by James Spann
Although Windows 98 has many powerful features for the desktop, some of its best features can be found in its networking capabilities. Whether you are connecting to a Windows NT network, a NetWare network, or just sharing files in a Windows 98 peer-to-peer network, Windows 98 has the capabilities you need built right in. This chapter shows you how to set up and configure your Windows 98 system as a secure network client that can participate in the network of your choice.
One of the first steps in configuring Windows 98 as a network client is to determine which type of network you will be connecting to so that you can add the appropriate client to the Network Properties. If you plan to connect to a Microsoft Windows NT network, you need to add the Client for Microsoft Networks to the Network Properties. For more information on that step, see "Configuring Network Properties" in Chapter 24, "Setting Up Windows 98 on a Peer-to-Peer Network." If you plan to connect to a Novell NetWare network, you need to add the Client for NetWare Networks to the Network Properties. For more information on that step, see "Configuring the Client for NetWare Networks" later in this chapter.
This chapter shows you how to configure the available options for the Microsoft Network client so that you can get the appropriate performance from your Windows 98 machine. If you configure your machine appropriately, you can provide some security for the information on your machine. You also can set up drive mappings to make the use of common programs easier and can share resources with other users on the network. This chapter also shows you how to define system policies for the user or users as well as how to set up roaming profiles using Windows NT.
To configure the Client for Microsoft Networks, you need to edit the properties by going to the Network properties dialog box. You can access the Network properties dialog box from the Control Panel or by using one of the handy features of Windows 98.
NOTE If you have not already added the Client for Microsoft Networks to the Network Properties, turn to "Configuring Network Properties" in Chapter 24 and do that now.
To access the Network properties dialog box, follow these steps:
NOTE You can also access the Network properties dialog box more easily by right-clicking the Network Neighborhood icon on the desktop and selecting Properties from the drop-down menu. If the Network Neighborhood icon is not on your desktop, more than likely, you have not yet configured any network clients. You have to follow the preceding method until you have added your network client.
FIG. 22.1 Use the Network
properties dialog box to change the Windows 98 network configuration.
To configure the Client for Microsoft Networks, you can either double-click the icon
or label for Client for Microsoft Networks, or you can click once on that item to
highlight it and then click the Properties button. If you are successful,
the next window that opens should look similar to the one in Figure 22.2.
FIG. 22.2 The Client for Microsoft
Networks Properties dialog box allows you to choose the settings for network drive
connections and Windows NT domain logons.
In Figure 22.2, you can see the two sections to the Client for Microsoft Networks
Properties dialog box: the Logon validation settings and the settings for Network
logon options. Take a look at the Logon validation settings first.
The first item in the Logon validation settings is the Log on to Windows
NT domain check box. If you decide to set up this workstation to log on to a Windows
NT domain, you can set additional security options for this workstation. A Windows
NT domain provides a secure database of user accounts and security settings. If you
have or will be creating a user account in a Windows NT domain, and you want to take
advantage of these additional security options, you should click once inside this
check box. Clicking places a check in the box to select the option; then you also
need to fill in the Windows NT domain box with the name of the domain in which
the user accounts are stored. After you have filled in these two items successfully,
your Client for Microsoft Networks Properties dialog box should look like the one
in Figure 22.3.
FIG. 22.3 Filling in the Client
for Microsoft Networks Properties dialog box establishes logon validation from a
Windows NT domain.
For your logon to be successful, you need to make sure that the Windows 98 workstation
is connected to the network correctly and that one of the domain controllers for
that domain is available to process logon requests. Additionally, you need to make
sure that the username and password you enter at the logon screen are valid entries
for the domain you will be logging on to. Now look at how the logon settings can
be customized.
The next area on the Client for Microsoft Network properties dialog box is the Network logon options (refer to Figure 22.2). Only two settings are possible in this area, so selecting one of them automatically deselects the other. The choice you have to make depends on how quickly you want Windows 98 to start. For the fastest startup, you should select the top option, Quick logon. This option does not attempt to reconnect the network drive connections you have previously established. The drive letters for these network connections will still appear in your drive listings, but the connection to the actual resource will not be established until you attempt to use that drive.
