Previous Page | Next Page

  1. Introduction
  2. Installation
  3. Hardware Issues
  4. Filesystems
  5. Networking
  6. Security
  7. Servers
  8. Services
  9. Utilities
  10. Control Panel
  11. Printing
  12. Performance Monitor
  13. Network Monitor
  14. Event Viewer
  15. Other Issues
  16. User Accounts
  17. Groups
  18. Policies
  19. User Rights
  20. Auditing
  21. System Policies
  22. Sharing
  23. Profiles
  24. Roaming Profiles
  25. Domains
  26. Server Management
  27. Directory Replication
  28. License Management
  29. Client Administrator
  30. Netware Tools
  31. Macintosh Support
  32. RAS Server
  33. SNMP
  34. DHCP
  35. DNS
  36. WINS
  37. Mail Service
  38. Internet
  39. Internet Information Server
  40. Routing and Firewalls
  41. Items to Remember
  42. Terms
  43. Credits

Windows NT System Policies

System policies are new with NT Server version 4.0. These policies can be made using the "System Policy Editor" and they apply to the whole domain:

  • Banners and other logon security features
  • Programs run at startup
  • File system features
  • Local user restrictions
  • Hidden share creation
  • Print settings and priorities
  • RAS settings
  • Restricting ability to edit the registry

Policy settings may be applied to any computer or user on the domain from the System Policy Editor.

  • Computer - HKEY_LOCAL_MACHINE registry portion is modified. Policies apply to a specific computer.
  • Default computer - HKEY_LOCAL_MACHINE registry portion is modified. Settings are changed for all domain computers are changed.
  • User - HKEY_CURRENT_USER registry portion is modified. Settings for one user are changed.
  • Group - Policies applied to groups. One group may have a higher profile priority than another, for the case when a user belongs to multiple groups. This is set using the "Options" menu with "Group Priority".
  • Default user - HKEY_CURRENT_USER registry portion is modified. Settings for any domain user that logs on from any computer are changed.

Policy settings are determined by precidence as listed above. For example, user settings override all other group, and default user policies. Group policies override Default user policies. A System (computer) policies override user and group policies. Specific computer policy overrides default system policy. Group policy priority may be specified from the System Policy Editor when a user is a member of multiple groups. User and group policy options:

  • Control Panel - Display settings are specified.
  • Desktop - Wallpaper and color schemes.
  • Shell - Configures restrictions including hiding items and "don't Save Settings on Exit".
  • System - Can disable applications and registry editing tools.
  • Windows NT Shell - Specify a custom folder and shell restrictions.
  • Windows NT System - How to run login scripts and whether to parse AUTOEXEC.BAT.

System policy options:

  • Network - Whether remote updates can be received manually or automatically.
  • System - Sets up SNMP configuration and specifies startup programs to run.
  • Windows NT Network - Whether hidden drive shares may be made on NT workstation or server.
  • Windows NT Printer - Scheduler priorities, disable print browsing, or beep for errors.
  • Windows NT Remote Access - RAS option configuration.
  • Windows NT Shell - Configuration of custom shared program folders, startup folder, start menu, and desktop icons.
  • Windows NT System - Sets filesystem policies, logon banners and whether last user is displayed at the logon screen.
  • Windows NT User Profiles - Specify automatic detection of slow connections and set up dialon box timeouts.

Policy changes may be made to a policy file rather than the registry. The following policy files are used for the following systems:

  • NTCONFIG.POL - For NT
  • CONFIG.POL - Windows 95

The policy must be saved in the \WINNT_ROOT\NETLOGON directory of the authenticating domain controller in order to take effect. The \WINNT_ROOT\NETLOGON\ directory points to \WINNT_ROOT\SYSTEM32\REPL\IMPORT\SCRIPTS by default. These profile settings will override settings made in user manager. The following policy template files exist:

  • COMMON.ADM - For Windows 95 and Windows NT
  • WINNT.ADM - For Windows NT.
  • WINDOWS.ADM - For Windows 95.

Policy Storage

Policies are stored in the registry, so deleting the system policy file does not remove the policy. Any undesired policies must be removed the same as they were set. When setting policies, the options in the boxes apply:

  • Blank - Policy is set to its default value.
  • Checked - A policy is enforced.
  • Grey - Whatever is currently in the registry applies. No policy is enforced.