A question about NT Domains

Bruce Cook BC3-AU at bigfoot.com
Sat Apr 11 07:09:57 GMT 1998

Luke Kenneth Casson Leighton writes:
 > On Fri, 10 Apr 1998, Jean-Francois Micouleau wrote:
 > > On Fri, 10 Apr 1998, Luke Kenneth Casson Leighton wrote:
 > > 
 > > > ah, then i need to explain better.  two or more users have identical
 > > > profiles.  say only one user installs a program which adds additional keys
 > > > into the registry.  those keys, as i understand it, will *not* be removed
 > > > from HKEY_LOCAL_USER when subsequent users log in.
 > > 
 > > under W95 or NT ?
 > my experience is with Win95, but i expect the same for NT, and have been
 > told that it is so by someone who runs NT admin training courses.
 > > and why do you want to have one profile shared between multiples users ?
 > you don't.  how did you get that impression?  i said multiple users with
 > identical profiles, not multiple users sharing one profile.

In my experience with both Win95 and NT, is that the HKEY_LOCAL_USER information
is stored in USER.dat or NTuser.DAT for NT.  ALL of this branch is in this file
and there is no overlap between any two users (Unless you have '95 set up
to use a single common profile).

The HKEY_LOCAL_MACHINE branch is machine based, and shared by all users of that

[And now for a whole stack of caviets]

1. User start menu paths are not stored in the registry (obviously) they're
   a directory structure that located by settings in HKEY_LOCAL_USER.

   If you want start menues / desktop / favorites to be individual to a user
   you must set up your user registry so these can be located individually.
   The easiest tool to manage this is the policy editor.
2. When you log onto 'Doze 95, it has to find the user registry.

   If you have specified a common profile, a "default user" USER.DAT is used.

   If you have specified individualised profiles, then USER.DAT will be found
   by the following formula:
	1. if NET USE x: /HOME was used at startup, try for x:\USER.DAT (where
	   x: is any drive letter from A to Z.
	   if no USER.DAT is found go to step 3
	2. if no home is specified in a mapping,
	   ...\windows\profiles\username\USER.DAT is used. If no USER.DAT exists
	   go to step 3.
	3. If neither of the previous two found a USER.DAT, then it will use
	   a prototype USER.DAT which it will later save to the above specified
	   path when the user logs out.

	   The interesting thing here is that the prototype USER.DAT used here is
	   actually a copy of the last USER.DAT used on this machine.  (This may
	   be the effect that the original poster is seeing)

	4. As discussed above the start menu and desktop are specified in the
	   registry contained within USER.DAT.  When a new USER.DAT is created
	   from a prototype, new directories are created for the start menu and

	   So if the prototype USER.DAT says that start menu is in H:\Start Menu
	   but programs folder is C:\windows\start menu\programs, then the
	   H:\start menu will be created, and the existing machine programs
	   folder used.

	   This means that is is important when creating roving profiles to get
	   your prototype USER.DAT and general user directory structure set up
	   exactly as you want it, and then make a copy of it that you know will
	   be safe from modification.  When creating a new user you then copy
	   this prototype into the new user area, so that the new user doesn't
	   just inherit what the previous user had.

3. When you log onto 'Doze NT, it has to find the user registry.

   NT is easier to see what's going on, but follows much the same rules as
   '95.  The big difference being that 'NT gets it's profile location from
   the login server when it's logged in. (On an NT system have a look at user
   manager/user/profile - you will see that you can specify the user profile path)
   Under NT3.51 this profile path was a path to NTuser.DAT, on 4.0 this seems
   to be a path to a directory structure (haven't played with many NT4 servers)

   I'm not sure how this works in samba, as I haven't yet tried the NT_DOM stuff
   yet (Luke: I assume you have a keyword for this?)

   When an NT system find a user without a NTuser.DAT, it copies from a prototype
   that it stores especially for this purpose, so while unlike '95 the user
   doesn't get whatever happened last on the machine, the user will get a fairly
   minimalist configuration.

4. There are a *LOT* of reasons that the 'doze machine might not find USER.DAT
   and therefore default to a prototype.
	1. Can't execute logon script & therefore no /HOME mapping (Most common)
	   .Make sure the script exists
	   .that you have your logon script set right
	   .Netlogon share must exist
	   .Protection/ownership of the script and share
	2. no /HOME mapping in the logon script
	3. no home path specified in /etc/smb.conf (Or no home mapping set
	   up for that user in NT's user manager)
	3. Protection/ownership of the user directory
	4. protection/ownership of USER.DAT
	5. basic networking problems
	   .Is the networking available (Test it by manually mapping
		to both the user share and netlogon share)
	   .Was the networking working during logon ?
	6. Has it defaulted to a prototype, and then had you map the home
	   directory afterwards ? - This will result in the bad prototype
	   being written into the users home, and them being stuck with it,
	   (Just replace USER.DAT again)

5. Interesting NOTE

	When '95 is performing the logon script, the HKEY_LOCAL_USERS has
	NOT been mapped from the USER.DAT. What has been mapped at this stage
	is the prototype registry (last one used).

	I assume the reason for this is that '95 is waiting for the logon
	script to complete so that it can identify where the user's home
	directory is.

	If at this point you attempt to do anything that uses the USER registry,
	(installing something for example or reading something from the user
	registry) you will actually be operating on the machine stored prototype
	profile not the user profile.  This means that nothing will realy
	happen to the user setup (No menu items, no settings etc).

	To get around this you can name a process in the "run once" entries in
	the HKEY_LOCAL_MACHINE branch, and these "run once" processes will be
	executed once the USER.DAT is loaded, and all the user directories are

To sum up:

	is the key to getting your user profiles loaded from a server.
	NET USE H: \\server\homes
	Won't get it right without a lot of stuffing about.
	Windoze '95 goes through a lot to bring you your user profile and
	if anything goes wrong during this process, it will drop back to
	using whatever profile was last used on the machine.
	I use too many commas.

(Maybe somebody could put some of this into a userprofiles.txt in samba's doc/ area)

More information about the samba-ntdom mailing list