Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Win2000 Group Policy and WinNT Workstations

Posted on 2002-05-03
6
Medium Priority
?
437 Views
Last Modified: 2008-02-01
I have a Windows 2000 Domain with approximately 35 Windows NT 4.0 SP6 workstations.  I am trying to apply Windows 2000 Group Policy to the workstations to prevent update of Temporary Internet Files and such from being copied with the roaming profiles, however the policy is not working.

When I check the settings, it shows the Default Domain Policy is in effect, with no override, and with the settings desired.

One other point... the workstations still show a "legal notice" screen from before the domain was updated from a Win NT 4.0 domain to a Windows 2000 Active Directory.  The Win 2000 server is the only server on the domain.

Any advice?  Thanks in advance!
0
Comment
Question by:kwhitelaw
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 4

Expert Comment

by:EricWestbo
ID: 6989469
easy way to do this roaming profile... keep the policy in place for the profile & add a policy for logoff script to delete temporary internet files, etc.  No files, no update.

as for the legal notice... does this happen at logon or prior?  could it be a local startup script?

/ew
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 6990395
I would also look at

By default, the History, Local Settings, Temp, and Temporary Internet Files folders are excluded from a user's  profile. This means that these folders are not stored on the network and do not follow the user from PC to PC.

  You can exclude addition folders by ADDing the Default Domain Policy to the MMC and setting Exclude
  directories in roaming profile, by navigating through User Configuration\Administrative
  Templates\System\Logon/Logoff.

  There is no way to use this policy to include the folders that are excluded by default.

  The results of the GPO are stored in the registry at:

  HKEY_CURRENT_UsER\Software\Policies\Microsoft\Windows\System\ExcludeProfileDirs. The
  ExcludeProfileDirs value name is a REG_SZ data type, that stores the additional excluded folders in
  Folder-name[;Folder-name...] format.

  If you subsequently disable the policy, or set it to Not configured, Group Policy deletes the ExcludeProfileDirs
  value name.

  NOTE: If you add ExcludeProfileDirs, you must also add it at:

  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy
  Objects\LocalUser\Software\Policies\Microsoft\Windows\System

---------------------
excluding folders from roaming profiles.
In Windows 2000, the default value of ExcludeProfileDirs at
  HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon is Local
  Settings;Temporary Internet Files;History;Temp;Local Settings\Application Data\Microsoft\Outlook.

  The Exclude directories in roaming profile Group Policy at User Configuration\Administrative
  Templates\System\Logon/Logoff lets you add to the list of folders which are excluded from your roaming profile.
  The additional folders that you configure are stored in the ExcludeProfileDirs value name, as a string variable
  (REG_SZ), at HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System.

  NOTE: You could reduce the number of Days to keep pages in history on the General tab of Internet Options,
  and check the Empty temporary Internet Files when browser is closed box on the Advanced tab.
3712 » Excluded profile folders are being uploaded to your Windows 2000 profile?

  Even though you have excluded some directories from your profile (tips 3868 and 3543), these excluded folders are
  uploaded to your profile when you log off?

  When Windows 2000 retrieves the ExcludeProfileDirs value, it writes the data to Ntuser.ini. If the data exceeds 260
  characters, a buffer overflow occurs and the entire string is considered to be NULL.

  To resolve the issue, limit the total length of the exclusion list to 260 characters.
-------------------------------
and


From: snirh   Date: 03/28/2001 12:39AM PST Group policy planning with screen shots
                 
      http://www.microsoft.com/WINDOWS2000/library/planning/management/groupsteps.asp

http://www.microsoft.com/WINDOWS2000/library/planning/management/groupsteps.asp
                                   http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolicyintro.asp

 Windows 2000 Group Policy White Paper
                                         http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolwp.asp

Step by Step Guide to Managing the Group Policy Feature Set
                                         http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/dsec/dsec_pol_zbgy.asp

"Troubleshooting Group Policy in Windows 2000"
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/support/tshootgp.asp
------------

I hope this helps !

0
 
LVL 13

Accepted Solution

by:
ocon827679 earned 800 total points
ID: 6996279
I don't think that group policies will apply to Win NT or 9x machines due to registry differences.  My understanding is that you need to use the System Policy Editor to create an NTCONFIG.POL (or use the one from when the NT domain was in place) and put this file in the Netlogon share located at c:\winnt\SYSVOL\sysvol\domainname\scripts, where domainname is the FQDN.  
I'm assuming that your legal notice on the NT machines is different then the one that you have in W2K group policies??  It may have been applied during the WS build directly to the registry and since W2K group policies won't appl to Win NT machines you still see it.  Remember in NT system policies you were limited to the number of characters you could place in the policy for HKLM-Software- Microsoft- WindowsNT-Current Version-Winlogon- LegalNoticeText.  We had that problem and therefore made the notice part of the WS build process.  
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 4

Expert Comment

by:MFK
ID: 7003046
ocon827679 is right 2000 policies do not apply to NT....Do as he says
0
 

Expert Comment

by:mariusk
ID: 7008031
Group policies works only on win2k/xp machines.
WinNT has other type of policy that you can edit using "poledit" and templates that comes with the OS.
It's not sophisticated as gpo's, but that's what you can do on an NT.
0
 

Author Comment

by:kwhitelaw
ID: 7009676
Thanks for the answer.  Nice work.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question