General discussion

Locked

System Policies and User Profiles

By natecasp ·
I currently use system policies to set the message that pops up before logon on all our Win9x systems. However when I try to alter the policy to make the wallpaper and screen savers common to all PCs it does not work. I tried it on a test server I am running and it only seems to work with user profiles turned on in Win9x. My question is do system policies require user profiles to be setup on Win9x PCs when desktop properties are being set?

This conversation is currently closed to new comments.

10 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

System Policies and User Profiles

by dheupel In reply to System Policies and User ...

Yes, user profiles determine desktop settings (wallpaper, system event sounds, etc.), policies determine what is available to the end user, i.e.: Control Panel, programs from the Start Menu, etc.

Collapse -

System Policies and User Profiles

by natecasp In reply to System Policies and User ...

I am familiar with user profiles and system policies. What I need to know is why you need user profiles enabled to enforce some system policies. And which exact system policies need user profiles to function.

Collapse -

System Policies and User Profiles

by natecasp In reply to System Policies and User ...

Well, the wallpaper and screen saver options exist in the system policy. What I do not understand is why do user profiles need to be enabled for the system policy to change these items?

Also when I try enabling user profiles via the system policymany Win9x systems want to check the boxes for storing extra Start Menus and desktop icons. This causes a great problem since if user profiles must be enabled to control the wallpaper and screen saver settings I do not want the desktop icons and start menus copied to our server. Is there a way to automate the setup of user profiles making sure these boxes are not enabled? I am not concerned about the history, app data, favorites folders since they do not effect the appearance. I need each user to be able to logon for any PC without their desktop and start menu following them. Any ideas?

Collapse -

System Policies and User Profiles

by Smurfman In reply to System Policies and User ...

Here is what we have done and it seems to work ok. System Policies must be enabled for this to work, and the config.pol, file must be in the NETLOGON directory. In the User Manager for Domains open a user account or several all at once, and then click propeties, and now look at the policy tab. If you do not specify a directory to store the profile, one will not be stored on the server, and will stay local to that machine. So, as you have defined a custom desktop, limited the control panal,setup a company background, all in the policy editor, then the user will logon, the default registry for windows, will be loaded, then the config.pol, will be checked to see if the user logging on is defined in the config.pol or if not, it will use the default user and the setting in there. In effect the registry is rewritten while the user is logging on, and then all they see is what you have left for them to see. Keep in mind that a checked box will enforce the setting, a grayed bow will ignor the setting no matter what is there, even a previous user, and a cleared box will as you guessed it, clear the setting back to the default of the windows, OS setup. Remember NT users, must have an NTconfig.pol in the NETLOGON directory for this to work for them.

Good luck...

BTW Tech Net has a wonderful white paper on policies, that will prove to be helpful.

Bye,
Smurfman

Collapse -

System Policies and User Profiles

by natecasp In reply to System Policies and User ...

Well I looked at the user profile location in the NT user manager and it is blank just like yours. I believe if you read the white paper you are talking about, you will see that if a home drive path is defined it will save the profiles to it if no profile path is setup. You must not have either setup on your domain. We need the home drive path. Also, you stated in your answer that system profiles need to be turned on... do you mean user profiles or system policies? Regardless I am trying to geta way to setup user profiles everywhere without saving the desktop icons and start menu as part of the profile.

Collapse -

System Policies and User Profiles

by dheupel In reply to System Policies and User ...

The Start Menu and desktop icons ARE A PART OF A USER PROFILE, be it a local profile, or roaming profile. **There is no way around this.** However, a workaround may be to assign every user a default, unchangable, mandatory profile, by stipulating a static profile location for all users, such as \\ServerName\ShareName\DEFAULTPROFILE, and then using the system policies to lock-down the desktop and control panel/display properties so a user cannot change desktop settings. Remember, the Start Menu and desktop icons are only 1KB files, and should not take up a negligible amount of drive space. I'm curious what your concern is regarding the Start Menu and desktop icons???

Check out MS-KB Articles: Q142682, Q161070, Q196284, Q156697 & Q161334.

Collapse -

System Policies and User Profiles

by natecasp In reply to System Policies and User ...

I am interested in implementing system policies without user profiles. Microsoft claims this is possible however I beg to differ. If you look at POLEDIT you will see settings for the desktop, background, etc however if you try to implement them without user profiles they will not work.

I am not interested in implementing mandatory profiles at all.

Collapse -

System Policies and User Profiles

by Smurfman In reply to System Policies and User ...

Ok, lets see, first w9x will automatically download "system policies" by default. The key is that the primary logon must be Client for Microsoft Networks, the domain must be specified, and the policy that you want is placed on the PDC as such... \\primarydomaincontroller\netlogon\config.pol

This will force w9x to download the new registry settings for the user who is logging on, remember that the default user will affect everyone. So remember to exclude people such as yourself and other admins, and such. When using POLEDIT you can specify if user profiles are enabled for the machine, user profiles will be what is used to store the user settings, however, if you want to specify what is there for the user or specify a "custom desktop" then within the policy is where you do it. Simply use the proper .adm file as a template. Admin.adm and common.adm are the most used. I do believe that by excluding using system policies in the POL file, that this will solve the save issue of usersettings. I am pretty sure also that as long as you have profile enabled and do not specify a profile location in the User Manager for Domains then the profile will only stay local to that machine. As for connecting to a special drive for a particular user I would put that in my login script and map the drive in the policy, so that it will show in my computer for the user. Well good luck, let me know how you make out.

Smurfman

Collapse -

System Policies and User Profiles

by natecasp In reply to System Policies and User ...

You are not understanding what I am saying. I said that if you have a home drive mapped via the user manager profile page, Win9x will automatically save all profile information to that home directory at logout. Therefore all the profile info will bestored on the server since I have home drive paths defined in user manager. Secondly, I understand the way the system policies work however in the system policies you can set common desktops, backgrounds, etc. but if you do so without enabling user profiles the settings do not work. I just do not understand why Microsoft says you may use system policies independent of user profiles when what actually happens it that you can use the machine setting part of the system policies but to use the userpart you need to enable user profiles.

Another thing is what happens when a user has a laptop and the setting are downloaded to the laptop. Then they try to use the laptop independent from the network. The settings however are still locked down and are not able to be re-enabled without connecting to the network again. Is there a solution for this?

Collapse -

System Policies and User Profiles

by natecasp In reply to System Policies and User ...

This question was closed by the author

Back to Windows Forum
10 total posts (Page 1 of 1)  

Related Discussions

Related Forums