How to Prevent a User from Changing the User Profile Type

This article was previously published under Q150919
This article has been archived. It is offered "as is" and will no longer be updated.
If roaming user profiles are used with Windows NT 4.0 systems, systemadministrators may wish to not allow users to change the profile type tolocal. To do this, remove the read permission from the%systemroot%\System32\Sysdm.cpl file for the users or groups that shouldnot be able to modify profile settings. This removes the System icon fromControl Panel. As a result, those users cannot change system settings.

NOTE: The Windows NT 4.0 system has to be installed on an NTFS partition tobe able to set file permissions.
User profile settings are stored in the registry under the followingregistry key:

   HKEY_LOCAL_MACHINE\Software\Microsoft\Windows      NT\CurrentVersion\ProfileList				

For every user ever logged on to a Windows NT 4.0 system there is a subkeynamed after the security ID (SID) of that user where the actual values arestored. The user profile type is stored in the State value under the userssubkey. Setting this value using system policies is possible but it doesnot prevent the System icon from Control Panel from appearing and thereforethe user can change the profile type once logged on. Another disadvantageof changing the profile type in the registry is that you must ensure thatyou change the value in the subkey associated with the user. This impliesthat you must find the appropriate SID for the user.

Article ID: 150919 - Last Review: 12/04/2015 14:41:20 - Revision: 2.2

Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Professional Edition, Microsoft Windows NT Workstation 4.0 Developer Edition, Microsoft Windows NT Server 4.0 Standard Edition

  • kbnosurvey kbarchive kbinfo kbui KB150919