Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Win2000 Group Policy and WinNT Workstations

Posted on 2002-05-03
6
Medium Priority
?
444 Views
Last Modified: 2008-02-01
I have a Windows 2000 Domain with approximately 35 Windows NT 4.0 SP6 workstations.  I am trying to apply Windows 2000 Group Policy to the workstations to prevent update of Temporary Internet Files and such from being copied with the roaming profiles, however the policy is not working.

When I check the settings, it shows the Default Domain Policy is in effect, with no override, and with the settings desired.

One other point... the workstations still show a "legal notice" screen from before the domain was updated from a Win NT 4.0 domain to a Windows 2000 Active Directory.  The Win 2000 server is the only server on the domain.

Any advice?  Thanks in advance!
0
Comment
Question by:kwhitelaw
6 Comments
 
LVL 4

Expert Comment

by:EricWestbo
ID: 6989469
easy way to do this roaming profile... keep the policy in place for the profile & add a policy for logoff script to delete temporary internet files, etc.  No files, no update.

as for the legal notice... does this happen at logon or prior?  could it be a local startup script?

/ew
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 6990395
I would also look at

By default, the History, Local Settings, Temp, and Temporary Internet Files folders are excluded from a user's  profile. This means that these folders are not stored on the network and do not follow the user from PC to PC.

  You can exclude addition folders by ADDing the Default Domain Policy to the MMC and setting Exclude
  directories in roaming profile, by navigating through User Configuration\Administrative
  Templates\System\Logon/Logoff.

  There is no way to use this policy to include the folders that are excluded by default.

  The results of the GPO are stored in the registry at:

  HKEY_CURRENT_UsER\Software\Policies\Microsoft\Windows\System\ExcludeProfileDirs. The
  ExcludeProfileDirs value name is a REG_SZ data type, that stores the additional excluded folders in
  Folder-name[;Folder-name...] format.

  If you subsequently disable the policy, or set it to Not configured, Group Policy deletes the ExcludeProfileDirs
  value name.

  NOTE: If you add ExcludeProfileDirs, you must also add it at:

  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy
  Objects\LocalUser\Software\Policies\Microsoft\Windows\System

---------------------
excluding folders from roaming profiles.
In Windows 2000, the default value of ExcludeProfileDirs at
  HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon is Local
  Settings;Temporary Internet Files;History;Temp;Local Settings\Application Data\Microsoft\Outlook.

  The Exclude directories in roaming profile Group Policy at User Configuration\Administrative
  Templates\System\Logon/Logoff lets you add to the list of folders which are excluded from your roaming profile.
  The additional folders that you configure are stored in the ExcludeProfileDirs value name, as a string variable
  (REG_SZ), at HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System.

  NOTE: You could reduce the number of Days to keep pages in history on the General tab of Internet Options,
  and check the Empty temporary Internet Files when browser is closed box on the Advanced tab.
3712 » Excluded profile folders are being uploaded to your Windows 2000 profile?

  Even though you have excluded some directories from your profile (tips 3868 and 3543), these excluded folders are
  uploaded to your profile when you log off?

  When Windows 2000 retrieves the ExcludeProfileDirs value, it writes the data to Ntuser.ini. If the data exceeds 260
  characters, a buffer overflow occurs and the entire string is considered to be NULL.

  To resolve the issue, limit the total length of the exclusion list to 260 characters.
-------------------------------
and


From: snirh   Date: 03/28/2001 12:39AM PST Group policy planning with screen shots
                 
      http://www.microsoft.com/WINDOWS2000/library/planning/management/groupsteps.asp

http://www.microsoft.com/WINDOWS2000/library/planning/management/groupsteps.asp
                                   http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolicyintro.asp

 Windows 2000 Group Policy White Paper
                                         http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolwp.asp

Step by Step Guide to Managing the Group Policy Feature Set
                                         http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/dsec/dsec_pol_zbgy.asp

"Troubleshooting Group Policy in Windows 2000"
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/support/tshootgp.asp
------------

I hope this helps !

0
 
LVL 13

Accepted Solution

by:
ocon827679 earned 800 total points
ID: 6996279
I don't think that group policies will apply to Win NT or 9x machines due to registry differences.  My understanding is that you need to use the System Policy Editor to create an NTCONFIG.POL (or use the one from when the NT domain was in place) and put this file in the Netlogon share located at c:\winnt\SYSVOL\sysvol\domainname\scripts, where domainname is the FQDN.  
I'm assuming that your legal notice on the NT machines is different then the one that you have in W2K group policies??  It may have been applied during the WS build directly to the registry and since W2K group policies won't appl to Win NT machines you still see it.  Remember in NT system policies you were limited to the number of characters you could place in the policy for HKLM-Software- Microsoft- WindowsNT-Current Version-Winlogon- LegalNoticeText.  We had that problem and therefore made the notice part of the WS build process.  
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
LVL 4

Expert Comment

by:MFK
ID: 7003046
ocon827679 is right 2000 policies do not apply to NT....Do as he says
0
 

Expert Comment

by:Marius Kaizerman
ID: 7008031
Group policies works only on win2k/xp machines.
WinNT has other type of policy that you can edit using "poledit" and templates that comes with the OS.
It's not sophisticated as gpo's, but that's what you can do on an NT.
0
 

Author Comment

by:kwhitelaw
ID: 7009676
Thanks for the answer.  Nice work.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question