manualshive.com logo in svg

Microsoft Windows NT 4.0, Руководство пользователя, Страница: 61 / 104

Поделиться
Скачать
Microsoft Windows NT 4.0 Скачать руководство пользователя страница 61

Microsoft Windows NT Server White Paper

53

will refer the client to multiple servers for the same path. For example, on a Dfs

server, the administrator has defined that users connecting to the UNC path

\\Dfsserver\Dfsshare\Customfolder, will be returned a response with three dif-

ferent servers, \\Server1\Customerfolder, \\Server2\Customerfolder, and

\\Server3\Customerfolder, all of which contain the same data. The client ma-

chine, which can be either a Windows NT-based 4.0 machine or a

Windows 95-based machine with the Dfs client software, randomly selects one

of these servers and uses that path to generate the custom shared folders for

the user. If one of the servers is unavailable, the client has the other two serv-

ers to select from. Note that the the Dfs host server must be running for this

fault tolerant structure to work. (Although Dfs software currently supports a

single host server, Microsoft is developing a fault-tolerant version of Dfs for a

future release of Windows NT.)

For more information on the Dfs server and client components, see

http://www.microsoft.com/ntserver/info/distributedfilesystem.htm.

Содержание Windows NT 4.0

Страница 1: ...Server Operating System White Paper Guide to Microsoft Windows NT 4 0 Profiles and Policies...

Страница 2: ...rt of Microsoft and Microsoft cannot guarantee the accuracy of any information presented after the date of publication This White Paper is for informational purposes only MICROSOFT MAKES NO WARRANTIES...

Страница 3: ...an individual With the addition of System Policies and the new User Profile structure to Windows NT 4 0 network administrators have a greater ability to control the user environment than they have eve...

Страница 4: ......

Страница 5: ...files 12 Creating a New Roaming User Profile for Windows NT 4 0 Creating a New Mandatory User Profile for Windows NT 4 0 Making a Roaming Profile Mandatory in Windows NT 4 0 Changing the User s Abilit...

Страница 6: ...41 Setting Folder Paths Back to Defaults 42 Creating a System Policy 42 Creating Alternate Folder Paths 44 Setting Up Shortcuts for Server based Profiles 44 Deploying Policies for Windows NT 4 0 Machi...

Страница 7: ...xplorer Context Menu Autoexec bat Logon Scripts Task Manager Welcome Tips Default Computer Settings Remote Update Communities Permitted Managers Public Community Traps Run Command Drive Shares Worksta...

Страница 8: ...5x Roaming Profile to Windows NT 4 0 Roaming Profile 90 Migrating Windows NT 3 5x Mandatory Profile to Windows NT 4 0 Mandatory Profile 90 Migrating Windows NT 3 5x Mandatory Profile to Windows NT 4 0...

Страница 9: ...mind Microsoft and others are working together on several initiatives to lower the total cost of ownership of personal computers TCO and the User One of the major costs highlighted in recent reports...

Страница 10: ...a group of users or an individual Policies define the various facets of the desktop environment that a system administrator needs to control such as which applications are available which applications...

Страница 11: ...be assigned to a single user or to a group of users Local Profile A local profile is specific to a computer A user who has a local profile on a particular computer can gain access to that profile onl...

Страница 12: ...ironments and actions and to enforce system configurations systemroot An environment variable that expands to become the root directory containing Windows NT files The directory name is specified when...

Страница 13: ...mputer in the network both roaming and mandatory profiles support this functionality Creating and Administering User Profiles User Profiles can be created and administered in several different ways as...

Страница 14: ...gram groups and their properties all program items and their properties and all taskbar settings Printer settings All network printer connections Control Panel All user defined settings made in the Co...

Страница 15: ...en operating system versions Windows NT 4 0 file Equivalent Windows 95 file NTuser dat User dat NTuser dat log User da0 NTuser man User man NOTE The Windows 95 User da0 and Windows NT 4 0 Ntuser dat l...

Страница 16: ...files What features will you be implementing in User Profiles Optional features include persistent network connections custom icons backgrounds and so on For roaming profiles will users be allowed to...

