|
Administration
Creating User and Group Reports in Windows NT
Microsoft Knowledge Base Article: 137848 - There are no graphical or command line utilities that produce comprehensive reports on groups, users and permissions included with the Windows NT Operating System or the Windows NT Resource Kit. The NET commands and the Windows NT 3.5
Resource Kit ADDUSERS.EXE and PERMS.EXE utilities can be used to create limited administrative reports by piping the output to a text file.
HOW TO: Assign a Home Directory to a User
Microsoft Knowledge Base Article: 320043 - This step-by-step article describes how to assign a home directory to a user by using the Active Directory Users and Computers MMC, the Computer Management MMC, a logon script, or the command
line.
HOW TO: Change a User Name in a Domain in Windows 2000
Microsoft Knowledge Base Article: 323000 - This step-by-step article describes how to change a user name in Windows 2000 Active
Directory.
How to Determine the Currently Logged on User with Windows NT 4.0 and Windows 2000
Microsoft Knowledge Base Article: 156694 - In Windows NT Server version 3. x , you can use the title bar of Program Manager to determine the name of the currently logged-on user. This information is not immediately available in Windows NT Server 4.0, but you can obtain it by using one of the...
How to Display and Administer All Users in Active Directory
Microsoft Knowledge Base Article: 237548 - An administrator may want to generate a list of users in Active Directory. Once the users are displayed, the administrator can select multiple accounts to administer.
How to Generate a List of Users
Microsoft Knowledge Base Article: 149781 - The User Manager application does not provide a method for generating a list of user accounts for a Microsoft Windows NT server or domain.
How to Modify the Right to Display Users in User Manager
Microsoft Knowledge Base Article: 180782 - When you use the User Manager tool on a computer running Windows NT, domain users or Guest account users may be able to display the list of user accounts and group accounts. This article describes how to use the Listacct.exe tool to modify
HOW TO: Rename the Administrator and Guest Account in Windows 2000
Microsoft Knowledge Base Article: 320053 - This step-by-step article describes how to change the administrator account and guest account names by using Group
Policy.
HOW TO: Restore a User Profile in Windows 2000
Microsoft Knowledge Base Article: 314045 - This step-by-step article describes how to restore a user profile as well as the following user profile items:
Installing Usrmgr.exe and Srvmgr.exe in Windows 2000 Professional
Microsoft Knowledge Base Article: 237995 - Microsoft Windows NT 4.0 domain controllers
(DCs) cannot be fully administered from Windows 2000 Professional workstations without Usrmgr.exe and
Srvmgr.exe. These services are not provided on Windows 2000 Professional workstations.
Redirecting the My Documents Folder for All Users in Windows 2000
Microsoft Knowledge Base Article You can use Group Policy to redirect the My Documents folder to a different network path on the domain for all users without having to set up an individual policy for each user.
Using Usrmgr.exe with Windows 2000 Terminal Services on Windows NT 4.0 Domain
Microsoft Knowledge Base Article: 261099 - This article describes how to use User Manager in Windows 2000 to gain access to additional user properties that are available for use with Terminal Services in a Windows NT 4.0-based
domain.
Usrmgr Not Just for Domains
Use User Manager for Domains to manage workstation and member
server accounts. Source: Windows & .NET Magazine (August
2002)
Creating
Accounts
AddUsers Automates Creation of a Large Number of Users
Microsoft Knowledge Base Article: 199878 - The Addusers.exe tool
for Windows NT is a 32-bit administrative utility that uses a
comma-delimited text file to create, modify, and delete user
accounts. Addusers is most beneficial when the information to be
manipulated is maintained in a spreadsheet, such as one created
with Microsoft Excel, that can be converted to a comma-delimited
file. You must be a member of the Administrators group on the
target computer to add accounts and a member of the Users group
to write to accounts.
Basic User Account Creation with ADSI Scripting
Microsoft Knowledge Base Article: 230750 - The Active Directory Services Interface (ADSI) tool provides a single consistent set of interfaces that can be called in scripts using the Microsoft Windows Script Host, or other scripting languages (VBScript and JScript are supported natively).
Creating a Workstation only Administrator
Microsoft Knowledge Base Article: 125782 - Describes how to add a pseudo-administrative account to a domain to allow a user to administer and maintain Windows NT workstations but not servers.
Configuring
Accounts
Batch Process to Create and Grant Access to Home Directories
Microsoft Knowledge Base Article: 155449 - When administrators need to create large numbers of users and corresponding home directories, the task can be simplified by using a batch process rather than creating each home directory individually through Windows NT File Manager or Windows
How to Add a Master Domain Administrator Account to the Local Administrators Group of a Resource Workstation
Microsoft Knowledge Base Article: 297307 - This article describes how to add a master domain Administrator account to the local Administrators group on a workstation in a resource domain.
