This article was previously published under Q150919
If roaming user profiles are used with Windows NT 4.0 systems, systemadministrators may wish to not allow users to change the profile type tolocal. To do this, remove the read permission from the%systemroot%\System32\Sysdm.cpl file for the users or groups that shouldnot be able to modify profile settings. This removes the System icon fromControl Panel. As a result, those users cannot change system settings.
NOTE: The Windows NT 4.0 system has to be installed on an NTFS partition tobe able to set file permissions.
User profile settings are stored in the registry under the followingregistry key:
For every user ever logged on to a Windows NT 4.0 system there is a subkeynamed after the security ID (SID) of that user where the actual values arestored. The user profile type is stored in the State value under the userssubkey. Setting this value using system policies is possible but it doesnot prevent the System icon from Control Panel from appearing and thereforethe user can change the profile type once logged on. Another disadvantageof changing the profile type in the registry is that you must ensure thatyou change the value in the subkey associated with the user. This impliesthat you must find the appropriate SID for the user.