Страница 17: ...permissions on a profile without replacing it To change encoded User Profile information 1 Follow the instructions to manually edit a profile Refer to the section Administering a User Profile Manually...

Страница 18: ...encom passes the home directory path and the server based profile is more recent than the local profile on the workstation all directories and files that exist in the user s home directory will be co...

Страница 19: ...or using the locally cached version If the cached file is used it can significantly reduce the time it takes to log on to the computer To detect a slow network the oper ating system computes the amou...

Страница 20: ...f User Manager included in the Administrative Tools pro gram group Refer to your operating system documentation and online Help for procedures when using these tools Note that for this example the use...

Страница 21: ...ain controllers This folder name must be named Default User or the profile will not be downloaded from the server To keep the Default User profile consistent across domain controllers and to ease admi...

Страница 22: ...plate user profile created in Step 8 to the directory created in Step 9 b Repeat this for each of the user profile directories that will receive the template user profile NOTES When entering the path...

Страница 23: ...on to Save User Profiles and Setting Permissions for User Profiles earlier in this document If your implementation stores user profiles within users home directories make the profile directory a subdi...

Страница 24: ...t be accessible for the user to logon For exam ple if the user name is mydomainuser the path to the mandatory profile would be myserver myshare mydomainuser man If you also have a mandatory Windows NT...

Страница 25: ...est accounts prior to rollout You can select any group or a specific user when setting the permissions However only the user or group specified will be able to use the profile For this reason it is re...

Страница 26: ...e path in User Manager as explained in the previous section Skip this step for users who have ex isting Windows NT 3 5x profiles and who already have the man extension appended to their profile paths...

Страница 27: ...receive a specific profile or if a default will be used instead If the user will receive a specific profile from the Windows 95 based computer hosting the profile to be used copy the complete contents...

Страница 28: ...you are using for mandatory profiles to the user s home directory From the Windows 95 based machine hosting the mandatory copy the complete contents of the local Profile folder to the folder created...

Страница 29: ...te copy or modify the profile type for each of the profiles listed Note that the profiles listed are only for those users who have interactively logged onto the local machine User profiles that have b...

Страница 30: ...ser documents Please be aware of any user documents that may be deleted before using this tool The syntax of Delprof exe is as follows delprof q i p c computername d days Where q Runs Delprof exe in q...

Страница 31: ...Profile path portion of the user account properties and The User Profile path is accessible at the time of logon Roaming Profile with Use cached profile on slow connec tions If a user selects this opt...

Страница 32: ...s a Browse button that enables you to view local and remote drives to select the directory where the profile should be copied In addition the dialog provides a Permitted to Use option that allows you...

Страница 33: ...ting a specific directory for each user Within that directory the registry hive NTuser dat and the rest of the profile structure folders are kept If a user is allowed to view context menus or has admi...

Страница 34: ...les are binary files that track changes to a profile As changes are made they are recorded in a log file and then written to NTuser xxx If for some rea son the changes cannot be recorded in NTuser xxx...

Страница 35: ...settings are written to the new user s di rectory The profile may or may not then be customizable depending upon how the administrator has configured profiles In Windows NT 4 0 administrators have th...

Страница 36: ...ta contained in the NTuser dat portion of the profile by loading the hive into the registry To manually customize a User Profile 1 Locate the profile to be modified If the profile is a server based pr...

Страница 37: ...e necessary changes and unload the hive this automatically saves the changes The workstation Default User Profile is located in the systemroot Profiles Default User directory To make changes to the Ne...

Страница 38: ...NT 4 0 upgrade If the user then moved to a Windows NT 4 0 based computer the user s Windows NT based workstation would recognize that the profile contained Windows NT 3 5x syntax would replace the usr...

Страница 39: ...irectory name would be server share domainuser pdm 2 On the Windows NT based computer hosting the profile log on as an ad ministrator and map a drive to the server share where the profile will be stor...

Страница 40: ...le structure including the NTuser xxx file and all subdirectories from the directory that stored the workgroup user s profile to the subdirectory created for the temporary user in Step 2 7 From the Co...

