Solved

Win2000 Group Policy and WinNT Workstations

Posted on 2002-05-03
6
424 Views
Last Modified: 2008-02-01
I have a Windows 2000 Domain with approximately 35 Windows NT 4.0 SP6 workstations.  I am trying to apply Windows 2000 Group Policy to the workstations to prevent update of Temporary Internet Files and such from being copied with the roaming profiles, however the policy is not working.

When I check the settings, it shows the Default Domain Policy is in effect, with no override, and with the settings desired.

One other point... the workstations still show a "legal notice" screen from before the domain was updated from a Win NT 4.0 domain to a Windows 2000 Active Directory.  The Win 2000 server is the only server on the domain.

Any advice?  Thanks in advance!
0
Comment
Question by:kwhitelaw
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 4

Expert Comment

by:EricWestbo
ID: 6989469
easy way to do this roaming profile... keep the policy in place for the profile & add a policy for logoff script to delete temporary internet files, etc.  No files, no update.

as for the legal notice... does this happen at logon or prior?  could it be a local startup script?

/ew
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 6990395
I would also look at

By default, the History, Local Settings, Temp, and Temporary Internet Files folders are excluded from a user's  profile. This means that these folders are not stored on the network and do not follow the user from PC to PC.

  You can exclude addition folders by ADDing the Default Domain Policy to the MMC and setting Exclude
  directories in roaming profile, by navigating through User Configuration\Administrative
  Templates\System\Logon/Logoff.

  There is no way to use this policy to include the folders that are excluded by default.

  The results of the GPO are stored in the registry at:

  HKEY_CURRENT_UsER\Software\Policies\Microsoft\Windows\System\ExcludeProfileDirs. The
  ExcludeProfileDirs value name is a REG_SZ data type, that stores the additional excluded folders in
  Folder-name[;Folder-name...] format.

  If you subsequently disable the policy, or set it to Not configured, Group Policy deletes the ExcludeProfileDirs
  value name.

  NOTE: If you add ExcludeProfileDirs, you must also add it at:

  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy
  Objects\LocalUser\Software\Policies\Microsoft\Windows\System

---------------------
excluding folders from roaming profiles.
In Windows 2000, the default value of ExcludeProfileDirs at
  HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon is Local
  Settings;Temporary Internet Files;History;Temp;Local Settings\Application Data\Microsoft\Outlook.

  The Exclude directories in roaming profile Group Policy at User Configuration\Administrative
  Templates\System\Logon/Logoff lets you add to the list of folders which are excluded from your roaming profile.
  The additional folders that you configure are stored in the ExcludeProfileDirs value name, as a string variable
  (REG_SZ), at HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System.

  NOTE: You could reduce the number of Days to keep pages in history on the General tab of Internet Options,
  and check the Empty temporary Internet Files when browser is closed box on the Advanced tab.
3712 » Excluded profile folders are being uploaded to your Windows 2000 profile?

  Even though you have excluded some directories from your profile (tips 3868 and 3543), these excluded folders are
  uploaded to your profile when you log off?

  When Windows 2000 retrieves the ExcludeProfileDirs value, it writes the data to Ntuser.ini. If the data exceeds 260
  characters, a buffer overflow occurs and the entire string is considered to be NULL.

  To resolve the issue, limit the total length of the exclusion list to 260 characters.
-------------------------------
and


From: snirh   Date: 03/28/2001 12:39AM PST Group policy planning with screen shots
                 
      http://www.microsoft.com/WINDOWS2000/library/planning/management/groupsteps.asp

http://www.microsoft.com/WINDOWS2000/library/planning/management/groupsteps.asp
                                   http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolicyintro.asp

 Windows 2000 Group Policy White Paper
                                         http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolwp.asp

Step by Step Guide to Managing the Group Policy Feature Set
                                         http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/dsec/dsec_pol_zbgy.asp

"Troubleshooting Group Policy in Windows 2000"
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/support/tshootgp.asp
------------

I hope this helps !

0
 
LVL 13

Accepted Solution

by:
ocon827679 earned 200 total points
ID: 6996279
I don't think that group policies will apply to Win NT or 9x machines due to registry differences.  My understanding is that you need to use the System Policy Editor to create an NTCONFIG.POL (or use the one from when the NT domain was in place) and put this file in the Netlogon share located at c:\winnt\SYSVOL\sysvol\domainname\scripts, where domainname is the FQDN.  
I'm assuming that your legal notice on the NT machines is different then the one that you have in W2K group policies??  It may have been applied during the WS build directly to the registry and since W2K group policies won't appl to Win NT machines you still see it.  Remember in NT system policies you were limited to the number of characters you could place in the policy for HKLM-Software- Microsoft- WindowsNT-Current Version-Winlogon- LegalNoticeText.  We had that problem and therefore made the notice part of the WS build process.  
0
Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

 
LVL 4

Expert Comment

by:MFK
ID: 7003046
ocon827679 is right 2000 policies do not apply to NT....Do as he says
0
 

Expert Comment

by:mariusk
ID: 7008031
Group policies works only on win2k/xp machines.
WinNT has other type of policy that you can edit using "poledit" and templates that comes with the OS.
It's not sophisticated as gpo's, but that's what you can do on an NT.
0
 

Author Comment

by:kwhitelaw
ID: 7009676
Thanks for the answer.  Nice work.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question