Article ID: 150919
Article Last Modified on 2/21/2007
APPLIES TO
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional Edition
- Microsoft Windows NT Workstation 4.0 Developer Edition
- Microsoft Windows NT Server 4.0 Standard Edition
This article was previously published under Q150919
SUMMARY
If roaming user profiles are used with Windows NT 4.0 systems, system administrators may wish to not allow users to change the profile type to local. To do this, remove the read permission from the %systemroot%\System32\Sysdm.cpl file for the users or groups that should not be able to modify profile settings. This removes the System icon from Control Panel. As a result, those users cannot change system settings.
NOTE: The Windows NT 4.0 system has to be installed on an NTFS partition to be able to set file permissions.
MORE INFORMATION
User profile settings are stored in the registry under the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\ProfileList
For every user ever logged on to a Windows NT 4.0 system there is a subkey named after the security ID (SID) of that user where the actual values are stored. The user profile type is stored in the State value under the users subkey. Setting this value using system policies is possible but it does not prevent the System icon from Control Panel from appearing and therefore the user can change the profile type once logged on. Another disadvantage of changing the profile type in the registry is that you must ensure that you change the value in the subkey associated with the user. This implies that you must find the appropriate SID for the user.
Additional query words: prodnt
Keywords: kbinfo kbui KB150919