On the other hand, if you want to make sure that all your network drive connections are reestablished as Windows 98 starts, you should select the lower option, Logon and restore network connections. To give you an idea of what this option can do for you, let me first explain what network drive connections are.
If you want to use network resources, you can browse the network to see what is available by using the Network Neighborhood. Each window that you proceed through using Network Neighborhood refines your search until you find the resource you want. However, if you use some network resources frequently, going through two windows to get to those resources would probably be easier than going through 5, 10, or more windows.
One way to make sure that commonly used resources are only a step or two away is to set up a drive mapping to that resource. A drive mapping assigns a drive letter to a network resource such as a folder on another computer on the network. For example, drive L: might be mapped to a folder (directory) called FILES that is located on another computer. Another way to view this situation is to look at the L: drive mapping as though it were a pointer to a network resource. Instead of having to search for that resource every time you need it, you can click on drive L: and it will "point to" the resource. That way, when you need the files, you can open drive L: and have access to them rather than having to search the Network Neighborhood for them again.
Now that you have an idea what drive connections are, look at the two possible settings for the Logon and restore Network connections box. If you select the first option, Quick Logon, when you start Windows 98, your network connection is not reconnected. You still have a drive letter L:, but the actual connection to the other machine is not established yet. When you select drive L:, the connection is established at that point, and setting up the connection may take a few seconds.
If you select the other option, Logon and restore network connections, Windows 98 tries to establish all your drive connections as the machine boots up. Depending on how many drive mappings you have set up, this process can slow down your startup time by anywhere from a few seconds to several seconds. The option you select depends on your preferences.
After you have finished making your selections, click the OK button to go back to the Network properties dialog box. If you do not have any other changes to make in the Network properties dialog box, you can click the OK button to close the dialog box. If you have made any configuration changes, Windows 98 will most likely want to copy some additional files, and you will probably be prompted to restart your computer.
To make your Windows 98 resources available to other network users, you must first make sure that File and Printer Sharing for Microsoft Networks is one of the loaded services in your network configuration. To double-check this feature, right-click the Network Neighborhood icon and go to Properties. Scroll down through the list of the installed network components, and see whether File and Printer Sharing is one of the installed services. If it is not listed, follow these steps to add it:
Now that you have installed File and Printer Sharing for Microsoft Networks, you can share directories and printers with other users. The most secure way to do so is to use user-level security by having the users authenticated by a secure server such as a Windows NT machine or a NetWare server. User-level security cannot be set up using only Windows 98 machines. Because this section deals with Windows NT, these steps demonstrate how to set up user authentication using a Windows NT machine as the authentication device:
FIG. 22.4 You can change
user access levels on the Access Control tab.
To enable User-level access control, select the appropriate button and fill
in the blank titled Obtain list of users and groups from with the name of the Windows
NT machine that will house the user accounts. This machine is then used to verify
the correct login and passwords of all the users. After you make these settings,
you can start sharing files and printers with specific users and groups with various
levels of security.
To understand how much control you now have, look at the following example of how to set up user-level security for a shared folder.
To set up a shared folder and enable user-level access to it, find the folder
you want to share and right-click it. From the drop-down menu, select Sharing and
you then can make changes to the sharing properties for that folder. The first thing
you need to do is check the Shared As radio button. Then you need to fill in a share
name and a comment if necessary. Now you can add users to the list by clicking the
Add button and selecting the users to whom you would like to give Read Only, Full
Access, and Custom Access. Figure 22.5 shows an example of pulling up the user list
on the server to assign users and privileges.
FIG. 22.5 You can assign
access on the Add Users window.
If you give some users Custom Access, when you click OK, the Change Access Rights
window pops up, as shown in Figure 22.6, to let you configure the custom access for
those users.
FIG. 22.6 You can change
the access rights for custom access to Windows 98 in the Change Access Rights window.
After you have set up the custom rights, clicking OK takes you back to the sharing
properties window. From this window, you can now select individual users or groups
and modify their access privileges on a one-by-one basis if you like. The levels
of access you can assign for these users and groups include the following:
With this capability, you can assign very detailed levels of access to individual users or groups of users based on the user information that is contained on the NT machine. You can also customize each user's environment by setting up profiles for each user. The next section details how to set up and use user profiles in Windows 98.
