User Management

User management includes either adding new users to the network or manipulating current user characteristics. The tools you will be using include:

•  User Manager For Domains—This is the heart of all user management. The User Manager For Domains is used to enable system auditing on a global level, create and manipulate local and global groups (local groups are unique to the computer they are created on, while global groups are domain-wide), create and manipulate user accounts, configure system user policies (such as the minimum password length, the maximum password age, account lockout features, and so on), and specify which computers each user can log on from and the time each user can be logged on to the system. You can also use the user manager to set up a user’s profile, logon script, and any home directory, if desired.

---

Note:  Unlike Novell NetWare and other network operating systems, Windows NT Server does not provide the ability to limit the amount of file space a user can access. So, be prepared to implement a system policy of notifying users who exceed your maximum disk quotas, backing up their data, and then deleting it when file space runs low. There are third-party solutions to this problem, however, such as DiskQuota.

---

•  User Profile Editor—This tool is used to create an initial user profile. A user profile is the environment in which a user works and includes all file manager, print manager, and any other user-specific settings. A profile can be either user specific and nonsharable, or sharable and nonuser specific. It cannot be both. A sharable profile is called a mandatory profile and is used to restrict a group of users from changing their user environment, much as the INI entries for Windows 3.x.

---

Note:  One of the interesting concepts involved with profiles is the ability to use the same profile on more than one computer. When a user logs on from a different computer, the user’s profile is used to configure the computer. In other words, the user will see the same desktop and can use the same applications available on the user’s primary computer (as long as the applications are installed in either the same directories on the local computer or are on a network share). But this will only occur if the user profile has been created and is available (shared) from a server that is accessible from the new location. Profiles are also server specific, unlike logon scripts, which can be replicated from server to server and can be executed from the server that authenticates the user.

---

•  System Policy Editor—This tool is quite similar in purpose to the User Profile Editor, but it is much more granular. With the System Policy Editor, you can set additional restrictions that are unavailable with the User Profile Editor. For example, you can restrict a user’s ability to change the display or desktop characteristics, restrict system tools from being used, allow only specific Windows applications to be executed, and many more options, as well. This is a very powerful tool.

•  Logon Scripts—Logon scripts aren’t really managed through a specific tool, although they are assigned (named) in the User Manager For Domains. Basically, a logon script is a batch program that is executed when the user logs on to the domain. Logon scripts can include features such as mapping share or printers, automatically checking the hard disk, running programs to keep track of a user’s time on a project, or any other program that can be run from the command line.

Summary

This chapter took a good look at some of the features provided by Windows NT Server, along with a brief look at the system architecture. This review was meant to prepare you for actually working with Windows NT Server. Hopefully, this chapter answered some of your questions as to software compatibility.

As we worked our way through this chapter, we discussed some of the more important features of Windows NT, including the NTFS file system, what NT can and cannot do, and what fault tolerant features are incorporated into NT. These fault tolerant features can be implemented as part of your normal configuration depending on your needs, available hardware, and budget. Lastly, we reviewed some of the tools that are available to help you manage your network on a day-to-day basis.