How to Prevent a User from Changing the User Profile Type

 Last reviewed: May 30, 1997
Article ID: Q150919
The information in this article applies to:
  • Microsoft Windows NT Workstation version 4.0
  • Microsoft Windows NT Server version 4.0

SUMMARY

If roaming user profiles are used with Windows NT 4.0 systems, system administrators may wish to not allow users to change the profile type to local. To do this, remove the read permission from the %systemroot%\System32\Sysdm.cpl file for the users or groups that should not be able to modify profile settings. This removes the System icon from Control Panel. As a result, those users cannot change system settings.

NOTE: The Windows NT 4.0 system has to be installed on an NTFS partition to be able to set file permissions.

MORE INFORMATION

User profile settings are stored in the registry under the following registry key: 

   HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
      NT\CurrentVersion\ProfileList
For every user ever logged on to a Windows NT 4.0 system there is a subkey named after the security ID (SID) of that user where the actual values are stored. The user profile type is stored in the State value under the users subkey. Setting this value using system policies is possible but it does not prevent the System icon from Control Panel from appearing and therefore the user can change the profile type once logged on. Another disadvantage of changing the profile type in the registry is that you must ensure that you change the value in the subkey associated with the user. This implies that you must find the appropriate SID for the user.

Additional query words: 4.00 prodnt
Keywords : kbui ntdomain ntsecurity NTSrvWkst kbfix1.00.sp2
Version : 4.0
Platform : winnt
Issue type : kbinfo
Resolution Type : kbworkaround

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: May 30, 1997
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.