Another feature of Windows 98 is the ability to create and modify user profiles.
A user profile is a complete set of parameters that identify a user's preferences
for things like desktop colors, shortcuts, and documents. To start using user profiles,
you must first create a user. To do so, go to the Control Panel and select the Users
icon. Depending on your current desktop configuration, you might need to double-click
the icon to run the Users applet. When you run the Users applet for the first time,
it starts the wizard that walks you through setting up a user account. Figure 22.7
shows the first dialog box the wizard presents you with.
FIG. 22.7 Running the
Users applet for the first time brings up the Enable Multi-user Settings dialog box.
Click Next to move to the next dialog box.
Follow these steps to complete the setup of user profiles:
FIG. 22.8 You can enter passwords in the Enter New Password dialog box to add a new user.
As you can see from Figure 22.9, the possible options each new user can personalize are as follow:
FIG. 22.9 In this wizard
dialog box, you can change the personalized items settings for multiuser setup.
For each one of the items that you select, Windows 98 makes a new instance of that
item and stores it in a new folder named whatever the new username is. For example,
if the new username is User1, then a new folder named User1 is created.
This new folder is stored in the Profiles folder that is normally located just below
the Windows folder (directory).
NOTE After adding your first new user, take a moment to browse the Windows\Profiles folder to see its contents and the contents of the new folder it contains. Browsing this folder will give you a little more insight as to how Windows 98 is keeping up with which user has which settings. Look for folders such as Desktop, Favorites, and Start Menu within the new user's folder. The folders present depend on the options you selected for this new user.
After you have decided which items this user will have customized settings for, you need to make one additional choice at the bottom of the Personalized Items Settings dialog box. As you can see from Figure 22.9, you now have to decide whether to copy the current items and their settings or to create totally new items for the user to modify. In Figure 22.9, note that the second option of creating totally new items can conserve some disk space, so you might want to choose this option if you are concerned about the available disk space. Otherwise, choosing the first option provides some benefits. The best benefit to this option is that by setting up your current items before you create this new user, you will, in effect, be creating the new user's desktop. For example, an administrator might want to configure the default desktop, My Documents folder, and other items to the settings that most users will need and then create the user accounts by copying the current items and their settings. Using this method prevents the administrator from having to go back and log in as each different user and modify the items and settings individually.
After you have selected your choices, click Next to move on. In the next
window the wizard presents, you can click Finish to complete the setup process. When
you click Finish, the wizard copies some files and folders and prompts you to restart
the computer to complete the setup process. When the computer restarts, you are presented
with a logon screen similar to the one in Figure 22.10.
FIG. 22.10 Here, you can
log on using the Windows 98 Multi-user Logon screen. (Microsoft Family Logon is selected
as the primary network logon.)
On the new logon screen, select the new username and enter the appropriate password.
Then click OK to log on to Windows. Now that you have configured Windows 98 for multiple
users, take a look at some of the additional options you now have available to you.
First of all, if you return to the Users applet in the Control Panel, starting it brings up the User Settings window that enables you to configure additional users (see Figure 22.11). Clicking the New User button starts the wizard to add an additional user (as mentioned previously). Highlighting a username in the list and clicking the Delete button generates a message that warns you that this option will delete a user and his or her associated settings and folders. Clicking the Yes button shown in Figure 22.12 removes the user and his or her preferences.
NOTE Be very careful when deciding to delete a user. If the user has put customized documents in desktop folders, they will be deleted when the user is deleted.
FIG. 22.11 Here, you can
see the User Settings dialog box of the Add New User Wizard.
FIG. 22.12 In the delete
user dialog box, be absolutely sure you want to delete the user before continuing.
In the User Settings dialog box, you can use the Make a Copy button to duplicate
a user's settings quickly by making a new user from the old one. The Set Password
button can be used to change the password for this Windows user. The Change
Settings button allows you to go back and modify which items this user has control
over changing.
After you have decided to set up user profiles for individual users, you might want to consider the option of being able to have users get the same profile no matter which Windows 98 machine they log on to. To do so, you must configure a roaming profile setup using a Windows NT server. The next section covers this process in detail.
