You are currently offline, waiting for your internet to reconnect

How to Prevent a User from Changing the User Profile Type

This article was previously published under Q150919
SUMMARY
If roaming user profiles are used with Windows NT 4.0 systems, systemadministrators may wish to not allow users to change the profile type tolocal. To do this, remove the read permission from the%systemroot%\System32\Sysdm.cpl file for the users or groups that shouldnot be able to modify profile settings. This removes the System icon fromControl Panel. As a result, those users cannot change system settings.

NOTE: The Windows NT 4.0 system has to be installed on an NTFS partition tobe able to set file permissions.
MORE INFORMATION
User profile settings are stored in the registry under the followingregistry key:

   HKEY_LOCAL_MACHINE\Software\Microsoft\Windows      NT\CurrentVersion\ProfileList				


For every user ever logged on to a Windows NT 4.0 system there is a subkeynamed after the security ID (SID) of that user where the actual values arestored. The user profile type is stored in the State value under the userssubkey. Setting this value using system policies is possible but it doesnot prevent the System icon from Control Panel from appearing and thereforethe user can change the profile type once logged on. Another disadvantageof changing the profile type in the registry is that you must ensure thatyou change the value in the subkey associated with the user. This impliesthat you must find the appropriate SID for the user.
prodnt
Properties

Article ID: 150919 - Last Review: 02/21/2007 01:09:11 - Revision: 2.2

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Windows NT Server 4.0 Standard Edition
  • kbinfo kbui KB150919
Feedback