Deploying Registry-Based Policy

Previous page
Table of content
Next page

To use an administrative template, whether you created it or an application such as Office XP provides it, you must load it in the Administrative Templates extension. You load template files into each GPO in which you want to use them. Because we're talking about the local GPO in this chapter, you only have to load template files once. If you use a template with Active Directory, you'd have to load it in each GPO in which you want to use it, though.

Here's how to load a template in the local GPO:

  1. Right-click Administrative Templates, under Computer Configuration or User Configuration, and then click Add/Remove Templates.

  2. In the Add/Remove Templates dialog box, click Add.

  3. In the Policy Templates dialog box, type the path and file name of the administrative template you want to load in to the local GPO.

start sidebar
Windows XP Group Policy Improvements

Windows XP includes improved policy management, enabling IT professionals to fine tune, manage, or simply turn off features they don't want users to access. IT professionals can deploy any of the policy settings in Windows XP from Active Directory, too, without fear of wrecking their Windows 2000 configurations. Here's a brief list of the improvements you find in Windows XP:

  • Windows XP supports all 421 Windows 2000 policies.

  • Windows XP adds 212 new policy settings, and Windows 2000 ignores them.

  • The Group Policy editor uses Web view to display useful information about policies that IT professionals use to assess and verify settings.

  • The Group Policy editor includes integrated help that makes learning and tracking down policies easier.

  • Windows XP doesn't wait for the network to fully initialize before presenting the desktop, using cached credentials in the meantime, and allowing users to get to work faster. It applies policies in the background when the network is ready.

These improvements are big advantages. However, you'll be happy to know that the big picture doesn't change much. You use roughly the same tools in the same ways to configure and manage user settings. If you're already familiar with Windows 2000 Group Policy, you're equally familiar with Windows XP Group Policy.

end sidebar

Windows 2000 Server-Based Networks

The Windows XP policy templates are fully compatible with Windows 2000 Server and its version of Active Directory. Microsoft Windows .NET Server includes the Windows XP administrative templates by default. You have to load them in each GPO in which you want to use them, though, and the steps for doing that are the same as you learned in the previous sections.

You can avoid having to load the Windows XP administrative templates in each GPO by copying them to %SYSTEMROOT%\Inf on the server. Just copy all the files with the .adm extension from %SYSTEMROOT%\Inf on a computer running Windows XP to the same folder on the server. The server operating system automatically updates each GPO when you open it for editing. If you're uncomfortable with replacing your Windows 2000 administrative templates, you should continue loading the Windows XP templates in GPOs where you want to use them. I've replaced my Windows 2000 administrative templates with Windows XP administrative templates, however, and haven't felt any pain.

Consider these best practices when using Windows XP administrative templates in Windows 2000 Server:

  • In a mixed environment, use Windows XP template files to administer your GPOs. Windows 2000 ignores Windows XP-specific settings.

  • Apply the same policy settings to both Windows XP and Windows 2000 to give roaming users a consistent experience.

  • Test interoperability of the various settings before deployment.

  • Configure policy settings only on client machines using GPOs. Do not try to create these registry values by other methods.

Windows NT-Based and Other Networks

Like Group Policy, System Policy configures and manages settings for groups of computers and groups of users. I assume you're familiar with System Policy Editor if you're facing this issue. Table 6-2 describes the differences between the two technologies. The policy file that System Policy Editor creates, Ntconfig.pol normally, contains the registry settings for all the users, groups, and computers that use those settings. To deploy this file on a network, put it in the NETLOGON share of the domain controller. Unlike Group Policy, separate policy files aren't necessary.

Table 6-2: Group Policy Compared to System Policy
 

Group Policy

System Policy

Tool

Group Policy editor

System Policy Editor

Number of settings

620 registry-based settings

72 registry-based settings

Applied to

Users and computers in a specific Active Directory container, such as sites, domains, and organizational units

Users and computers in a domain

Security

Secure

Not secure

Extensions

Microsoft Management Console and administrative templates

Administrative templates

Persistence

Does not make permanent changes to the registry

Makes permanent changes to the registry that you must manually remove

Usage

  • Implementing registry-based policy settings

  • Configuring security settings

  • Applying logon, logoff, startup, and shutdown scripts

  • Deploying and maintaining software

  • Optimizing and maintaining Internet Explorer

Implementing registry-based policy settings

Windows XP behaves differently depending on what kind of server authenticates the user and computer accounts. If a Windows 2000-based server authenticates the account, Windows XP looks for Group Policy, not System Policy. If a Windows NT-based server authenticates the account, Windows XP looks for System Policy. (It uses the file Ntconfig.pol in the NETLOGON share.) You can use this to your advantage when you haven't deployed Active Directory but you still want to configure policies.

To configure System Policies, use System Policy Editor. You load the Windows XP policy templates in System Policy Editor before using them. Using System Policy, you can configure and deliver all the registry-based policies that these templates define. Note that Windows XP doesn't provide System Policy Editor but Windows 2000 Server does. Also, you will find System Policy Editor in the Office XP Resource Kit, which you learn about in Chapter 14, "Deploying Office XP Settings." You create the Ntconfig.pol file and drop it in the NETLOGON share. If Windows XP authenticates the account using that Windows NT-based server, it downloads and parses the policies from the Ntconfig.pol file it finds in the NETLOGON share.

If you're not using Active Directory or a Windows NT domain, you can still configure System Policy. You configure Windows XP to look for the Ntconfig.pol file in any share by specifying a path to the policy file. You must make this change on each individual computer, however, which makes it a labor-intensive process unless you configure it on your disk images. Set the UpdateMode REG_DWORD value to 0x02, which changes Windows XP from automatic (0x01) to manual mode (0x02). (Set this value to 0x00 to turn off system policy.) Then set the REG_SZ value NetworkPath to the UNC path and name of the policy file you want to use. These values are in the key HKLM\SYSTEM\CurrentControlSet\Control\Update. You might have to create them.


Previous page
Table of content
Next page
Microsoft Windows XP Registry Guide
Microsoft Windows XP Registry Guide (Bpg-Other)
ISBN: 0735617880
EAN: 2147483647
Year: 2005
Pages: 185
Authors: Jerry Honeycutt
BUY ON AMAZON
Metrics and Models in Software Quality Engineering (2nd Edition)
Lotus Notes and Domino 6 Development (2nd Edition)
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy