policy for NT
This is a discussion about policy for NT in the Windows Networking category; Here's my setup. NT 4. 0 Server, NT 4. 0 workstations. I want to establish a policy for all users logging in the net work to say. . do not show run command on the start menu. I did it once but now I don't know how.
Here's my setup. NT 4.0 Server, NT 4.0 workstations. I want to establish a policy for all users logging in the net work to say..do not show run command on the start menu. I did it once but now I don't know how. A user can log on to the network from any NT wks machine and the policy should activate according to the user loogin on.
1. How and where do you created the .POL file and where do you save it.
2. if no one know please point me to the right direction. I am checking the MS knowledgebase to see if I can find somthing.
Thanks in advance
1. How and where do you created the .POL file and where do you save it.
2. if no one know please point me to the right direction. I am checking the MS knowledgebase to see if I can find somthing.
Thanks in advance
Participate in our website and join the conversation
This subject has been archived. New comments and votes cannot be submitted.
Jun 6
Jun 13
0
3 minutes
Responses to this topic
There are a few ways that you can do this. All of them require the use of POLEDIT.EXE, which is the NT Policy editor. You can:
1. Using Poledit, you can develop the NTCONFIG.POL file and put it on the NETLOGON share of your NT Server.
2. Using Poledit, you can connect to each machine and set the policy manually. I have had to do this to clear up machines that were not up[censored] for one reason or another.
3. Using Poledit, you can connect to each machine, and setup each machine to pull future policies from a share you choose. This is kind of a combination of the previous two, so I put it last.
What I used to do, was keep the master NTCONFIG.POL and the ADM templates (Common, Winnt, and Windows if needed) in a folder together. When I would edit the file to my liking, I would save it and run a batch file that would update all the DCs at once. Therefore, this would reduce the chance of one DC exporting an old policy file thus overwriting the new one on the other controllers. Of course, this isn't SUPPOSED to happen, but it has. This was what my batch file consisted of:
copy "C:\Documents and Settings\clutch\My Documents\mgmt\ntconfig.pol"
\\server2\c$\winnt\system32\repl\export\scripts
copy "C:\Documents and Settings\clutch\My Documents\mgmt\ntconfig.pol"
\\server3\c$\winnt\system32\repl\export\scripts
copy "C:\Documents and Settings\clutch\My Documents\mgmt\ntconfig.pol"
\\server2\c$\winnt\system32\repl\import\scripts
copy "C:\Documents and Settings\clutch\My Documents\mgmt\ntconfig.pol"
\\server3\c$\winnt\system32\repl\import\scripts
Hope this helps.
1. Using Poledit, you can develop the NTCONFIG.POL file and put it on the NETLOGON share of your NT Server.
2. Using Poledit, you can connect to each machine and set the policy manually. I have had to do this to clear up machines that were not up[censored] for one reason or another.
3. Using Poledit, you can connect to each machine, and setup each machine to pull future policies from a share you choose. This is kind of a combination of the previous two, so I put it last.
What I used to do, was keep the master NTCONFIG.POL and the ADM templates (Common, Winnt, and Windows if needed) in a folder together. When I would edit the file to my liking, I would save it and run a batch file that would update all the DCs at once. Therefore, this would reduce the chance of one DC exporting an old policy file thus overwriting the new one on the other controllers. Of course, this isn't SUPPOSED to happen, but it has. This was what my batch file consisted of:
copy "C:\Documents and Settings\clutch\My Documents\mgmt\ntconfig.pol"
\\server2\c$\winnt\system32\repl\export\scripts
copy "C:\Documents and Settings\clutch\My Documents\mgmt\ntconfig.pol"
\\server3\c$\winnt\system32\repl\export\scripts
copy "C:\Documents and Settings\clutch\My Documents\mgmt\ntconfig.pol"
\\server2\c$\winnt\system32\repl\import\scripts
copy "C:\Documents and Settings\clutch\My Documents\mgmt\ntconfig.pol"
\\server3\c$\winnt\system32\repl\import\scripts
Hope this helps.
Or you can use Directory replication which, when you make changes to the NTCONFIG.POL, will automatically update the policy files on the netlogon shares on all the domain controllers.
-Mua
-Mua
We do have directory replication, but every now and again the results are not what you expect.
OP
Thanks for the tips. It works perfectly.
