User management for Win2000 Advanced server

server| User Management

In a LAN with Windows Advanced server operating system, the control of objects in the domain, especially for users, is absolutely important. This article describes the user management "Sanbang" for Windows Advanced Server, which is: Configuration files, folder redirection, and Administrative Templates.
Configuration file
The user's desktop, display, network, printer, mouse, and other items are set up by user profile management. The configuration file is divided into the following three categories:
1, local user profiles, usually located in the "C:documents and settings\%username%" path, the user can be arbitrary, not the control of the list.
2, Roaming user profile, which is set up for network domain logon users, is generally located in a server's shared folder, to ensure that users regardless of which pc from the domain login can get their favorite user environment.

3, the mandatory user profile, which is a roaming user profile based on the enhanced. To do this, enter the Administrative Tools Active Directory Users and Computers and enter a UNC path name such as "\servershare\%username" in the property profile of a user account (Figure 1). Of course, you should build a shared folder beforehand. So when you re logged in to the account, you'll see a file named "Ntuser.dat" under that path, which is a configuration file, but a bit shy (hidden attribute). They are very different, roaming configuration can be changed, you can save, and coercion must change the above file to "Ntuser.man", and although you can also modify the environment after the login, but only for this use, can not save, the next login is still "nephew dozen lanterns--as usual."
Folder Redirection

Folder Redirection is implemented in two steps.

1, the GPO settings

Windows Advanced Server has four items for redirection control, namely: Application Data, my Documents, desktop and Start menu four folders, which you can set separately. To redirect the Start menu For example, go to the Administrative Tools Active Directory Users and Computers, select OU attribute Group Policy edit User Configuration Windows Configuration Folder Redirection, (Figure 2). Right-click Properties to see the target and set two label items. Set the target item first, in the Settings box, select Basic, and target folder location is set to \servershare. The Set tab item is best selected to move the folder back to the local user profile location when the policy is deleted.

2. Shared folder security settings

The previous step only indicates the location of the folder redirection, but it does not have restrictive settings, and to do this, you must start with the NTFS security options. Locate the appropriate redirected shared folder, enter the "property security", only to "Everyone" to "Read Only" power, and to network management to "Full Control", so that, each domain user's "Start Menu" set right will be difficult to escape you this "Buddha's palm" (see Figure 3).

Administrative Templates
With Administrative Templates (Figure 4), the "document", "Shutdown", "Run," and "search" on the taskbar and Start menu are all in the balance of your thoughts. The desktop item can also be hidden, banned, banned, or even "eliminated" from all icons on the desktop. Some readers will say that you have the registry from Windows 95, and you can do this. But the intuitive non-registry of admin templates can be compared. Moreover, the registry is only for a particular user, and the administrative template is in an OU (an OU can put n users).

This "Sanbang" is Shengwei axe axe. However, Tang's Monk's magic spell is not always used. Like Folder redirection in the "My Documents" settings, its original intention is to facilitate users anytime and anywhere to master their own documents, if you just forced to it a "read-only", it is not the original intention of the contrary? In addition, you should be particularly "merciful" if someone really has the right autonomy for the job.