Downloads
4677.zip

An examination of how to autoconfigure settings for thousands of users

Many systems administrators are familiar with users who flood Help desks with questions about protocols or other settings when running an email client or Web browser for the first time. In large user environments where you might have many user settings spread over the file system, you need to devise ways to automatically configure these user settings so all users get a standard configuration. I went searching for just such a solution.

I run a small single-domain lab in a school where over 10,000 students share 40 Windows NT computers. Users can log on to any computer in the lab and get their personal settings. But with so many users, plenty of the students don't know how to configure their personal settings for all the applications on the network. To help the students, I set up a series of batch files and logon scripts to automatically configure the user settings. Let's look at an example that involves autoconfiguring the user settings for Netscape Navigator. The principles in this example suit other applications as well.

Starting Netscape
The first time you start Netscape after a standard installation, you must enter several settings (e.g., a username, a mail server, the appropriate mail protocol). If another user logs on to the same system and attempts to use Netscape, that user must repeat this process and create an individual user profile. Because Netscape supports multiple user profiles, users must select their profiles from the Netscape profile selector the next time they log on to the same computer. All user profiles reside on the local disk by default. Depending on the situation, you might have hundreds or thousands of user profiles on one machine, which makes finding a profile in the profile selector difficult. Such was the case in my lab.

Although Netscape stores user profiles locally by default, you can store this information in at least two other places: NT's roaming profile or a home directory. In my example I'll use the home directory, which I store on a drive in a UNIX file system over Samba. You can put the home directory on any server (e.g., NT, Novell, UNIX). You specify the home directory and the drive in the User Manager for Domains, and the drive mounts when the user logs on. All users within a network have the same home drive letter, which in my case is the letter Z.

I write-protected the local disk on each computer in my lab, so users must store documents in the only writeable place, the home directory. However, Netscape stores the paths pointing to each user profile in the local Registry at HKEY_LOCAL_MACHINE\SOFTWARE\Netscape\ Communicator\Users\ or a similar location depending on the version of Netscape. This schema can get quite complicated with thousands of profile paths. Netscape's profile selector will still pop up for each user who tries to access the Web browser, and the Registry entries remain in the system even after the systems administrator deletes the user account. Consequently, the number of entries grows until the Registry is corrupted.

To work around this situation, I created a standard user profile (prefs.js) that I placed on the home drive so that the Netscape profiles path in the Registry points to drive Z. Only one common profile path is in the Registry for all users instead of one path for each user. The contents for drive Z are different for each user who logs on and uses Netscape, but Netscape doesn't know that. Netscape looks in drive Z as specified in the Registry. However, I still had to tackle another problem. When Netscape looks for the user profile settings on drive Z and doesn't find them, it automatically launches the Profile Manager and creates yet another profile path in the Registry. I needed a way to automatically place the users' profiles in their home directories before users launched Netscape for the first time. Best of all, I needed to create only one file, prefs.js, because Netscape creates all other files and folders when the program discovers they're missing.

Creating prefs.js
Prefs.js is the user preferences file that Netscape's Profile Manager generates to store a user's settings for Netscape. This file is unique for each user and stores any changes the user makes to the Preferences option under Netscape's Edit menu.

To create the necessary file, I used my administrative account to install Netscape, ran the Netscape Profile Manager, and created one Netscape user profile--­Default User. I saved the Default User profile in a folder (\pc\netscape) in my home directory. I used this file (prefs.js) with its correct settings as a template for a batch file. The batch file then created a prefs.js for each user, but with the new user's preferences.

Listing 1 provides an example batch file (nssetup.bat) that creates a prefs.js in the user's home directory. I usually store NT users' personal system files under \pc\ in the home directory so they don't conflict with UNIX files with similar names. The user's home directory also stores other application settings such as normal.dot for Microsoft Office.

Students can log on to UNIX-based systems and access their home directory. However, the files for UNIX and PC versions of Netscape are not identical, so you can't share the files between platforms.

In the batch file in Listing 1, you can capture the user's full name from the domain controller if the full name is listed in User Manager for Domains. You capture the other preferences from the NT system using ordinary variables such as %username%. If prefs.js is not in the user's home directory, the batch file creates the file in the user's \pc\netscape folder. The batch file stores and deletes the Netscape cache in the \temp directory on the local hard disk every time a user logs on with the logon script, but you can store this cache elsewhere. To have this batch file handy and centrally administered, I store it on the Primary Domain Controller (PDC) in a bats share where I store similar batch files. For example, Listing 2, page 144, shows a batch file in the bats share that I call from the logon script. This batch file checks the free space in the home directory during the user logon. The UNIX file system has quota.bat, and the batch file in Listing 3, page 144, uses freedisk.exe from the Microsoft Windows NT Server 4.0 Resource Kit to notify users if they run out of available disk space.

If a user has been using a UNIX computer and runs out of available space on the home drive, the creation of prefs.js will fail. The freedisk.exe resource kit utility can check available space and exit the nssetup.bat file if the home drive is full. The quota.bat file won't launch Netscape, but it will notify the user when no more disk space is available.

To ensure that users run a batch file that properly configures Netscape each time they start the Web browser, I created a netscape.bat file, as Listing 4 shows, and placed that file in the same location as the netscape.exe file. The netscape.bat file calls nssetup.bat in the centrally located bats share, creates the prefs.js or returns immediately if the prefs.js is present, and changes to the Netscape bin directory. The netscape.bat file uses the pushd command to move to the Netscape bin directory to simulate the shortcut's start in behavior and start Netscape.

By using NT's Explorer to open the Netscape program folder that appears in the start menu, I was able to right-click each shortcut, select Properties, and change all references for netscape.exe to netscape.bat, including the shortcut. I kept all paths and command-line factors as they were, and made sure not to miss any shortcuts. I also minimized run in commands so that they appeared on the taskbar momentarily and not on the desktop. Then I clicked Apply.

When I changed the shortcuts to point to the batch file, I destroyed the icons. To fix this problem, I had to right-click the shortcut, select the Change icon, browse to netscape.exe, and select the Netscape icon. I deleted the Profile Manager shortcut because it was no longer necessary and because I wanted to prevent users from creating additional profiles other than the default user profile. Everything looks the same, but double-clicking the Netscape icon on the desktop executes the netscape.bat file instead of netscape.exe and creates prefs.js if it is not already present. Netscape launches from the netscape.bat file. If the user starts Netscape Messenger from the Start menu, the same procedure happens, but the batch file passes the appropriate argument for the Start menu shortcut to netscape.exe and launches Messenger.

To circumvent users who try to change preferences and misconfigure Netscape beyond functionality, I added a shortcut in the Netscape program group in the Start menu that lets users restore Netscape to its default settings. For example, the shortcut can replace the Profile Manager shortcut if a user deletes it. However, if Netscape is already running, the restore-settings batch file won't work because the software is already in use. You can add the resource kit's kill.exe utility to the System32 folder and add it as a first line in resetns.bat to kill Netscape before the user deletes prefs.js and creates it again.

Fine Tuning
Now I have a Netscape user configuration that configures itself for every new user. It's scalable, and it doesn't degenerate over the time. It is not possible to disable the Netscape Profile Manager, so any user who knows the proper syntax can start the Profile Manager from the command line and create a second profile. This situation is rare, and you can repair the damage by starting the Profile Manager from the command line (netscape.exe -profile_manager) and deleting the new profile, or by deleting the profile entry with the Registry editor in HKEY_LOCAL_MACHINE\SOFTWARE\Netscape\Communicator\Users\bad_profile. I have tried to write-protect these entries in the Registry, but Netscape wants to set values here every time you launch it.