Microsoft Windows NT 4.0 User Manual

Microsoft Windows NT Server White Paper

9

NOTE: Directories containing roaming User Profiles need at least Add and Read permissions for profiles
to be read correctly. If you use Add permissions only, when Windows NT checks for the existence of the
profile it will fail because it looks for the path first, and if Read rights are not given, the check will fail.

Permissions are also important on a client machine where the user is log-

ging on interactively. If Windows NT is installed in an NTFS partition on the

client computer, and the user does not have at least the default permissions as

outlined in the Windows NT Server Concepts and Planning Guide (page 132),

errors can occur. For example, if permissions are incorrect on the root of the

system directory, the following message appears: “Can’t access this folder—

the path is too long.” A blank desktop is displayed, and the user’s only option is

to log off.

If permissions are set incorrectly in the %systemroot%, %system-

root%\System, %systemroot%\System32, or %systemroot%\System32\Config

directories, the following message appears: “Unable to log you on because

your profile could not be loaded.”

Encoding Permissions in the User Profile

The registry portion of the User Profile, NTuser.xxx, is encoded with the user

or group that has permission to use that profile. Once this is saved, you can

use the Registry Editor to modify this information if you want to change the

permissions on a profile without replacing it.

To change encoded User Profile information:

1. Follow the instructions to manually edit a profile: (Refer to the section

“Administering a User Profile Manually through the Registry” later in this

document).

2. Change the permissions on the root of the key to include users and groups

who will have permission to use the profile.

3. Unload the hive.

Selecting a Location to Save User Profiles

As with Windows NT 3.5x, you can place a roaming profile in any shared di-

rectory, and then configure the user account profile path to point to the profile.

The Profiles directory in the system root stores local User Profiles, “All Users”

profile settings (which apply to any user who uses the computer), the “Default

User” profile, and cached User Profiles of domain users. You should avoid

using the %systemroot%\Profiles directory in the domain users’ profile path as

a location to store server-based profiles, whether they are roaming or manda-

tory. (The path should allow the user’s profile to roam with the user and be

available on any networked computer that the user logs on to. If you specify a

path to the %systemroot%\Profiles directory, the client computer always uses

the local profile instead.)

Windows NT 4.0 profiles can be saved on any Windows NT 3.5x or 4.0

server because the client computer uses the path where the profile is stored

only as a location to download the profile and to write the modified user profile

at log off. This allows profiles to be stored on any shared network drive. The

process of downloading the profile is controlled by the client computer— all the