How to Allow Normal Users Temporary Access to Local Administrator Tasks
Microsoft Knowledge Base Article: 231270 - Describes how to let normal users perform a task or run a program on their computers that requires administrative privileges without changing the users' current security settings.
HOW TO: Configure User and Group Access on a Windows NT 4.0-Based or Windows 2000-Based Intranet
Microsoft Knowledge Base Article: 300985 - The World Wide Web (WWW) and FTP services that are included with Microsoft Internet Information Server and Microsoft Internet Information Services are fully integrated with Windows 2000 user accounts and file access permissions.
HOW TO: Configure a User Account to Log on to Windows 2000-Based Computer from a NetWare Client
Microsoft Knowledge Base Article: 316100 - This step-by-step article describes how to configure a domain user account so that it can log on to a Windows 2000 Server-based computer (on which File and Print services for NetWare is installed) from a NetWare client computer.
After you do so, the user account will be able to access
resources on this server from a NetWare client computer.
How to Create User Shares for All Users in a Domain with ADSI
Microsoft Knowledge Base Article: 234746 - This article contains a sample script that demonstrates how to create user folders and share them for each user in the domain in which you are logged on.
HOW TO: Delegate Administrative Authority in Windows 2000
Microsoft Knowledge Base Article: 315676 - This step-by-step article describes how to delegate administrative authority in Windows 2000. An administrator can use this feature in Windows 2000 to delegate administrative authority over one or more organizational units
(OUs) to a user or group, without giving that user or group
administrative authority throughout the domain. This increases
the flexibility with which administrators can assign
responsibility over a specified set of user/group accounts,
printers, or other resources that can be placed into an
organizational unit.
How To Delegate the Unlock Account Right
Microsoft Knowledge Base Article: 294952 - This article describes the process to delegate the right to unlock locked user accounts to a particular group or user in Active
Directory.
How to Enable Automatic Logon in Windows NT/2000
Microsoft Knowledge Base Article: 97597 - Windows NT allows you to automate the logon process by storing your password and other pertinent information in the Registry database.
How to Enable User Environment Event Logging in Windows 2000
Microsoft Knowledge Base Article: 186454 - This article describes how to enable the user environment event logging features available in Windows
2000.
How the Local User Accounts Are Handled When a Server Is Promoted to a Domain Controller
Microsoft Knowledge Base Article: 296561 - This article describes how local user accounts are handled when a server is promoted to a domain
controller.
How to Run Programs Automatically When a User Logs On
Microsoft Knowledge Base Article: 240791 - Describes how to use group policies in Windows 2000 to configure a program to run automatically when a user logs on.
How to Set User Rights in Windows 2000
Microsoft Knowledge Base Article: 220019 - This article describes how to set user rights in Windows 2000.
Limiting a User's Concurrent Connections in Windows 2000 and Windows NT 4.0
Microsoft Knowledge Base Article: 237282 - Describes how to limit concurrent connections for all users in a Windows 2000 or Windows NT 4.0 environment.
User Rights
Windows NT Magazine article assigning or removing rights to customize your network, by Michael Reilly.
Group
Membership
Group Type and Scope Usage in Windows 2000
Microsoft Knowledge Base Article: 231273 - Microsoft Windows 2000 extends the Microsoft Windows NT 4.0 concept of user groups by adding Universal and Distribution groups. In Windows NT 4.0, there are only Global and Local groups, and both are considered Security
groups.
How to Add Special Groups to Built-In Groups
Microsoft Knowledge Base Article: 292781 - If you, as the administrator, delete one of the memberships of a special group, such as Authenticated Users, from a Built-in Domain Local Users group on a domain controller in Windows 2000, you cannot re-add the group by using the Active
Directory Users and Computers tool. To add one of the special
groups to a domain local group on a domain controller, use the net
localgroup command.
HOW TO: Add Users to the Pre-Windows 2000 Compatible Access Group
Microsoft Knowledge Base Article: 303973 - This step-by-step article describes how the Pre-Windows 2000 Compatible Access group is used, why it is needed in a mixed-mode domain, and how to set up the group up by using the Active Directory Users and Computers snap-in and command line
Profiles
Differences in the User Profiles of Windows 95, Windows 98, Windows NT, and Windows 2000
Microsoft Knowledge Base Article: 269378 - Microsoft Windows 95, Windows 98, Windows NT and Windows 2000 all contain and support user profiles and in many respects, they behave the same. However, there are some differences. These differences may cause a Windows 95 or Windows 98
user profile to not be used or transferred to a Windows NT 4.x
or Windows 2000 user profile with the exception of Windows 95
and Windows 98 clients that have been upgraded to Windows 2000
Professional. In this case, their user profile are converted.
