| Administration
Creating User and
Group Reports in Windows NT
Microsoft Knowledge Base Article: 137848 - There
are no graphical or command line utilities that
produce comprehensive reports on groups, users
and permissions included with the Windows NT
Operating System or the Windows NT Resource
Kit. The NET commands and the Windows NT 3.5
Resource Kit ADDUSERS.EXE and PERMS.EXE utilities
can be used to create limited administrative
reports by piping the output to a text file.
HOW TO: Assign a
Home Directory to a User
Microsoft Knowledge Base Article: 320043 - This
step-by-step article describes how to assign
a home directory to a user by using the Active
Directory Users and Computers MMC, the Computer
Management MMC, a logon script, or the command
line.
HOW TO: Change a
User Name in a Domain in Windows 2000
Microsoft Knowledge Base Article: 323000 - This
step-by-step article describes how to change
a user name in Windows 2000 Active Directory.
How
to Determine the Currently Logged on User with
Windows NT 4.0 and Windows 2000
Microsoft Knowledge Base Article: 156694
- In Windows NT Server version 3. x , you can
use the title bar of Program Manager to determine
the name of the currently logged-on user. This
information is not immediately available in
Windows NT Server 4.0, but you can obtain it
by using one of the...
How to Display and
Administer All Users in Active Directory
Microsoft Knowledge Base Article: 237548 - An
administrator may want to generate a list of
users in Active Directory. Once the users are
displayed, the administrator can select multiple
accounts to administer.
How to Generate a
List of Users
Microsoft Knowledge Base Article: 149781 - The
User Manager application does not provide a
method for generating a list of user accounts
for a Microsoft Windows NT server or domain.
How to Modify the
Right to Display Users in User Manager
Microsoft Knowledge Base Article: 180782 - When
you use the User Manager tool on a computer
running Windows NT, domain users or Guest account
users may be able to display the list of user
accounts and group accounts. This article describes
how to use the Listacct.exe tool to modify
HOW TO: Rename the
Administrator and Guest Account in Windows 2000
Microsoft Knowledge Base Article: 320053 - This
step-by-step article describes how to change
the administrator account and guest account
names by using Group Policy.
HOW TO: Restore a
User Profile in Windows 2000
Microsoft Knowledge Base Article: 314045 - This
step-by-step article describes how to restore
a user profile as well as the following user
profile items:
Installing Usrmgr.exe
and Srvmgr.exe in Windows 2000 Professional
Microsoft Knowledge Base Article: 237995 - Microsoft
Windows NT 4.0 domain controllers (DCs) cannot
be fully administered from Windows 2000 Professional
workstations without Usrmgr.exe and Srvmgr.exe.
These services are not provided on Windows 2000
Professional workstations.
Redirecting the My
Documents Folder for All Users in Windows 2000
Microsoft Knowledge Base Article You can use
Group Policy to redirect the My Documents folder
to a different network path on the domain for
all users without having to set up an individual
policy for each user.
Using Usrmgr.exe
with Windows 2000 Terminal Services on Windows
NT 4.0 Domain
Microsoft Knowledge Base Article: 261099 - This
article describes how to use User Manager in
Windows 2000 to gain access to additional user
properties that are available for use with Terminal
Services in a Windows NT 4.0-based domain.
Usrmgr
Not Just for Domains
Use User Manager for Domains to manage workstation
and member server accounts. Source: Windows
& .NET Magazine (August 2002)
Creating Accounts
AddUsers Automates
Creation of a Large Number of Users
Microsoft Knowledge Base Article: 199878 - The
Addusers.exe tool for Windows NT is a 32-bit
administrative utility that uses a comma-delimited
text file to create, modify, and delete user
accounts. Addusers is most beneficial when the
information to be manipulated is maintained
in a spreadsheet, such as one created with Microsoft
Excel, that can be converted to a comma-delimited
file. You must be a member of the Administrators
group on the target computer to add accounts
and a member of the Users group to write to
accounts.
Basic User Account
Creation with ADSI Scripting
Microsoft Knowledge Base Article: 230750 - The
Active Directory Services Interface (ADSI) tool
provides a single consistent set of interfaces
that can be called in scripts using the Microsoft
Windows Script Host, or other scripting languages
(VBScript and JScript are supported natively).
Creating a Workstation
only Administrator
Microsoft Knowledge Base Article: 125782 - Describes
how to add a pseudo-administrative account to
a domain to allow a user to administer and maintain
Windows NT workstations but not servers.
Configuring Accounts
Batch Process to
Create and Grant Access to Home Directories
Microsoft Knowledge Base Article: 155449 - When
administrators need to create large numbers
of users and corresponding home directories,
the task can be simplified by using a batch
process rather than creating each home directory
individually through Windows NT File Manager
or Windows
How to Add a Master
Domain Administrator Account to the Local Administrators
Group of a Resource Workstation
Microsoft Knowledge Base Article: 297307 - This
article describes how to add a master domain
Administrator account to the local Administrators
group on a workstation in a resource domain.
