Configuring Windows 2000 for multiple users (on a single machine)

these notes are currently in development. eventually they should also cover configuring for multiple machines in a roaming user environment

version 0.9.17

you need to configure the operating system in a general manner and then pre-configure it so that each user will experience it the way you have defined. likewise applications need to be configured then pre-configured for each user
Applying these profiles across different computers
our limited experience of copying Windows profiles by hand (admittedly across different hardware) are just that when you login explorer.exe crashes, repeatedly

create TEMP-PARTITION-OR-FOLDER\'username'\application name\ for each application and each user
and set that application to use it from within it - the only way this differs with standalone NT is that you create each directory within a root directory named to that of each user and you do so for each user

you must do each of these for each user on the system

not all applications use TEMP for their temporary files (i.e. Mozilla) and it is these that present a problem. if they understand environment variables then probably you can pre-configure them to use TEMP, but, if like Mozilla, they don't recognise environment variables from within their pre-configuration routines you will have to copy a file over containing the user-specific temp directory manually each time a new profile of that application is created or new Windows profile

Note - from here on, this document moves into being just rough notes rather than actual succinct instructions...


Services that can be turned off, even in a networked environment
Services that can probably be turned off, even in a networked environment, but have some network functionality that you should check are not being used Services that can be turned off, that are required on a networked system, but not required on a stand-alone system
Services that can be turned off, but that you might want to be more cautious about until you know you definataly don't use them

there are various components for which non-administrative users will require upgraded permissions to use or to use effectively:

Remote Access Service (Dial-Up Networking)

Set boot menu delay to 1 second
Control Panel -> System -> Advanced -> Startup and Recovery -> System startup -> Display list of operating systems for [1] seconds

some application behaviour
- F-Prot saves everything (program/?workstation? and user settings) in HKLM - so its fine for multi-user single machine, but not multi-user roaming network


- Mozilla uses HKLM and HKEY_USERS but both just for program locations

- ZoneAlarm uses HKLM and stores a paltry amount in HKEY_USERS but only for the user that installed it - Bad!

- PowerArchiver saves only install directory in HKLM and user config in HKEY_USERS

- Java saves on a per user basis to %USERPROFILE%\.Java; uses HKLM and HKEY_USERS but HKEY_USERS looks empty

- Acrobat uses  HKLM and HKEY_USERS

- Pegasus stores user specific settings in its own file in the mail directory and creates a paltry amount of information (username, program directory location) in HKEY_USERS

- OpenOffice is free from registry settings (tho it does make some, theyre ignorable)

is there an efficient way to configure a DEFAULT USER account and copy its settings to All Users for use by everyone? in NT4 you'd do this with Group Policies, do they still exist or have they been replaced by Active Directory? there are still .pol files around indicating that policies are being used like they were in NT4 (in All Users)

there would be various groups of settings for an account:
settings for TMP and TEMP?

group policy

Start Menu


application settings are dealt with by each application
atleast I think most are, what about Java for instance?


Security Settings
control panel -> Local Security Policy

control panel -> users and groups -> you can define which of a pre-defined group a user is a member of

All Users probly is an overlay for look and feel
where-as Default User is what each account is actually a copy of, and thus it contains things like an empty 'Cookies' directory that enables that directory to be created in the first place (apart from NTUSER.DAT or NTUSER.POL files)

worth a look

Microsoft's instructions for using a different drive for the 'documents and settings' folder:
"Specify a different folder for the "Documents and Settings" folder during installation:

  1. Use the /UNATTEND switch with Winnt.exe or Winnt32.exe and insert the following entry into the Unattend.txt file, where z:\foldername is the path and folder name you want:
  2. [GuiUNattended]
    ProfilesDir = z:\foldername
  3. Install Windows. The path you included in the Unattend.txt file is used instead of the default "Documents and Settings" folder:  winnt /u:a:\unattend.txt or use the boot disk I've made"
however... I had problems... I had to create a boot disk , so as to specify the command line above and have the UNATTEND.TXT file, and have a FAT32 formatted drive for the installation to use for swap space (I alreqady had NTFS drives C thru to H partitioned). I then installed without using a CD cache (SMARTDRV), so it took ages, but also had trtouble reading some files from the disk.
failing that method, set as many things as appropriate to point elsewhere:
there are further instructions for manually moving 'documents and settings' but for now we're passing them off as too complicated until we find there's no other efficient way of doing it

do any registry settings for non multi user environment applications that use HKEY_CURRENT_USER need moving from the user that installed's registry area to other users'?

(i.e. any that use the registry in place of the profile for per-user settings, or, if they use the registry, save to a place that will get copied to each new users' registry)
(the way around this is to configure each application whilst logged in as each user, or copy the settings from one HKEY_USERS location to another. unless they automatically create the HKEY_USERS settings when you run the app for the first time as that user)
(the best thing is for applications to be saving user data to %USERPROFILE% so that user config doesn't have to be made from each particular workstation (I should write a set of guidelines for this) instead just the once and from anywhere, and which allows people to do OS-level roaming. which leaves workstation-specific registry settings, which more applciations do, pointing to where the program lives.)
(which s/w auto registers to any HKEY_USERS that exist on the system? and which just to that which is logged in whilst installing?)
template should include:
- HKEY_USERS - and then sub parts for differing ways of creating doing HKEY_USERS (on first install only or subsequent runs). ?and does it store preferences in here?
- %USERPROFILE%? (does it store user data here or program location data here too?)

for OS-level roaming user environment, if preferences stored in %USERPROFILE% then only needs configuring the once and from anywhere. if stores prefs in HKEY_USERS then must be re-configured at each workstation. if uses HKLM then will need installing from each workstation?
however, apps may re-create HKLM and HKEY_USERS when run for the first time on a workstation.
some apps will store everything in %USERPROFILE% whilst others will use a conbination of that and the registry)

an app can be written to work with multiple users on the same machine, or furthermore written to work with multiple users on a roaming network environment
bad behaviour is an app that stores settings in its or Windows' program directory, as you'd then have to give the User Group EVERYONE write access to there, which is poor security; but can be worked around by a user pref that allows using a pref file in a different location

may need to amend TEMPLATE.HTML to take these things into account

for software that doesn't have per user settings, you don't want to set temp to a per user cache, instead use TEMP\application name\

a next step is learning how to pre-configure these applications, and then offering downloadable file of same from the 'our info' page

"Users can customize Office 2000 to a greater extent than ever before. These customizations fall into two categories:
Configuration: customizing which Office applications are installed and available for use on the computer
Preference: personalizing settings for installed applications

The first of these categories, configuration, can be controlled for the computer or for each user of the computer. In either case, no matter how many users, you have only one set of Office 2000 files for each computer. The second category, preferences, can be controlled on a per-user basis. In other words, each user of the computer can store different personalized settings for the applications on the computer.
The personalized settings are stored in each user’s Application Data folder and in the HKEY_CURRENT_USER key in the Windows® registry, which are in turn part of each user’s profile. A user profile stores both personalized settings for Office 2000 as well as customized settings for the operating system, such as the desktop environment or network and printer connections. The user profile can also contain a unique Start menu for the user, so the user sees only the applications available to that user."

time to install Windows 2000 (with formatting one 1.5GB partition): 35mins