Through the combination of the power of the Windows NT platform and the configuration of the Windows 98 setup, you can set up a profile for a user so that the user gets it every time he or she logs on to Windows 98. The user will still have that profile even if he or she logs on to a different machine every time.
To set up roaming profiles, you must make sure that a couple of conditions are met. First, each of the Windows 98 workstations must be set up to log in to a Windows NT domain. Second, the Windows NT domain must have been created and exist on the network so that the Windows 98 machines can see it. Additionally, the user accounts for each user must exist in the NT domain. You do not need to set up each user on each Windows 98 machine. As a matter of fact, it would be best in this scenario if each Windows 98 machine were not configured for multiple users. Otherwise, the users and possibly the administrator may become confused when they are changing user preferences such as user passwords.
For example, when you're changing a password, you would have to stop and think, "Am I changing the password for the Windows 98 user account or for the Windows NT user account?" Then you would have to make sure that you were changing it in the right place. To avoid this confusion, it would be easier to set up only multiple users with roaming profiles using user accounts on a Windows NT domain. If you follow this technique, you would have no reason to set up the Windows 98 machines for multiple users, and you would be able to avoid this possible confusion.
When you're setting up users on a Windows NT domain, a utility called the User
Manager for Domains enables you to set up and configure user accounts. One of the
settings for the user accounts is the user profile settings. Figure 22.13 shows an
example of configuring the user profile settings for a Windows NT domain user. For
the Windows 98 users to have roaming profiles, the options on this screen must specify
a location in the domain where the user's profile will exist. This profile would
normally be located on an NT server in the domain. That way, when a user logs on
from a Windows 98 machine, no matter which one he or she chooses, the profile that
user gets will be the one that exists on the domain.
FIG. 22.13 The User Environment
Profile dialog box is from the Windows NT User Manager for Domains User Profile Settings
for a new user.
For roaming profiles to work on all the Windows 98 machines, you must configure each
Windows 98 machine to log on to a domain. If you look back at Figure 22.2 earlier
in this chapter, you will see the option for configuring the Client for Microsoft
Networks to log on to a Windows NT domain. This option must be set up on all the
Windows 98 machines for roaming profiles to work.
When you configure the NT domain and the Windows 98 machines, you create a file called USER.DAT for each user who logs on to the domain. The USER.DAT file is stored in the place specified by the settings for that user's domain profile configuration. If you want to make sure that the user cannot change any of his or her profile settings (desktop colors and other preferences), all you have to do is change the name of the USER.DAT file to USER.MAN after it is created.
The best way to carry out this procedure is as follows:
Renaming the file to USER.MAN creates what is called a mandatory profile. Mandatory profiles ensure that users always get the same environment every time they log on. That way, if a user makes a mistake and changes colors to some color scheme in which he or she cannot read the screen anymore, all the user has to do is log out and log back in to the domain. Then the user's desktop appears just like it always did. Note that users can make changes to their environments even if they have mandatory profiles. The difference is that the changes are not saved if the USER.DAT file has been renamed with the .MAN extension.
If you want to restrict the users even further and make sure they do not have access to items such as the desktop settings, you need to consider setting up system policies for the Windows 98 machines. The next section discusses the utility for setting up policies and how to configure them for your machine.
Before I discuss the System Policy Editor, I must warn you that it is an incredibly powerful tool. It is so powerful that you can end up making changes to the Windows 98 system that are very difficult, if not impossible, to fix without reinstalling Windows 98. You should be very careful when using the System Policy Editor.
Because the System Policy Editor is such a powerful tool, it is not installed during the normal installation of Windows 98. You must go back and specifically add the System Policy Editor by using the Add/Remove Programs applet in the Control Panel. After you have installed the System Policy Editor, it is available as a System Tool from the Start menu. Just select Start, Programs, Accessories, System Tools, System Policy Editor.
You can work with the System Policy Editor in two ways. The first way is to modify the Registry of the machine on which it is running. To do so, you select File, Open Registry to see options for configuring the Local User and the Local Computer.
The other option available with the System Policy Editor is to create a policy for the Default User and Default Computer. If you decide to choose this option, you can add individual users and computers to the policy as you configure it.
