Windows 9x Users and Profiles are most useful in an environment where there will be multiple users of the same computer. This environment exists in both homes and at the workplace. The following information will concentrate on the business enviroment.

     To begin with, a user profile has multiple components. This array varies from desktop backgrounds and display settings to saved passwords and folder options. When combined with System Policies, a user profile can restrict user access to the network, Control Panel, and other settings in which a user should not modify.

     When initially setting up a Windows 9x machine, you can specify whether you even want user profiles or to be bothered by a password. If you enter a generic username initially with a null or "blank" password, you will never be prompted for a username or password again (unless you makes some changes). For a system that does not have multiple "dedicated" users with special environment settings, not using profiles (other than the default) is most convenient.

     The default profile on a user profile enabled Windows 9x machine is the profile you are given when you hit the Cancel button instead of authenticating. You can setup this profile with some good default settings and new users will assume this base profile until they make their own modifications.

Domain Users and Policies

     A user profile on a networked workstation can have system security restrictions applied as well as the usual desktop backgrounds settings. On a Windows NT domain, a Windows 9x workstation can have System Policies applied from the domain controller which can vary from user to user based on the permissions a user needs. This is setup with the Policy Editor or poledit.exe. On a Windows 98 cdrom, you can find it in the 98 Resource Kit or RESKIT.

     A profile is applied from a domain controller through the "netlogon" share. The policy is named "config.pol". A Windows 9x machine that requires a Domain Logon will automatically look for this file in that share. This type of logon is configured in the Network applet under the properties of the Client for Microsoft Network client.

Windows looks for .POL files in the following order: Policy Editor

     The policy editor allows you to setup the CONFIG.POL file which contains all computer, group, and individual user policy settings. You should use a the Policy Editor supplied with Windows 98 or NT 4.0. The Windows 9x and NT 4.0 editors allow you to use multiple templates at the same time, the Windows 95 policy editor does not.

     The first step in building a poicy is to apply templates. A template is what gives you the registry changing options or policy options. Different templates have different purposes. There are templates provided with the Policy Editor which have many settings already configured. Templates vary from Windows Explorer options to Internet Explorer security zones. You cannot load a template while a Policy is open. You must first load the template(s) and the open a policy.

     The administration template provided with the Policy Editor for Windows 95 and 98 is ADMIN.ADM, and Windows NT 4 comes with WINDOWS.ADM, WINNT.ADM and COMMON.ADM. Windows 98 SE also has WINDOWS.ADM and SHELLM.ADM.

Policy Checkboxes:
     For Default Computer, checking "Remote Update" is critical to enabling the use of the config.pol file. If it is left cleared your policy file will only be downloaded once and thus will not be updated.

     If a user logs into the domain but does not have a specific user profile or group in which she belongs defined in CONFIG.POL, the user will assume the Default User profile. This profile's policy should have restrictive security configurations. The same concept is applied to the Default Computer policy. If you haven't defined a specific policy for a workstation, the workstation will take the Default Computer policy.