Uh-oh, it looks like your Internet Explorer is out of date.

For a better shopping experience, please upgrade now.

MCSE Fast Track: Windows NT Server 4 Enterprise

MCSE Fast Track: Windows NT Server 4 Enterprise

by Emmett Dulaney
Aimed at the self-study administrator who has a working knowledge of the technology, this book takes readers through the MCSE and into the real-world use of the technology.


Aimed at the self-study administrator who has a working knowledge of the technology, this book takes readers through the MCSE and into the real-world use of the technology.

Product Details

New Riders
Publication date:
MCSE Fast Track Ser.
Product dimensions:
5.90(w) x 8.88(h) x 0.77(d)

Read an Excerpt

From Chapter 3: Managing Resources

Creating and Managing System Policies and User Profiles

The use of system policies and user profiles assists in the centralization of management in a Windows NT Enterprise network. System policies help an administrator implement common Registry settings across the enterprise. User Profiles store the user portion of the Registry. They can be implemented as either local profiles or roaming profiles. A roaming profile allows a user to have the user portion of their configuration follow them on the Windows NT network wherever they log on.

Local Profiles Versus Roaming Profiles

Whenever a user logs on at a system, they will create a local profile on that system. The local profile is implemented as a set of directory structures. This directory structure includes the desktop folder and the Start Menu folder. The user portion of the Registry is stored in the file NTUSER. DAT. All user-specific information (for example, Application Data, Favorites, SentTo, and so on) is kept in the \%systemroot%\profiles \ <user> directory.

When a user logs on to the network, his desktop and Start menu are also based on the local system that lie is logging on to. The desktop will be based on the user's profile directory and the ALL USERS directory. The same is true for the Start Menu directory.

The problem with local profiles is that every workstation that you log on to will have its own version of the local profile. User configuration settings will have to be set at each workstation that a user logs on to.

To overcome this problem, you must implement roaming profiles. Roaming profiles willhave the user portion of the Registry download from a designated system to the system that the user is currently logged on to. Any changes to their settings will be stored in the central location so that they can be retrieved at the next workstation that the user is logged on to.

Configuring Roaming Profiles in Windows NT

If you want to configure a user account to use a roaming profile, the first thing to do is set the profile path in the User Manager for Domains for that account. If a block of users is to use roaming profiles, the best method to use is a group property change; first select all users for whom you want to have roaming profiles, and then select Properties from the User menu.

The most common setting is to have a directory shared with a share name such as profiles. It should allow the local group USERS the permission of FULL CONTROL. With this share, you can now set the user's profile path to be \ \server\share\%username%. The next time the user logs on, her profile information can now be saved to this central profile directory. Profiles should be kept on NTFS partitions; because you cannot implement local security on FAT subdirectories, security must be implemented through NTFS.

Tuning Roaming Profiles

An administrator can determine whether the user profiles stored on the local system are roaming or local by viewing the User Profiles tab in the System applet in the Control Panel.

The User Profiles dialog box will show all of the profiles currently stored on the system and whether they arc roaming or local. The profile can be changed between a roaming an d local profile by clicking the Change To button, which brings tip a dialog box.

This dialog box is also used to configure how to handle roaming profiles when the user is logging on to the network over a slow WAN link. This is an extremely useful setting for laptop users that may log oil to the enterprise network from various locations. Remember that the roaming profile is stored on a specific server even though the user can be authenticated on any domain controller within the domain.

Implementing Roaming Profiles in Windows 95

Windows 95 users can also have roaming profiles configured so that their user-based configurations can follow them from workstation to workstation. Implementing roaming profiles in Windows 95 differs from Windows NT in the following ways:

  • Separate user profiles are not Implemented automatically in Windows 95 as they are in Windows NT.

  • The user portion of the Registry is saved in tile file USER.DAT in Windows 95; it is stored in NTUSER.DAT in Windows NT.

  • The user profile path setting in the user's properties has no effect on Windows 95 clients. The user's roaming profile information is stored in his Windows NT Home directory.

This leads to the next topic: system policies.

System Policies

System policies help the network administrator restrict the configuration changes that users can perform on their profiles. By combining roaming profiles and system policies, the administrator is able to provide the user with a consistent desktop, and control what the user can do to that desktop. Therefore, the administrator can be assured that the user cannot modify certain settings.

System policies work very much like a merge operation. You can think of system policies as a copy of your Registry. When you log on to the network and the NTCONFIG.POL file exists on the domain controller, it will merge Its settings into your Registry, changing your Registry settings as indicated in the system policy.

System policies are implemented by using the System Policy Editor, shown in Figure 3.11. The System Policy Editor is automatically installed with any Windows NT Domain Controller.

System policies can be configured to perform the following actions:

  • Implement defaults for hardware configuration for all computers using the profile or for a specific machine.

  • Restrict the changing of specific parameters that affect the hardware configuration of the participating system.

  • Set defaults for all users on the areas of their personal settings that they can configure.

  • Restrict the users from changing specific areas of their configuration to prevent tampering with the system. An example would be disabling all Registry editing tools for a specific user.

  • Apply all defaults and restrictions on a group level rather than just a user level.

The System Policy Editor can also be used to change settings in the Registry of the system that System Policy Editor is being executed on. Many times, it is easier to use the System Policy Editor because it has a better interface for finding common restrictions you may want to place on a Windows NT Workstation...

Customer Reviews

Average Review:

Post to your social network


Most Helpful Customer Reviews

See all customer reviews