Opening the Default Computer allows you to customize the user environment in great
detail, but once again caution is advised. Look at Figure 22.14, which shows an example
of just some of the settings that can be configured for the Default Computer.
FIG. 22.14 You can configure
the Default Computer Properties with the System Policy Editor.
After you have created your policy, you should save the file with a .POL
extension. You can name the file whatever you want, and you can even create multiple
policy files. However, you normally do not need to create more than one policy file
per machine, and you usually need to create only one policy file that applies to
all the computers and users.
If you would like to make the policy apply to all your Windows 98 machines and users, you should copy the policy file to the NETLOGON folder on the Windows NT Primary Domain Controller and make sure that all users are logging on to the domain. That way, when users log on to the domain, the policy file is used to define their environment. You can set this up in a larger environment with multiple NT authentication machines in other ways. They are explained in the Resource Kit under the load-balancing feature.
So far, this chapter has shown you how to configure the available options for the Microsoft Network client so that you can get the appropriate performance from your Windows 98 machine. Looking at how to configure your machine in a Novell NetWare environment is also important. The following sections do just that. If you configure your machine appropriately, you can provide some security for the information on your machine. You also can set up drive mappings to make the use of common programs easier and can share resources with other users on the network.
To participate on a network, you need a Network Interface Card (NIC). Although this section describes how to install and configure NICs, this chapter covers only the software installation necessary to get the NIC to perform with Windows 98. If you need assistance with the physical installation of the hardware, consult the documentation provided with the card.
If the NIC you are adding to the machine is a Plug and Play adapter, and the machine you are using is Plug and Play compliant, Windows 98 automatically finds and configures the NIC for you while only stopping to ask you for a driver disk if one is necessary. If you are configuring a legacy device or do not have a Plug and Play system, you may need to consult the documentation provided with the NIC for accurate installation and setup of the device.
If you just need to add the software for the new NIC, right-click the Network
Neighborhood icon and select Properties. If you do not yet have a Network Neighborhood
icon on your desktop, you can also get to the Network Properties by selecting Start,
Settings, Control Panel and then selecting the Network applet. When you are ready
to modify the Network Properties, your screen should look similar to the one in Figure
22.15.
FIG. 22.15 You can modify
the Network Properties in this dialog box.
To add a NIC, click the Add button and select Adapter from the list of choices.
Then click the Add button. In Figure 22.16, you can see that you may have
choices for both Plug and Play (PnP) adapters and non-PnP adapters.
The other box shown in Figure 22.16 gives you a list of manufacturers to choose
from. For each manufacturer, corresponding adapter types are listed in the right-hand
pane of the window. Select the appropriate manufacturer and network adapter type.
If a disk came with your NIC, click the Have Disk button and follow the onscreen
instructions. Click OK to proceed; Windows 98 then installs the software for the
adapter.
FIG. 22.16 You can select
a network adapter in this dialog box. Each adapter has different options that can
be configured.
Because I cannot cover all the possibilities, this section just gives you an idea
of how to make changes to your adapter. When the adapter has been added to the list
of network components, you can select it from the list and click the Properties
button. In Figure 22.17, you can see the 3Com adapter, which is highlighted before
the Properties button is clicked.
FIG. 22.17 Notice that the
3Com adapter is highlighted before clicking Properties.
Although Figure 22.18 shows an example of the network adapter properties for a 3Com
PC Card NIC, it is just an example of what the network adapter properties might look
like. Each adapter type has its own options, tabs, and configuration parameters.
They should all have a Bindings tab similar to the one displayed in Figure 22.18.
This tab is important because it lets you configure which protocols are used with
this NIC. In this figure, you can see that the Fast Infrared Protocol is not being
used with this NIC. If you want to bind this protocol to this NIC, you simply check
the check box to select it. In this case, selecting the check box causes an error
because the 3Com device is not Infrared enabled, as some of the other devices on
this machine are.
FIG. 22.18 On the Bindings
tab for this network adapter, notice that the only installed protocol that is not
bound to this device is the Fast Infrared Protocol.
After you have finished making changes to the configuration for the NIC, click OK
and then click OK again on the Network properties dialog box. This way, you force
Windows 98 to update itself with any changes; it may require you to reboot your system.