Страница 41: ...rocess is recorded in the log including informational and error related messages The checked version of the UserEnv dll is the same dynamic link library dll as the retail version except that it contai...

Страница 42: ...le GetLocalProfileImage Local profile image filename System Root Profiles Administrator GetLocalProfileImage Expanded local profile image filename D WINNTDfs Profiles Administrator GetLocalProfileImag...

Страница 43: ...irst and then the Sys tem Policy is downloaded Any registry settings that you have reconfigured whether these are machine specific changes or are specific to the user logging on are changed before the...

Страница 44: ...nows where to look for the NTconfig pol file Policy Replication If you implement a System Policy file for Windows NT users and computers and you intend to use the default behavior of Windows NT be sur...

Страница 45: ...unt and the Default User settings are present the administrator will receive the settings of the Default User Administrative accounts are not exempt from policies This should be a key factor to consid...

Страница 46: ...s and so forth What other options are available if you simply want to restrict access to a specific icon or file Would modifying NTFS permissions be more effective Will you be controlling computer spe...

Страница 47: ...on a Windows NT Workstation You have two options when installing the System Policy Editor on a Windows NT Workstation based computer You can Run the Setup bat file from the Windows NT 4 0 CD ROM Clie...

Страница 48: ...sting policy file or create a new one to contain the settings that you want to enforce on a per user per computer or com bined user computer basis When you open the System Policy Editor in registry mo...

Страница 49: ...ble to you fall into a tree structure which is determined by the layout of the adm file By navigating through these options you can select a mode that determines the action that will be taken when the...

Страница 50: ...specific folders the change overrides the de fault setting established in the adm file For example by default a user s program folder path is USERPROFILE Start Menu Programs If the policy file is not...

Страница 51: ...ll be set to Manual mode use the name of your choice 6 If workstations will be set to Automatic mode place the file in the NETLOGON share of each of the domain controllers that will be perform ing aut...

Страница 52: ...nd so forth from the folder that you created earlier NOTE This can be done per user for personal program groups and can also be done for other folder settings such as the startup group Start menu and...

Страница 53: ...in controllers performing authentication If a Windows NT 4 0 based workstation does not locate the policy file on its validating domain con troller it will not check any others You have another option...

Страница 54: ...ts because a policy file is valid only for the platform on which it was created For procedures when installing the System Policy Editor on a Win dows 95 based computer refer to the section Installing...

Страница 55: ...specified in the policy file 2 Place the policy file in a secure directory on the stand alone computer or on a network share to which the user has at least Read permissions 3 In the workstation regist...

Страница 56: ...be in effect 6 Close the System Policy Editor and remove this tool from the workstation by deleting the Poledit exe file and any adm files used These changes modify the registry entries that control t...

Страница 57: ...ThirdCategory END CATEGORY SecondCategory END CATEGORY FirstCategory Be sure to specify the text for the variables you used above In this case in the strings section of the adm file you would need to...

Страница 58: ...AG END PART where FLAG is one or more of the following TEXT Displays text only for example PART MyPolicy TEXT END PART NUMERIC Writes the value to the registry with data type REG_DWORD for example PAR...

Страница 59: ...ART MyPolicy NUMERIC MIN 100 MAX 999 DEFAULT 55 VALUENAME ValueToBeChanged END PART Use the keywords VALUEOFF and VALUEON to write specific values based on the state of the option for example POLICY M...

Страница 60: ...ach of the workstations in a given region or site to use a remote update path and change the remote update mode from the default of Automatic to Manual Clearing the Documents Available List As an alte...

Страница 61: ...based 4 0 machine or a Windows 95 based machine with the Dfs client software randomly selects one of these servers and uses that path to generate the custom shared folders for the user If one of the...

Страница 62: ...Key HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Policies System Registry Value Registry Data Description NoDispCPL REG_DWORD Off 0 or value removed On 1 NoDispBackgroundPage REG_DWORD...

Страница 63: ...mpt icon or command prompt the user can start unauthorized applications To further restrict the user s ability to run specific applications refer to the pol icy setting for Run only allowed Windows ap...

