Microsoft Windows NT 4.0 User Manual

Microsoft Windows NT Server White Paper

17

NOTES:

•

When entering the path to the target directory, you can use universal naming convention (UNC)
names. However, if you are going to use the Browse function to locate the target directory for the
profile, it is important that you first map a drive to the \\server\share

where the profile will be stored.

•

The mydomainuser name shown in Step 2 does not have to be the user’s name. Many user accounts
or groups can be configured to point to the same profile. Because this is a mandatory profile, this
may be the desired use of the profile since the administrator wants all the users in the group to re-
ceive the same settings.

•

The profile does not need to be stored one directory below the \\server\share. The profile can be
nested several directories below, or the profile path can be local.

•

If the profile path points to a directory on the local machine, a share is not needed.

•

The variable %USERNAME% is replaced by the user name only once in the User Profile path, in User
Manager, and it must be the last subdirectory in the path. However, extensions can still be added,
such as .usr or .man.

•

The %LOGONSERVER% variable can be used for mandatory profiles to provide fault tolerance. Do
not place double slashes ( \\) in front of %LOGONSERVER%; doing so will prevent the variable from
being read properly. See Microsoft Knowledge Base article Q141714 for more information.

•

You can use the TemplateUser account to test changes before making them available to users by
copying the adjusted profile directory to test accounts prior to rollout.

•

You can select any group or a specific user when setting the permissions. However, only the user or
group specified will be able to use the profile. For this reason, it is recommended that the Everyone
group be given permission to use template profiles.

Making a Roaming Profile Mandatory in

Windows NT 4.0

You have two options when configuring a mandatory roaming profile: you can

change the user’s ability to modify the User Profile, or you can change the

user’s ability to modify the User Profile and enforce the use of the server-

based profile at logon. With the second option, the user is not able to log on to

the system if the network profile is unavailable. Each of these procedures will

be explained more fully below.

Changing the User’s Ability to Modify a Profile

When creating a User Profile or at any time thereafter, you have the option of

enforcing whether or not the user can modify the profile by changing the ex-

tension on the NTuser.dat file. The NTuser.dat file is located in the root of the

user’s profile directory. If you change the name of this file to NTuser.man,

when Windows NT reads the profile, it marks the profile as read-only, and any

changes that the user makes while logged on are not written back to the

server-based profile when he or she logs off.

To change the user’s ability to make modifications to the User Profile

1. Locate the user’s profile in the account’s User Profile path.

2. While the user is logged off, rename the NTuser.dat file to NTuser.man.

(Note that if you make this change while the user is logged on, the user’s

copy of the profile will overwrite your changes, because at the time the

user logged on, he or she had permission to overwrite the profile.)