After you have your adapter installed and configured, you can move on to configuring
the client software for the network of your choice. The Client for NetWare Networks
is covered next. See the beginning of this chapter for information on configuring
the Client for Microsoft Networks.
To configure the Client for NetWare Networks, you need to edit the properties by going to the Network properties dialog box. You can access the Network properties dialog box from the Control Panel or by using one of the handy features of Windows 98.
NOTE If you have not already added the Client for Microsoft Networks to the Network Properties, turn to "Configuring Network Properties" in Chapter 24 and do that now.
To access the Network Properties dialog box, follow these steps:
NOTE You can also access the Network Properties dialog box more easily by right-clicking the Network Neighborhood icon on the desktop and selecting Properties from the drop-down menu. If the Network Neighborhood icon is not on your desktop, more than likely, you have not yet configured any network clients. You have to use the preceding method until you have added your network client.
To configure the Client for NetWare Networks, you can either double-click the
icon or label for Client for NetWare Networks, or you can click once on that item
to highlight it and then click the Properties button. If you are successful,
the next window that opens should look similar to the one in Figure 22.19.
FIG. 22.19 You can set
the properties in the Client for NetWare Networks Properties dialog box.
As you can see from Figure 22.19, this dialog box normally has at least two tabs
of properties to configure. The General tab has three configurable options that let
you define the NetWare environment for this machine. The first option, Preferred
server, lets you decide with which NetWare server you want to authenticate the logon
name and password. The second option, First network drive, allows you to determine
the drive letter to start with when setting up network drive connections. This setting
normally defaults to drive F: for NetWare networks. The last option is a check box
that you can select to enable NetWare login scripts to be processed as part of the
login procedure. If you do not want the login scripts to be executed when you log
in, deselect the check box.
To be able to log in to the NetWare server of your choice and Windows 98 at the same time, you must also check to make sure that the Primary Network Login has been configured to reflect Client for NetWare Networks. To check this setting, look at the Network properties dialog box in the section titled Primary Network Logon.
NOTE Now that you have successfully logged in to the NetWare network, you're ready to explore your ability to share resources with other users in a secure fashion. The next section describes how to establish shared resources in a NetWare environment and set them up with security.
NOTEYou may also want to consider using the intraNetWare Client for Windows 95 from Novell. The Novell client, which has been designed for access to Novell networks and servers, has some capabilities that the Microsoft client does not have. One of the biggest advantages is the ability to log in to multiple NDS trees with one login. The Novell client also supports the 32-bit NetWare Administrator and the NetWare Application Launcher. If you are primarily using Novell NetWare or intraNetWare as your network operating system, you should check out the Novell client.
To make your Windows 98 resources available to other network users, you must first make sure that File and Printer Sharing for NetWare Networks is one of the loaded services in your network configuration. To double-check this setting, right-click the Network Neighborhood icon and go to Properties. Scroll down through the list of the installed network components and see whether File and Printer Sharing for NetWare Networks is one of the installed services. If it is not listed, follow these steps to add it:
After you have File and Printer Sharing for NetWare networks installed, your Network
properties dialog box should look something like Figure 22.20.
FIG. 22.20 This Network properties
dialog box shows File and Printer Sharing for NetWare Networks installed.
If you need to make any changes to the properties for the File and Printer Sharing
for NetWare Networks, simply select and then click the Properties button.
It is unlikely that you will need to change these settings because they are used
only in more advanced scenarios.
Now that you have File and Printer Sharing for NetWare Networks installed, you can share directories and printers with other users. The most secure way to do so is to use user-level security by having the users authenticated by a secure server. Because this section deals with NetWare, these steps demonstrate how to set up user authentication using a NetWare server as the authentication device:
To enable User-Level access control, select the appropriate button and fill in the blank titled Obtain list of users and groups from with the name of the NetWare server that will house the user accounts. This machine is used to verify the correct login and passwords of all the users. After these settings have been made, you can start sharing files and printers with specific users and groups with various levels of security.
To understand how much control you now have, look at the following example of how to set up user-level security for a shared folder.