Страница 64: ...and Printer folders causes the Settings menu to be removed com pletely Key HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Policies Explorer Registry Value Registry Data Description NoSetT...

Страница 65: ...tion Removes the Network Neighborhood icon from the desktop In addition disables UNC capability from within the Explorer interface including the Start menu s Run command UNC paths configured by the ad...

Страница 66: ...Registry Data Description NoWorkgroupContents REG_DWORD Off 0 or value is removed On 1 Desktop Display Category Windows NT Shell Subcategory Restrictions Selection Hide all items on desktop Descripti...

Страница 67: ...gistry Value Registry Data Description NoClose REG_DWORD Off 0 or value is removed On 1 Saved Settings Category Windows NT Shell Subcategory Restrictions Selection Don t save settings at Exit Descript...

Страница 68: ...e to restrictions in effect on this computer Please contact your system adminis trator Be sure to include Systray exe in the list of allowed applications if this policy is to be enforced Note that use...

Страница 69: ...Value Registry Data Description Programs REG_ REG_SZ Off value is removed On text of UNC path to folder Default USERPROFILE Start Menu Programs Custom Desktop Icons Category Windows NT Shell Subcateg...

Страница 70: ...er Description Specifies the UNC path the folder is to use when folders files and shortcuts are to start at user logon Key HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Explorer User She...

Страница 71: ...files and shortcuts the user receives as part of the Start menu Key HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Explorer User Shell Folders Registry Value Registry Data Description St...

Страница 72: ...Windows NT Shell Subcategory Restrictions Selection Remove common program groups from Start menu Description Disables the display of common groups when the user selects Programs from the Start menu K...

Страница 73: ...EY_CURRENT_USER Software Microsoft Windows CurrentVersion Policies Explorer Registry Value Registry Data Description NoViewContextMenu REG_DWORD Off 0 or value is removed On 1 Network Connections Cate...

Страница 74: ...Y_CURRENT_USER Software Microsoft Windows CurrentVersion Policies Explorer Registry Value Registry Data Description LinkResolveIgnoreLinkInfo REG_DWORD Off 0 or value is removed On 1 Autoexec bat Cate...

Страница 75: ...anager Category Windows NT System Selection Disable Task Manager Description Enables or disables the user s ability to start Task Man ager to view processes applications running and make changes to th...

Страница 76: ...xistence of the policy file NTconfig pol With UpdateMode set to 2 Manual Windows NT reads the string specified in the NetworkPath value and checks that path for the exis tence of the policy file in th...

Страница 77: ...tem Subcategory SNMP Selection Permitted managers Key HKEY_LOCAL_MACHINE System CurrentControlSet Services SNMP Parameters PermittedManagers Registry Value Registry Data Description Increment numbers...

Страница 78: ...utable text name for example Notepad is Notepad exe which may include parameters Off value is removed from the registry NOTE There may be multiple entries in this subkey Drive Shares Workstation Categ...

Страница 79: ...erver Parameters Registry Value Registry Data Description AutoShareServer REG_DWORD NT Server specific Off 0 On 1 Printer Browse Thread Category Windows NT Printers Subcategory Sharing Selection Disab...

Страница 80: ...led REG_DWORD Off 0 On 1 Authentication Retries Category Windows NT Remote Access Selection Max number of unsuccessful authentication retries Description Specifies the number of times authentication w...

Страница 81: ...AS dial in user Key HKEY_LOCAL_MACHINE System CurrentControlSet Services RemoteAccess Parameters Registry Value Registry Data Description CallbackTime REG_DWORD Off value is removed On time in seconds...

Страница 82: ...xist Off value is removed from registry On text of UNC path to folder De fault SystemRoot Profiles All Users Start Menu Programs Shared Desktop Icons Path Category Windows NT Shell Subcategory Custom...

Страница 83: ...er Default SystemRoot Profiles All Users Start Menu Shared Startup Folder Path Category Windows NT Shell Subcategory Custom shared folders Selection Custom shared Startup folder Description Specifies...

