be several hundred kilobytes to several megabytes large, Slow Net gives the user the option of either downloading the profile or using the locally cached version.
Summary of the content on the page No. 20
Creating a New Roaming User Profile for CREATING AND Windows NT 4.0 MAINTAINING USER To create a new roaming User Profile, you must first determine where the PROFILES user’ s profile will be stored. You then must create a user account (if one doesn’ t already exist), and specify a User Profile path. Finally, you must spec- ify whether a given user will use a specific profile or can use a default profile. These procedures are described below. To create a new roaming user profile: 1. If a location