Creating and Managing System Policies
Under MS Windows platforms, particularly those following the release of MS Windows
NT4 and MS Windows 95, it is possible to create a type of file that would be placed
in the NETLOGON share of a domain controller. As the client logs onto the network,
this file is read and the contents initiate changes to the registry of the client
machine. This file allows changes to be made to those parts of the registry that
affect users, groups of users, or machines.
For MS Windows 9x/Me, this file must be called
Config.POL and may
be generated using a tool called
poledit.exe, better known as the
Policy Editor. The policy editor was provided on the Windows 98 installation CD-ROM, but
disappeared again with the introduction of MS Windows Me. From
comments of MS Windows network administrators, it would appear that this tool became
a part of the MS Windows Me Resource Kit.
MS Windows NT4 server products include the
System Policy Editor
For MS Windows NT4 and later clients, this file must be called
New with the introduction of MS Windows 2000 was the Microsoft Management Console
or MMC. This tool is the new wave in the ever-changing landscape of Microsoft
methods for management of network access and security. Every new Microsoft product
or technology seems to make the old rules obsolete and introduces newer and more
complex tools and methods. To Microsoft's credit, the MMC does appear to
be a step forward, but improved functionality comes at a great price.
Before embarking on the configuration of network and system policies, it is highly
advisable to read the documentation available from Microsoft's Web site regarding
Implementing Profiles and Policies in Windows NT 4.0.
There are a large number of documents in addition to this old one that should also
be read and understood. Try searching on the Microsoft Web site for “Group Policies”.
What follows is a brief discussion with some helpful notes. The information provided
here is incomplete you are warned.