To set up a shared folder and enable user-level access to it, find the folder
you want to share and right-click it. From the drop-down menu, select Sharing. In
the resulting window, the first thing you need to do is check the Shared As radio
button. Then you need to fill in a share name and a comment if necessary. Now you
can add users to the list by clicking the Add button and selecting the users you
want to give Read Only, Full Access, and Custom Access. Figure 22.21 shows an example
of pulling up the user list on the server to assign users and privileges.
FIG. 22.21 In this dialog
box, you can add users to a shared resource.
If you select to give some users Custom Access, when you click OK, the Change Access
Rights window pops up to let you configure the custom access for that user or users.
After you have set up the custom rights, clicking OK takes you back to the sharing properties window. From this window, you can now select individual users or groups and modify their access privileges on a one-by-one basis if you like. The levels of access you can assign for these users and groups is discussed earlier in this chapter in the Windows NT section titled "Configuring Peer Resource Sharing."
With this capability, you can assign very detailed levels of access to individual users or groups of users based on the user information that is contained on the NetWare server. You can also customize each user's environment by setting up profiles for each user. The next section details how to set up and configure roaming users with Novell NetWare in Windows 98.
Through the combination of a Novell NetWare server and the configuration of the Windows 98 setup, you can set up a profile for a user in such a way that the user gets the same profile every time he or she logs on to Windows 98. The user will get this same profile even if he or she logs on to a different machine every time. To set up these roaming profiles, you must set up user profiles for the users. If you are unfamiliar with user profiles, look at the section titled "Configuring User Profiles" earlier in this chapter.
To set up roaming profiles on a NetWare server, you must make sure that a couple of conditions are met:
You do not need to set up each user on each Windows 98 machine. As a matter of fact, it would be best in this scenario if each Windows 98 machine were not configured for multiple users. When you're setting up users on a NetWare server, each user automatically gets a MAIL folder (directory). The user profile for a user must be stored in the user's MAIL folder for the NetWare server to provide roaming profiles for the users. When a user logs on to the NetWare server from a Windows 98 machine, Windows 98 examines the MAIL folder for that user and looks for a user profile. If one is found, it is used to define the initial user environment. That way, when a user logs on from a Windows 98 machine, no matter which machine he or she chooses, the profile that user gets will be the one that exists on the NetWare server.
For roaming profiles to work on all the Windows 98 machines, you must configure each Windows 98 machine to log on to the NetWare server. If you look back at Figure 22.19 earlier in this chapter, you will see the option for configuring the Client for NetWare Networks to log on to a preferred NetWare server. This option must be set up on all the Windows 98 machines for roaming profiles to work.
When you configure the NetWare server and the Windows 98 machines, you create a file called USER.DAT for each user who logs on to the domain. The USER.DAT file must be stored in the MAIL folder for that user on the NetWare server. If you want to make sure that the user cannot change any profile settings (desktop colors and other preferences), all you have to do is change the name of the USER.DAT file to USER.MAN after it is created.
The best way to carry out this procedure is to log on as the user and configure the desktop and the rest of the user environment in the way you would like for it to be set. When you log off as that user, the settings you have defined are stored in that user's USER.DAT file. Locate the USER.DAT file, move it to the appropriate NetWare MAIL directories, and rename it USER.MAN.
Renaming the file to USER.MAN creates what is called a mandatory profile. Mandatory profiles ensure users always get the same environment every time they log on. That way, if a user makes a mistake and changes colors to some color scheme in which he or she cannot read the screen anymore, all the user has to do is log out and log back in to the server. When the user logs back in, the desktop appears just like it always did. Note that users can make changes to their environments even if they have mandatory profiles. The difference is that the changes are not saved if the USER.DAT file has been renamed with the .MAN extension.
If you want to restrict the users even further and make sure they do not have access to items like the desktop settings, you need to consider setting up system policies for the Windows 98 machines. I covered setting up system policies and configuring them earlier in this chapter in the Windows NT section titled "Setting Up System Policies."
© Copyright, Macmillan Publishing. All rights reserved.
){kind=link}
){kind=link}
){kind=link}
){kind=link}
){kind=link}
){kind=link}
){kind=link}
){kind=link}
){kind=link}
){kind=link}
){kind=link}
){kind=link}
){kind=link}
){kind=link}
){kind=link}
){kind=link}
){kind=link}
){kind=link}
){kind=link}
){kind=link}
){kind=link}