Under MS Windows platforms, particularly those following the release of MS Windows NT4 and MS Windows 95, it is possible to create a type of file that would be placed in the NETLOGON share of a domain controller. As the client logs onto the network, this file is read and the contents initiate changes to the registry of the client machine. This file allows changes to be made to those parts of the registry that affect users, groups of users, or machines.

For MS Windows 9x/Me, this file must be called Config.POL and may be generated using a tool called poledit.exe, better known as the Policy Editor. The policy editor was provided on the Windows 98 installation CD-ROM, but disappeared again with the introduction of MS Windows Me. From comments of MS Windows network administrators, it would appear that this tool became a part of the MS Windows Me Resource Kit.

MS Windows NT4 server products include the System Policy Editor under Start -> Programs -> Administrative Tools. For MS Windows NT4 and later clients, this file must be called NTConfig.POL.

New with the introduction of MS Windows 2000 was the Microsoft Management Console or MMC. This tool is the new wave in the ever-changing landscape of Microsoft methods for management of network access and security. Every new Microsoft product or technology seems to make the old rules obsolete and introduces newer and more complex tools and methods. To Microsoft's credit, the MMC does appear to be a step forward, but improved functionality comes at a great price.

Before embarking on the configuration of network and system policies, it is highly advisable to read the documentation available from Microsoft's Web site regarding Implementing Profiles and Policies in Windows NT 4.0. There are a large number of documents in addition to this old one that should also be read and understood. Try searching on the Microsoft Web site for “Group Policies”.

What follows is a brief discussion with some helpful notes. The information provided here is incomplete you are warned.