Differences in the User Profiles in Windows
Microsoft Knowledge Base Article: 269378
- Windows 95, Windows 98, Windows NT and Windows 2000 contain and support user profiles, and in many respects, they behave the same. However, there are some differences. These differences may prevent a Windows 95 or Windows 98 user profile from being
used or transferred to a Windows NT 4. x or Windows 2000
user profile with the exception of Windows 95 and Windows 98
clients that have been upgraded to Windows 2000 Professional. In
this case, their user profile are converted.
Duplicating User Profiles in Windows 2000
Microsoft Knowledge Base Article: 255095 - This article describes how to duplicate user profiles in Microsoft Windows 2000.
How to Assign a Logon Script to a Profile for a Local User
Microsoft Knowledge Base Article: 258286 - This article describes how to assign a logon script to a profile for a local user's account on a Windows 2000 Professional workstation or a Windows 2000 Server. This logon script runs when the local user logs on locally to the computer.
How to Assign the Administrator Profile to Other Users
Microsoft Knowledge Base Article: 156568 - In Windows NT 4.0 and in Windows 2000, if you log on as an administrator and make some changes to your desktop, such as moving the taskbar, creating a shortcut, or installing software, and then log off and log on again as another user who has equivalent access right as administrator, you will find that all the changes made by the administrator are not available.
HOW TO: Assign a Mandatory User Profile in Windows 2000
Microsoft Knowledge Base Article: 323368 - This step-by-step article describes how to assign a mandatory user profile for Windows 2000-based client computers in a Windows 2000
domain.
HOW TO: Change the Default Location of User Profiles and Program Settings
Microsoft Knowledge Base Article: 322014 - This article describes how to move a user's Documents and Settings
folder.
HOW TO: Configure Client User Profile Information for a Roaming
User on Windows 2000
Microsoft Knowledge Base Article:
307964 - Roaming users move between different computers on a
network. This article describes the procedures that you have to
use to enable and configure profile information for each of the
roaming users in your organization. This article assumes the
operating system on your primary domain controller (PDC)
is Windows 2000
How to Create and Copy Roaming User Profiles in Windows NT 4.0 and Windows 2000
Microsoft Knowledge Base Article: 142682 - On occasions, it may be necessary for an administrator to copy a defined User Profile to a number of Users, which will present each of them with an identical initial profile for their first logon, which they will then be able to modify as required.
HOW TO: Create a Custom Default User Profile
Microsoft Knowledge Base Article: 305709 - This article describes how to create a custom default user profile in Windows 2000. A custom default user profile is helpful if several people use the same computer but each user wants a separate profile along with access to shared resource.
HOW TO: Create a Roaming User Profile
Microsoft Knowledge Base Article: 302082 - This step-by-step article describes how to create a roaming user profile. Roaming user profiles provide the user with the same working environment, no matter which Microsoft Windows NT-based computer to which the user logs
on.
HOW TO: Delete a User Profile
Microsoft Knowledge Base Article: 313918 - This step-by-step article describes how to delete a user profile from a local computer. If you use this method, you delete the %SystemRoot%\Documents and
Settings.
How to Move the Location of a Locally Cached Profile
Microsoft Knowledge Base Article: 214470 -
By default, the locally cached copy of a profile is stored in %SystemRoot%\Profiles\, which may be an issue if you have a large number of people logging on to a computer.
If you have a large number of people logging on to a computer
(which creates a large number of profiles), disk space on the
operating system partition may become scarce. You can move the
locally cached copy of a profile to another local partition
How to Migrate User Profiles to Windows 2000
Microsoft Knowledge Base Article: 234548 - This article describes how to migrate your user profile settings in Microsoft Windows 95/98 when you upgrade to Windows
2000.
How to Prevent a User from Changing the User Profile Type
Microsoft Knowledge Base Article: 150919 - If roaming user profiles are used with Windows NT 4.0 systems, system administrators may wish to not allow users to change the profile type to local. To do this, remove the read permission from the %systemroot%\System32\Sysdm.cpl file for the users or groups that should not be able to modify profile settings. This removes the System icon from Control Panel. As a result, those users cannot change system settings.
HOW TO: Prevent Folders from Roaming with a Profile in Windows 2000
Microsoft Knowledge Base Article: 315415 - This step-by-step article describes how to use a group policy to prevent specific folders that are contained in a roaming-user profile from being copied to the
server.
