S 2.103 Setting up user profiles under Windows 95

Initiation responsibility: IT Security Management

Implementation responsibility: Administrators

Under Windows 95 it is possible to carry out user separation by setting up user profiles. This separation serves, however (if system guidelines do not carry out a restriction, see S 2.104 System Guidelines for Restricting Usage of Windows 95) only to retain user-specific settings and thereby contains an individual work environment for each user, which he can adjust according to his needs and requirements. A log-on password for Windows 95 will be compulsory once the user profile has been activated. The same considerations apply for this password as for WfW log-on passwords (see S 4.46 Use of the Log-On Password under WfW and Windows 95).

Settings concerning the user will be saved in the following directory: C:\WINDOWS\PROFILES\Username.

On a non-networked Windows 95 computer, user profiles should always be activated if navigation under Windows 95 needs to be eased for inexperienced users. This is also sensible if user separation is desired not from the point of view of security, but for organisational or principal reasons.

For this purpose, the program group CONTROL PANEL should be opened, then the option PASSWORDS and the user profile can then be activated or deactivated.

Note: In Netware or NT networks, compulsory user profiles can be established by saving the appropriate profile with write-protection in a directory allocated to the user. This profile has the name USER.MAN and is loaded from the server every time the user logs on (see S 4.51 User Profiles to Restrict the Usage Possibilities of Windows NT).

Additional controls:

• Should several users work on a Windows 95 computer?

• Is user separation sensible from the point of view of security or for organisational/principal reasons?