Страница 84: ...Logon Selection Enable shutdown from Authentication dialog box Description Enables or disables the Shut Down button on the logon dialog window Key HKEY_LOCAL_MACHINE Software Microsoft Windows NT Cur...

Страница 85: ...on this value takes precedence Key HKEY_LOCAL_MACHINE Software Microsoft Windows NT CurrentVersion Winlogon Registry Value Registry Data Description RunLogonScriptSync REG_SZ Off 0 or value is removed...

Страница 86: ...reases the file system s performance Key HKEY_LOCAL_MACHINE System CurrentControlSet Control FileSystem Registry Value Registry Data Description NtfsDisableLastAccessUpdate REG_DWORD Off 0 or value is...

Страница 87: ...tion Specifies the amount of time in milliseconds that Windows NT waits before a slow network is determined Key HKEY_LOCAL_MACHINE Software Microsoft Windows NT CurrentVersion Winlogon Registry Value...

Страница 88: ...80 Microsoft Windows NT Server White Paper Registry Value Registry Data Description Show REG_DWORD Off 0 or value is removed On time in sec onds in hexadecimal Decimal 0 600 default 30...

Страница 89: ...presenting drive Z If a bit is set to 0 the autorun feature is enabled on that drive If a bit is set to 1 the autorun feature is disabled on that drive For example if the value of this entry is 0x8 10...

Страница 90: ...82 Microsoft Windows NT Server White Paper Registry Value Registry Data Description NoStartBanner REG_DWORD 0 enabled 1 disabled...

Страница 91: ...ng User Work Environments part of the Windows NT Server product documentation Kixtart Resource Kit Utility available in the Windows NT Server Resource Kit for version 4 0 For the latest information on...

Страница 92: ...charts illustrate how User Profiles operate within the Windows NT 4 0 operating system and give the administrator an at a glance look at the procedures to take and the internal processing that occurs...

Страница 93: ...rofiles directory to the NETLOGON share and modify it to meet specific needs When users log on for the first time without a local profile or a server based profile the default user profile from the se...

Страница 94: ...e Reconcile both by comparing time stamps Is the central profile newer Load local profile continue to Part 2 No Is profile mandatory Download profile from server continue to Part 2 Ask user preference...

Страница 95: ...mand to Load Profile Set USERPROFILE environment variable Check build number for version Load the User Profile Apply System Policy Save settings to Registry Same Process UserDiff Registry changes from...

Страница 96: ...ile Return to original flowchart Does profile path end in usr or man Attempt to create the directory and return to original flowchart No Append pds or pdm as appropriate and look again what was found...

Страница 97: ...Does Machine Specific Policy exist Read Machine Specific Policy and write Registry entries Yes No Does Default Computer Policy exist End policy process No Read Default Computer Policy and write Regis...

Страница 98: ...t currently exists A myuser man file exists in the folder myserver myshare Administrator action None User action None Migrating Windows NT 3 5x Roaming Profile to Windows NT 4 0 Roaming Profile A doma...

Страница 99: ...myuser and then allow the user to log on and log off User action When instructed to do so log on to the Windows NT 4 0 based computer and then log off This creates the folder myserver myshare myuser...

Страница 100: ...der that contains the user s roaming profile from myuser to myuser man Finally rename the NTuser dat file which is located in the root of the user s profile folder to NTuser man User action None For m...

Страница 101: ...n Users and Guests group or who are members of just the Guests group will have their local profiles deleted automatically at logoff Recent Updates to Profiles Since Retail Release In the original reta...

Страница 102: ...cted in Service Pack 3 If this option is turned on context menus for both the list view and the tree view are disabled Manual mode policy path expansion support was added in Service Pack 3 If you spec...

Страница 103: ...ion When Accessing User Profiles Q146192 How Windows NT Chooses Between Roaming and Local Profiles Q158899 Prompted for Password When Restoring Persistent Connections Q158682 Shortcuts Created Under W...

Страница 104: ...t Windows NT Server White Paper Q156432 Windows NT 4 0 Policy Restriction Error at Logon Q155956 Cannot Restore Default Setting for Shutdown Button Q163215 System Policies May Not Work With Third Part...

Отзывы:

Нет отзывов