I'll quote from MS site
Managing Desktop Configurations
The thrust of managing desktop configurations is to reduce or eliminate the support overhead required for maintaining individual workstations' software and operating system installations. This is a primary requirement of desktop support managers, since support overhead quickly grows as the number of users increase.
Windows NT features more extensive desktop-oriented command and control than does UNIX. Windows NT has three considerable advantages over UNIX that fall into three areas: policy-based management, software distribution, and user profile and settings management.
System Policy Distribution
One of the biggest challenges facing desktop support managers is consistent policy use. It's often desirable in large companies or schools that maintain computer labs to deliver system policies that give all machines and user accounts a consistent set of configuration settings. To minimize support costs, every computer in the pool will have identical settings, unchangeable by end users.
Windows NT configuration data is stored in the system's Registry, a hierarchically organized database, equivalent to the mass of text configuration files used in UNIX systems. Registry values specify how Windows NT subsystems behave. For example, a Registry key allows administrators to display an "authorized use only" message before users can log on.
Windows NT supports the use of system policies consisting of groups of Registry settings. Individual settings can control logon behavior, desktop appearance, the applications that may be run, and how the computer participates on the network. Administrators may change any or all of these policy settings to desired values. Policies may be applied to individual users or computers, groups of users, or all entities that do not have a separate policy specified. The Windows NT logon subsystem automatically retrieves policy updates from the domain controller and applies them before the user can log on; this ensures that policies are consistently applied to all machines and user accounts. When a policy is updated, it takes effect as soon as it's saved, and will be downloaded and applied to each user or computer the next time a logon occurs.
Windows NT Server includes tools that administrators can use to define their own custom policies; in addition, many Windows NT-based applications include policy templates that allow fine-grained control over their behavior.
There is no exact UNIX equivalent of this capability. Settings that control the behavior of individual servers or workstations are not normally shared or replicated, though both can be done using custom shell scripts. Apart from writing elaborate shell scripts which replace the standard shell and GUI, there is no standard, or easy, way to control what the user may do on the machine.
Using system policies
Administrators use system policies to reduce the need for desktop support on user and lab machines. Some, but not all, individual users are capable of administering their own Windows NT-based machines, so policies are used to help provide a consistent environment for users who would otherwise require frequent helpdesk support. Policies are used to control which applications may be run on lab cluster machines, as well as what types of changes may be made to their desktop environments. This protection frees desktop support staff from having to continually restore the lab machines to their proper configuration--saving their support time and budget for more critical needs.
Software Distribution
One of the most difficult tasks for desktop support managers is maintaining workstation and server software. An end-user workstation may have dozens of applications; some are commercial products like Microsoft Office or Imagineer Technical, while others are in-house applications written for specific business tasks. Upgrading, distributing, and licensing these applications, and the underlying operating system, can easily suck up a huge percentage of desktop support resources, especially if users are accustomed to reconfiguring their machines.
Microsoft Systems Management Server product offers a comprehensive distribution infrastructure. Administrators can specify a standard software loadout, and Systems Management Server will automatically distribute that loadout to any or all machines on the network. For example, upgrading from Microsoft Word 95 to Word 97 can be done automatically by configuring Systems Management Server to deliver the new application as an upgrade to the machines that need it.
SMS is highly configurable; software can be distributed, or not, based on a range of criteria, and comprehensive reporting options make it possible to quickly determine which machines are running what versions of applications.
Because UNIX is rarely used as an individual desktop OS, there are no comparable solutions. The closest equivalent is the common configuration of having all users mount a single network share containing the applications they need; updating that share thus makes applications available to users. The same method may be used under Windows NT via its built-in file sharing; since Windows NT-based applications typically store their configuration settings in the local machine's Registry, each client machine ends up with its own set of settings.
Automating software distribution
Systems Management Server allows administrators to construct packages containing one or more applications and operating system components. These packages may be used to add new software or update existing software.
User Profile and Settings Distribution
As users work, they customize and change their environment (within the limits set by group, user, or system policies.) Many of these changes are persistent in Windows NT; for example, when a user selects a printer, that printer may be marked as the system default printer from that point on, and that default will persist until the user explicitly changes it. These changes may affect the way the user's workspace looks, through changes in desktop settings, or they may go deeper, changing which network resources are automatically mounted, where the user's files are stored, and so on.
The complete group of settings specific to a single user is called that user's profile. While policies control what settings apply to a user's machine, profiles contain the environment choices the user makes. These choices may be limited to the desktop environment, or they may include application-specific settings like web browser bookmarks and network configurations.
Profiles are stored in the Registry of the local machine. Windows NT supports two types of profiles: roaming profiles, which are downloaded to a workstation or server when a user logs on, and mandatory profiles, which are roaming profiles whose contents may not be changed by users. Roaming profiles allow user settings to appear on any machine a user logs onto, with no action required on the user's part. Mandatory profiles do not save changes made by users, so environments stay consistent between logons.
Distribution of profiles and policies is automatic; in addition, administrators may configure logon scripts that run when a user logs on. Scripts can use the native Windows NT-based scripting language or other languages like Perl and VBScript; they are automatically downloaded from the domain controller and run after the user's credentials are verified. These scripts are usually used to connect to network shares, run programs at startup, and take other actions that may be needed to set up the user's environment completely.
UNIX typically implements all of these features with shell scripts which execute when users log on. There's no default central location to store profiles and policies; administrators have to create their own solutions, normally by placing common script elements in a shared directory and putting customized logon scripts in each user's home directory. UNIX filesystem permissions are used to keep users from changing their settings.
I have a feeling that Bob has re-set permissions (possibly inadvertantly by installing other programmes) and may now have a problem with backtracking the programmes. This might probably be caused by using "global" permissions by logging in with global rights? Super user in unix/linux system.......... hence the ongoing problem with mp3 files he is having?