|
Table 5.3 shows the user property items that can be configured. Because they are too numerous, the computer properties are not listed; however, you can view them with the System Policy Editor.
Table 5.3 System Policy Editor user properties.
|
| Policy
| Available Settings
|
|
| Control Panel|Display
| Deny access to display icon.
|
|
| Hide Background tab.
|
|
| Hide Screen Saver tab.
|
|
| Hide Appearance tab.
|
|
| Hide Settings tab.
|
| Desktop
| Wallpaper.
|
|
| Color scheme.
|
| Shell|Restrictions
| Remove Run command from Start menu.
|
|
| Remove folders from Settings on Start menu.
|
|
| Remove taskbar from Settings on Start menu.
|
|
| Hide drives in My Computer.
|
|
| Hide Network Neighborhood.
|
|
| No Workgroup contents in Network Neighborhood.
|
|
| Hide all items on desktop.
|
|
| Disable Shutdown command.
|
|
| Don’t save settings at exit.
|
| System|Restrictions
| Disable Registry editing tools.
|
|
| Run only allowed Windows applications.
|
| Windows NT|Custom Folders
| Custom Program folder.
|
|
| Custom Desktop folder.
|
|
| Hide Start menu subfolders.
|
|
| Custom Startup folder.
|
|
| Custom Network Neighborhood.
|
|
| Custom Start menu.
|
| Windows NT|Restrictions
| Only use approved shell extensions.
|
|
| Remove common group from Start menu.
|
| Windows NT System
| Parse Autoexec.bat.
|
|
| Run logon scripts synchronously.
|
|
Note: With Windows NT 4, the terms folder and subfolder have been introduced as replacements for directory and subdirectory. However, not all of the Administration tools have caught up with this new naming convention. One such example is the Home Directory. The Home Directory is used as a default folder for all undirected file operations. The Home Directory can be either local or a network share.
Logon Scripts
Logon scripts are an optional logon configuration technique. These scripts can perform user configuration tasks, such as creating network connections and starting applications. One advantage of using logon scripts instead of user profiles is that logon scripts can be changed to make a new network connection upon logon. This connection would be made automatically the next time the user logs on. If a user profile was used, the user would have to first log on and then manually make the network connection. When writing logon scripts, various logical parameters can be used in the script. The parameters will be evaluated by Windows NT when the scripts are run and can be used to customize the scripts for users and groups as required. Table 5.4 lists these parameters, and Table 5.5 shows some uses for them.
Table 5.4 Logon script logical parameters.
|
| Parameter
| Function
|
|
| %HOMEPATH%
| Full path to the user’s home folder.
|
| %HOMEDRIVE%
| Drive letter associated with the user’s home folder on the user’s local workstation.
|
| %HOMESHARE%
| Share name containing the user’s home folder.
|
| %OS%
| Operating system running on the user’s workstation.
|
| %PROCESSOR_ARCHITECTURE%
| Type of processor the user’s workstation is using.
|
| %PROCESSOR_LEVEL%
| The processor level of the user’s workstation.
|
| %USERDOMAIN%
| The domain that contains the user’s workstation.
|
| %USERNAME%
| User’s logon account name.
|
|
Table 5.5 Example logon script logical parameters.
|
| Command
| Function
|
|
| net use * \\server1\%username%
| Connects to a network share controlled by server1 with the same name as the user account; e.g., the share UNC name could be \\server1\pault.
|
| net use * \\server1\%os%
| Connects to a network share controlled by server1 with the share that matches the workstation operating system. Can be used to make sure the workstation connects to the correct location for its version of server-based software.
|
|
Logon scripts are obtained from whichever server in the domain validates the logon. Therefore, you should use the Replicator service to make sure that these logon scripts are available on all domain validating servers. This is done by holding a master set of logon scripts in \%systemroot%\System32\Repl\Export\scripts, then importing them into all servers.
Further description of the net use command can be found in Chapter 7.
User Environmental Variables
User environmental variables are configured by using the System utility contained in the Control Panel. Unique to each user who logs on, user environmental variables are used to configure the parameters for the temporary file storage and path locations. The System Properties Environment window is shown in Figure 5.5.
Figure 5.5 The System Properties Environment window.
In addition to user environment variables, system variables are located in the System utility and are system-wide variables that only administrators are able to change.
Projects:
Practical Guide To Administering The User Environment
The following section provides real-life examples and step-by-step instructions on how to successfully administrate the Windows NT user environment. For these examples, User Manager For Domains is used. (As mentioned earlier, User Manager is used in the same way but does not have all the features of the domain version.) Refer to the text earlier in this chapter for more information on the differences between these two administrative tools.
|
FEEDBACK
)
){kind=link}