5. System Policies
The System Policy is a set of registry settings that overwrite the current user and local machine
settings. The NETLOGON shared network directory contains a Ntconfig.pol file which
defines the user policy. The group user policy, if configured, is merged with this file, otherwise
the default policy sttings are merged with the user portion. system policies are also defined for the
computer, these are defined in the HKEY_LOCAL_MACHINE whereas the policies for the user
are defined in the HKEY_CURRENT_USER subtree.
Follow these steps to create a System policy:
- In Administrative Tools click Default User or Default Computer.
- Use Edit to set the policy options for user, group or computer.
- The Ntconfig.pol file is saved in winnt_root\System32\Repl\Imports\Scripts
which is the NETLOGON share on the PDC.
- Enable replication so that Ntconfig.pol is replicated on all domain controllers.
Windows 95 uses Config.pol and this must be created on a win95 station first before uploading it
to the domain controller.
The Default User policy affects everyone in the domain including the administrator.
Changing the computer policy part of the system policy from automatic remote update to manual
remote update allows you to specify any computer in the domain. This is good for spreading the
load on the network since the files are large and the PDC may fail. You set the manual update
by going into System Policy editor, clicking New Policy, clicking Remote Update
and selecting Manual inserting the path.
In the System Policy editor the selected and cleared options are saved to the policy file whilst the
shaded options are default values and are not saved.
The Registry Mode is used to modify registry options in Local User or Local Computer.
The Policy File Mode is used to modify a policy for a domain. A policy may hide the run command
from the start menu.
|