How to Allow Normal
Users Temporary Access to Local Administrator
Tasks
Microsoft Knowledge Base Article: 231270
- Describes how to let normal users perform
a task or run a program on their computers that
requires administrative privileges without changing
the users' current security settings.
HOW TO: Configure
User and Group Access on a Windows NT 4.0-Based
or Windows 2000-Based Intranet
Microsoft Knowledge Base Article: 300985 - The
World Wide Web (WWW) and FTP services that are
included with Microsoft Internet Information
Server and Microsoft Internet Information Services
are fully integrated with Windows 2000 user
accounts and file access permissions.
HOW TO: Configure
a User Account to Log on to Windows 2000-Based
Computer from a NetWare Client
Microsoft Knowledge Base Article: 316100 - This
step-by-step article describes how to configure
a domain user account so that it can log on
to a Windows 2000 Server-based computer (on
which File and Print services for NetWare is
installed) from a NetWare client computer. After
you do so, the user account will be able to
access resources on this server from a NetWare
client computer.
How to Create User
Shares for All Users in a Domain with ADSI
Microsoft Knowledge Base Article: 234746 - This
article contains a sample script that demonstrates
how to create user folders and share them for
each user in the domain in which you are logged
on.
HOW TO: Delegate
Administrative Authority in Windows 2000
Microsoft Knowledge Base Article: 315676 - This
step-by-step article describes how to delegate
administrative authority in Windows 2000. An
administrator can use this feature in Windows
2000 to delegate administrative authority over
one or more organizational units (OUs) to a
user or group, without giving that user or group
administrative authority throughout the domain.
This increases the flexibility with which administrators
can assign responsibility over a specified set
of user/group accounts, printers, or other resources
that can be placed into an organizational unit.
How To Delegate the
Unlock Account Right
Microsoft Knowledge Base Article: 294952 - This
article describes the process to delegate the
right to unlock locked user accounts to a particular
group or user in Active Directory.
How to Enable Automatic
Logon in Windows NT/2000
Microsoft Knowledge Base Article: 97597 - Windows
NT allows you to automate the logon process
by storing your password and other pertinent
information in the Registry database.
How to Enable User
Environment Event Logging in Windows 2000
Microsoft Knowledge Base Article: 186454 - This
article describes how to enable the user environment
event logging features available in Windows
2000.
How the Local User
Accounts Are Handled When a Server Is Promoted
to a Domain Controller
Microsoft Knowledge Base Article: 296561 - This
article describes how local user accounts are
handled when a server is promoted to a domain
controller.
How to Run Programs
Automatically When a User Logs On
Microsoft Knowledge Base Article: 240791 -
Describes how to use group policies in Windows
2000 to configure a program to run automatically
when a user logs on.
How to Set User Rights
in Windows 2000
Microsoft Knowledge Base Article: 220019 - This
article describes how to set user rights in
Windows 2000.
Limiting a User's
Concurrent Connections in Windows 2000 and Windows
NT 4.0
Microsoft Knowledge Base Article: 237282 - Describes
how to limit concurrent connections for all
users in a Windows 2000 or Windows NT 4.0 environment.
User Rights
Windows NT Magazine article assigning or removing
rights to customize your network, by Michael
Reilly.
Group Membership
Group Type and Scope
Usage in Windows 2000
Microsoft Knowledge Base Article: 231273 - Microsoft
Windows 2000 extends the Microsoft Windows NT
4.0 concept of user groups by adding Universal
and Distribution groups. In Windows NT 4.0,
there are only Global and Local groups, and
both are considered Security groups.
How to Add Special
Groups to Built-In Groups
Microsoft Knowledge Base Article: 292781
- If you, as the administrator, delete one of
the memberships of a special group, such as
Authenticated Users, from a Built-in Domain
Local Users group on a domain controller in
Windows 2000, you cannot re-add the group by
using the Active Directory Users and Computers
tool. To add one of the special groups to a
domain local group on a domain controller, use
the net localgroup command.
HOW TO: Add Users
to the Pre-Windows 2000 Compatible Access Group
Microsoft Knowledge Base Article: 303973 - This
step-by-step article describes how the Pre-Windows
2000 Compatible Access group is used, why it
is needed in a mixed-mode domain, and how to
set up the group up by using the Active Directory
Users and Computers snap-in and command line
Profiles
Differences in the
User Profiles of Windows 95, Windows 98, Windows
NT, and Windows 2000
Microsoft Knowledge Base Article: 269378 - Microsoft
Windows 95, Windows 98, Windows NT and Windows
2000 all contain and support user profiles and
in many respects, they behave the same. However,
there are some differences. These differences
may cause a Windows 95 or Windows 98 user
profile to not be used or transferred to a Windows
NT 4.x or Windows 2000 user profile with
the exception of Windows 95 and Windows 98 clients
that have been upgraded to Windows 2000 Professional.
