Help
Here's my setup. NT 4.0 Server, NT 4.0 workstations. I want to establish a policy for all users logging in the net work to say..do not show run command on the start menu. I did it once but now I don't know how. A user can log on to the network from any NT wks machine and the policy should activate according to the user loogin on.
1. How and where do you created the .POL file and where do you save it.
2. if no one know please point me to the right direction. I am checking the MS knowledgebase to see if I can find somthing.
Thanks in advance
Page 1 of 1
policy for NT
#1
bytemangler 
- member
- Group: Members
- Posts: 114
- Joined: 27-February 01
Posted 06 June 2001 - 10:54 PM
#2
clutch
- Carpal Tunnel
-
- Group: Moderators
- Posts: 3859
- Joined: 29-March 00
Posted 06 June 2001 - 11:31 PM
There are a few ways that you can do this. All of them require the use of POLEDIT.EXE, which is the NT Policy editor. You can:
1. Using Poledit, you can develop the NTCONFIG.POL file and put it on the NETLOGON share of your NT Server.
2. Using Poledit, you can connect to each machine and set the policy manually. I have had to do this to clear up machines that were not updating for one reason or another.
3. Using Poledit, you can connect to each machine, and setup each machine to pull future policies from a share you choose. This is kind of a combination of the previous two, so I put it last.
What I used to do, was keep the master NTCONFIG.POL and the ADM templates (Common, Winnt, and Windows if needed) in a folder together. When I would edit the file to my liking, I would save it and run a batch file that would update all the DCs at once. Therefore, this would reduce the chance of one DC exporting an old policy file thus overwriting the new one on the other controllers. Of course, this isn't SUPPOSED to happen, but it has. This was what my batch file consisted of:
copy "C:\Documents and Settings\clutch\My Documents\mgmt\ntconfig.pol"
\\server2\c$\winnt\system32\repl\export\scripts
copy "C:\Documents and Settings\clutch\My Documents\mgmt\ntconfig.pol"
\\server3\c$\winnt\system32\repl\export\scripts
copy "C:\Documents and Settings\clutch\My Documents\mgmt\ntconfig.pol"
\\server2\c$\winnt\system32\repl\import\scripts
copy "C:\Documents and Settings\clutch\My Documents\mgmt\ntconfig.pol"
\\server3\c$\winnt\system32\repl\import\scripts
Hope this helps.
1. Using Poledit, you can develop the NTCONFIG.POL file and put it on the NETLOGON share of your NT Server.
2. Using Poledit, you can connect to each machine and set the policy manually. I have had to do this to clear up machines that were not updating for one reason or another.
3. Using Poledit, you can connect to each machine, and setup each machine to pull future policies from a share you choose. This is kind of a combination of the previous two, so I put it last.
What I used to do, was keep the master NTCONFIG.POL and the ADM templates (Common, Winnt, and Windows if needed) in a folder together. When I would edit the file to my liking, I would save it and run a batch file that would update all the DCs at once. Therefore, this would reduce the chance of one DC exporting an old policy file thus overwriting the new one on the other controllers. Of course, this isn't SUPPOSED to happen, but it has. This was what my batch file consisted of:
copy "C:\Documents and Settings\clutch\My Documents\mgmt\ntconfig.pol"
\\server2\c$\winnt\system32\repl\export\scripts
copy "C:\Documents and Settings\clutch\My Documents\mgmt\ntconfig.pol"
\\server3\c$\winnt\system32\repl\export\scripts
copy "C:\Documents and Settings\clutch\My Documents\mgmt\ntconfig.pol"
\\server2\c$\winnt\system32\repl\import\scripts
copy "C:\Documents and Settings\clutch\My Documents\mgmt\ntconfig.pol"
\\server3\c$\winnt\system32\repl\import\scripts
Hope this helps.
#5
bytemangler
- member
- Group: Members
- Posts: 114
- Joined: 27-February 01
Posted 13 June 2001 - 10:41 PM
Thanks for the tips. It works perfectly.
Share this topic:
Page 1 of 1