HOW TO: Restore a User Profile
Microsoft Knowledge Base Article: 314045 - This step-by-step article describes how to restore a user profile as well as the following user profile
items:
How to Use
%LOGONSERVER% to Distribute User Profiles
Microsoft Knowledge Base Article: 141714 -
If you want to specify a domain server that validates a user logon, use the environment variable
%LOGONSERVER% in a PATH statement. This article describes how you can use
%LOGONSERVER% to distribute user
profiles.
How to Use Windows 95 and Windows 98 Roaming User Profiles with Windows 2000 Server
Microsoft Knowledge Base Article: 264866 - Windows 95 and Windows 98 clients support the use of roaming user profiles; however, they behave differently from the user profiles found in Windows NT 4 and Windows 2000. This article explains how to implement roaming user profiles for
Windows 95 and Windows 98 clients connecting to a computer running Windows 2000 Server
Roaming Profile Creation in Windows Using the "Copy To" Command
Microsoft Knowledge Base Article: 243420 - Roaming profiles contain user work environments, which include the desktop items and settings. Some examples of these environments are screen colors, mouse settings, window size and position, and network and printer connections. Roaming profiles...
User Profile FAQ
From the Microsoft Support Center.
User Profile Storage in Windows 2000
Microsoft Knowledge Base Article: 228445 - The naming convention for user profile folders in Windows 2000 is different from that used in Microsoft Windows NT 4.0 and earlier versions. This article describes the location for user profile folders and how subfolders are created for
individual user profiles.
WebCast: User Profiles in Microsoft Windows 2000
Level:200 This presentation describes the changes and enhancements included in roaming user profiles in Windows 2000.
Security
14 Day Password Change Notification Cannot be Changed
Microsoft Knowledge Base Article: 135403 - In Windows NT 3.x, when your password is 14 days from expiration, you receive a Password Change Notification when logging on requesting you to change your password. If the Maximum Password Age is set to 30 days, you receive the notice when
your password is only half way through its life span. Although you may wish to change the advance time of the reminder, the Password Change Notification is hard coded at 14 days in Windows NT 3.x and is not configurable. In Windows NT 4.0, a new registry parameter is available to
allow administrators to configure the number of days at which the Password Change Notification is presented. The implementation of this new parameter requires that the registry change be made on the client computer.
Behavior of SAM Account Names and UPN Suffixes Containing At Signs
Microsoft Knowledge Base Article: 276424 - If you create a user whose Security Accounts Manager (SAM) account name contains the at sign (@), or if you specify a User Principal Name (UPN) suffix which contains the at sign, you may encounter unexpected behavior.
How to Enable User Environment Event Logging in Windows 2000
Microsoft Knowledge Base Article: 186454 - This article describes how to enable the user environment event logging features available in Windows 2000.
HOW TO: Monitor for Unauthorized User Access
Microsoft Knowledge Base Article: 300958 - This article describes how to monitor your system for unauthorized user access. There are two main steps: Enabling security auditing and viewing the security logs. Note that different systems have different security needs, and the security
topic is complex. Any user who sets up security audits on your
system must be assigned to administrative groups or be given
security rights and privileges.
HOW TO: Prevent Users From Changing a Password Except When Required in Windows 2000
Microsoft Knowledge Base Article: 309799 - This step-by-step article describes how to prevent users from changing their password except when they are required to do so. Centralized control of user passwords is a cornerstone of a well-crafted Windows 2000 Security scheme.
How to Prevent a User from Changing the User Profile Type
Microsoft Knowledge Base Article: 150919 - If roaming user profiles are used with Windows NT 4.0 systems, system administrators may wish to not allow users to change the profile type to local. To do this, remove the read permission from the %systemroot%\System32\Sysdm.cpl file for the users or groups that should not be able to modify profile settings. This removes the System icon from Control Panel. As a result, those users cannot change system settings.
How to Prevent Windows 2000 Users from Changing Personal Detail Information
Microsoft Knowledge Base Article: 292304 - This article describes how you can prevent a user from changing your personal detail information on Windows
2000.
Limiting a User's Concurrent Connections in Windows 2000 and Windows NT 4.0
Microsoft Knowledge Base Article: 237282 - Describes how to limit concurrent connections for all users in a Windows 2000 or Windows NT 4.0 environment.
Account Lockout Is Not Audited for Local/SAM User Accounts
Microsoft Knowledge Base Article: 314786 - If a local Security Accounts Manager (SAM) account on a workstation or server (either a workgroup or domain member) is automatically locked because the bad password count passes the threshold, the event is not audited even if auditing is
turned on
|