In this case, their user profile are converted.
Differences in the
User Profiles in Windows
Microsoft Knowledge Base Article: 269378 - Windows
95, Windows 98, Windows NT and Windows 2000
contain and support user profiles, and in many
respects, they behave the same. However, there
are some differences. These differences may
prevent a Windows 95 or Windows 98 user profile
from being used or transferred to a Windows
NT 4. x or Windows 2000 user profile
with the exception of Windows 95 and Windows
98 clients that have been upgraded to Windows
2000 Professional. In this case, their user
profile are converted.
Duplicating User
Profiles in Windows 2000
Microsoft Knowledge Base Article: 255095 - This
article describes how to duplicate user profiles
in Microsoft Windows 2000.
How to Assign a Logon
Script to a Profile for a Local User
Microsoft Knowledge Base Article: 258286 - This
article describes how to assign a logon script
to a profile for a local user's account on a
Windows 2000 Professional workstation or a Windows
2000 Server. This logon script runs when the
local user logs on locally to the computer.
How to Assign the
Administrator Profile to Other Users
Microsoft Knowledge Base Article: 156568 - In
Windows NT 4.0 and in Windows 2000, if you log
on as an administrator and make some changes
to your desktop, such as moving the taskbar,
creating a shortcut, or installing software,
and then log off and log on again as another
user who has equivalent access right as administrator,
you will find that all the changes made by the
administrator are not available.
HOW TO: Assign a
Mandatory User Profile in Windows 2000
Microsoft Knowledge Base Article: 323368 - This
step-by-step article describes how to assign
a mandatory user profile for Windows 2000-based
client computers in a Windows 2000 domain.
HOW TO: Change the
Default Location of User Profiles and Program
Settings
Microsoft Knowledge Base Article: 322014 - This
article describes how to move a user's Documents
and Settings folder.
HOW
TO: Configure Client User Profile Information
for a Roaming User on Windows 2000
Microsoft Knowledge Base Article: 307964 - Roaming
users move between different computers on a
network. This article describes the procedures
that you have to use to enable and configure
profile information for each of the roaming
users in your organization. This article assumes
the operating system on your primary domain
controller (PDC) is Windows 2000
How to Create and
Copy Roaming User Profiles in Windows NT 4.0
and Windows 2000
Microsoft Knowledge Base Article: 142682 - On
occasions, it may be necessary for an administrator
to copy a defined User Profile to a number of
Users, which will present each of them with
an identical initial profile for their first
logon, which they will then be able to modify
as required.
HOW TO: Create a
Custom Default User Profile
Microsoft Knowledge Base Article: 305709 - This
article describes how to create a custom default
user profile in Windows 2000. A custom default
user profile is helpful if several people use
the same computer but each user wants a separate
profile along with access to shared resource.
HOW TO: Create a
Roaming User Profile
Microsoft Knowledge Base Article: 302082 - This
step-by-step article describes how to create
a roaming user profile. Roaming user profiles
provide the user with the same working environment,
no matter which Microsoft Windows NT-based computer
to which the user logs on.
HOW TO: Delete a
User Profile
Microsoft Knowledge Base Article: 313918 - This
step-by-step article describes how to delete
a user profile from a local computer. If you
use this method, you delete the %SystemRoot%\Documents
and Settings.
How to Move the Location
of a Locally Cached Profile
Microsoft Knowledge Base Article: 214470 - By
default, the locally cached copy of a profile
is stored in %SystemRoot%\Profiles\, which may
be an issue if you have a large number of people
logging on to a computer. If you have a large
number of people logging on to a computer (which
creates a large number of profiles), disk space
on the operating system partition may become
scarce. You can move the locally cached copy
of a profile to another local partition
How to Migrate User
Profiles to Windows 2000
Microsoft Knowledge Base Article: 234548 - This
article describes how to migrate your user profile
settings in Microsoft Windows 95/98 when you
upgrade to Windows 2000.
How to Prevent a
User from Changing the User Profile Type
Microsoft Knowledge Base Article: 150919 - If
roaming user profiles are used with Windows
NT 4.0 systems, system administrators may wish
to not allow users to change the profile type
to local. To do this, remove the read permission
from the %systemroot%\System32\Sysdm.cpl file
for the users or groups that should not be able
to modify profile settings. This removes the
System icon from Control Panel. As a result,
those users cannot change system settings.
HOW TO: Prevent Folders
from Roaming with a Profile in Windows 2000
Microsoft Knowledge Base Article: 315415 - This
step-by-step article describes how to use a
group policy to prevent specific folders that
are contained in a roaming-user profile from
being copied to the server.
