How to Set Up Locally-Based System Policies

This article was previously published under Q168579
This article has been archived. It is offered "as is" and will no longer be updated.
Summary
Windows NT system policies are designed for when a user logs on to adomain account database. There are times, however, that it is necessary tohave policies on a Windows NT workstation or server computer that is notparticipating in a domain or when you need a different policy for userswho are logged on to the local account database.
More information
There are two basic ways to set up locally-based system policies. To usethese on a workstation or server running Windows NT 4.0 (not a domaincontroller), follow one of the following procedures:
  • Automatic Update Method
  • Remote Update Method
NOTE: Poledit.exe only accepts Global Groups and not Local Groups for the policies that it creates on Terminal Server.

Automatic Update Method

  1. Share the Winnt\System32\Repl\Import\Scripts folder (where Winnt is the name of your Windows directory) as Netlogon.
  2. Grant the group Everyone "Read" Permissions and the group Administrators "Full Control" to this share.
  3. Start System Policy Editor (Poledit.exe).
  4. On the File menu, click New Policy and make the changes for your policy. Start with something simple such as "Remove Run command from Start Menu" from Shell/Restrictions in the Users Properties window.
  5. On the File menu, click Save As, and then save the policy file in the Netlogon shared folder as Ntconfig.pol.
  6. On the File menu, click Open Registry.
  7. Double-click Local Computer, double-click Network, double-click System Policies Update, and then click the Remote Update check box to select it.
  8. In the Update Mode box, click Automatic (Use Default Path), and then click OK.
  9. Save your policy to the location listed above as Ntconfig.pol, and then quit Policy Editor.
  10. Restart Windows NT for the changes in the policy to take effect.
NOTE: This configuration allows you to use both a local and a domain-widesystem policy, depending on which user account database the user logs onto.

Remote Update Method

  1. Start System Policy Editor(Poledit.exe) and make the changes for your policy.
  2. On the File menu, click Save As, and then save the policy file on your hard disk. For example, save the file as:
    c:\ntconfig.pol
  3. On the File menu, click Open Registry.
  4. Double-click Local Computer, double-click Network, double-click System Policies Update, and then click the Remote Update check box to select it.
  5. In the Update Mode box, click Manual (Use Specific Path), type a path name in the Path for Manual Update dialog box (for example, c:\winnt\ system32\repl\import\scripts\Ntconfig.pol), and then click OK.

    Note that to display error messages if the policy file is not found when Windows NT starts, you can click the Display Error Message check box to select it.
  6. Save your policy to the location listed above as Ntconfig.pol, and then quit Policy Editor.

    Note that while using the Manual Update, you may name the policy file anything you would like; just be sure to enter it into the path in step 5 above.
  7. Restart Windows NT for the changes in the policy to take effect.
TIP: Every person or computer that logs on after a policy is in place issubject to the policy. Therefore, it is a good idea to not edit thedefault user or computer until you are familiar with System Policies. Agood idea to use is to make a test user/group account in "User Manager"and then make a specific policy for this user/group in System PolicyEditor. After you have the policy working properly you can then transferthe policy to the production environment.
For information about how to use system policies on a standalone computerrunning Windows 95, see the following article in the Microsoft KnowledgeBase:
147381 How to Use System Policies On a Standalone Computer
4.00
Properties

Article ID: 168579 - Last Review: 11/02/2013 12:39:00 - Revision: 3.0

  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Windows NT Server 4.0 Standard Edition
  • kbnosurvey kbarchive kbenv kbhowto KB168579
Feedback