bytemangler 0 Posted June 6, 2001 Here's my setup. NT 4.0 Server, NT 4.0 workstations. I want to establish a policy for all users logging in the net work to say..do not show run command on the start menu. I did it once but now I don't know how. A user can log on to the network from any NT wks machine and the policy should activate according to the user loogin on. 1. How and where do you created the .POL file and where do you save it. 2. if no one know please point me to the right direction. I am checking the MS knowledgebase to see if I can find somthing. Thanks in advance Share this post Link to post
clutch 1 Posted June 6, 2001 There are a few ways that you can do this. All of them require the use of POLEDIT.EXE, which is the NT Policy editor. You can: 1. Using Poledit, you can develop the NTCONFIG.POL file and put it on the NETLOGON share of your NT Server. 2. Using Poledit, you can connect to each machine and set the policy manually. I have had to do this to clear up machines that were not up[censored] for one reason or another. 3. Using Poledit, you can connect to each machine, and setup each machine to pull future policies from a share you choose. This is kind of a combination of the previous two, so I put it last. What I used to do, was keep the master NTCONFIG.POL and the ADM templates (Common, Winnt, and Windows if needed) in a folder together. When I would edit the file to my liking, I would save it and run a batch file that would update all the DCs at once. Therefore, this would reduce the chance of one DC exporting an old policy file thus overwriting the new one on the other controllers. Of course, this isn't SUPPOSED to happen, but it has. This was what my batch file consisted of: copy "C:\Documents and Settings\clutch\My Documents\mgmt\ntconfig.pol" \\server2\c$\winnt\system32\repl\export\scripts copy "C:\Documents and Settings\clutch\My Documents\mgmt\ntconfig.pol" \\server3\c$\winnt\system32\repl\export\scripts copy "C:\Documents and Settings\clutch\My Documents\mgmt\ntconfig.pol" \\server2\c$\winnt\system32\repl\import\scripts copy "C:\Documents and Settings\clutch\My Documents\mgmt\ntconfig.pol" \\server3\c$\winnt\system32\repl\import\scripts Hope this helps. Share this post Link to post
Mua_Dib 0 Posted June 11, 2001 Or you can use Directory replication which, when you make changes to the NTCONFIG.POL, will automatically update the policy files on the netlogon shares on all the domain controllers. -Mua Share this post Link to post
clutch 1 Posted June 11, 2001 We do have directory replication, but every now and again the results are not what you expect. Share this post Link to post
bytemangler 0 Posted June 13, 2001 Thanks for the tips. It works perfectly. Share this post Link to post