HOW TO: Restore a
User Profile
Microsoft Knowledge Base Article: 314045 - This
step-by-step article describes how to restore
a user profile as well as the following user
profile items:
How to Use %LOGONSERVER%
to Distribute User Profiles
Microsoft Knowledge Base Article: 141714 - If
you want to specify a domain server that validates
a user logon, use the environment variable %LOGONSERVER%
in a PATH statement. This article describes
how you can use %LOGONSERVER% to distribute
user profiles.
How to Use Windows
95 and Windows 98 Roaming User Profiles with
Windows 2000 Server
Microsoft Knowledge Base Article: 264866 - Windows
95 and Windows 98 clients support the use of
roaming user profiles; however, they behave
differently from the user profiles found in
Windows NT 4 and Windows 2000. This article
explains how to implement roaming user profiles
for Windows 95 and Windows 98 clients connecting
to a computer running Windows 2000 Server
Roaming Profile Creation
in Windows Using the "Copy To" Command
Microsoft Knowledge Base Article: 243420 - Roaming
profiles contain user work environments, which
include the desktop items and settings. Some
examples of these environments are screen colors,
mouse settings, window size and position, and
network and printer connections. Roaming profiles...
User Profile FAQ
From the Microsoft Support Center.
User Profile Storage
in Windows 2000
Microsoft Knowledge Base Article: 228445 - The
naming convention for user profile folders in
Windows 2000 is different from that used in
Microsoft Windows NT 4.0 and earlier versions.
This article describes the location for user
profile folders and how subfolders are created
for individual user profiles.
WebCast: User Profiles
in Microsoft Windows 2000 
Level:200 This presentation describes the changes
and enhancements included in roaming user profiles
in Windows 2000.
Security
14 Day Password Change
Notification Cannot be Changed
Microsoft Knowledge Base Article: 135403 - In
Windows NT 3.x, when your password is 14 days
from expiration, you receive a Password Change
Notification when logging on requesting you
to change your password. If the Maximum Password
Age is set to 30 days, you receive the notice
when your password is only half way through
its life span. Although you may wish to change
the advance time of the reminder, the Password
Change Notification is hard coded at 14 days
in Windows NT 3.x and is not configurable. In
Windows NT 4.0, a new registry parameter is
available to allow administrators to configure
the number of days at which the Password Change
Notification is presented. The implementation
of this new parameter requires that the registry
change be made on the client computer.
Behavior of SAM Account
Names and UPN Suffixes Containing At Signs
Microsoft Knowledge Base Article: 276424 - If
you create a user whose Security Accounts Manager
(SAM) account name contains the at sign (@),
or if you specify a User Principal Name (UPN)
suffix which contains the at sign, you may encounter
unexpected behavior.
How to Enable User
Environment Event Logging in Windows 2000
Microsoft Knowledge Base Article: 186454 - This
article describes how to enable the user environment
event logging features available in Windows
2000.
HOW TO: Monitor for
Unauthorized User Access
Microsoft Knowledge Base Article: 300958 - This
article describes how to monitor your system
for unauthorized user access. There are two
main steps: Enabling security auditing and viewing
the security logs. Note that different systems
have different security needs, and the security
topic is complex. Any user who sets up security
audits on your system must be assigned to administrative
groups or be given security rights and privileges.
HOW TO: Prevent Users
From Changing a Password Except When Required
in Windows 2000 Microsoft Knowledge
Base Article: 309799 - This step-by-step article
describes how to prevent users from changing
their password except when they are required
to do so. Centralized control of user passwords
is a cornerstone of a well-crafted Windows 2000
Security scheme.
How to Prevent a
User from Changing the User Profile Type
Microsoft Knowledge Base Article: 150919 - If
roaming user profiles are used with Windows
NT 4.0 systems, system administrators may wish
to not allow users to change the profile type
to local. To do this, remove the read permission
from the %systemroot%\System32\Sysdm.cpl file
for the users or groups that should not be able
to modify profile settings. This removes the
System icon from Control Panel. As a result,
those users cannot change system settings.
How to Prevent Windows
2000 Users from Changing Personal Detail Information
Microsoft Knowledge Base Article: 292304 - This
article describes how you can prevent a user
from changing your personal detail information
on Windows 2000.
Limiting a User's
Concurrent Connections in Windows 2000 and Windows
NT 4.0
Microsoft Knowledge Base Article: 237282 - Describes
how to limit concurrent connections for all
users in a Windows 2000 or Windows NT 4.0 environment.
Account Lockout Is
Not Audited for Local/SAM User Accounts
Microsoft Knowledge Base Article: 314786 - If
a local Security Accounts Manager (SAM) account
on a workstation or server (either a workgroup
or domain member) is automatically locked because
the bad password count passes the threshold,
the event is not audited even if auditing is
turned on |
