Solved

Win2000 Group Policy and WinNT Workstations

Posted on 2002-05-03
6
427 Views
Last Modified: 2008-02-01
I have a Windows 2000 Domain with approximately 35 Windows NT 4.0 SP6 workstations.  I am trying to apply Windows 2000 Group Policy to the workstations to prevent update of Temporary Internet Files and such from being copied with the roaming profiles, however the policy is not working.

When I check the settings, it shows the Default Domain Policy is in effect, with no override, and with the settings desired.

One other point... the workstations still show a "legal notice" screen from before the domain was updated from a Win NT 4.0 domain to a Windows 2000 Active Directory.  The Win 2000 server is the only server on the domain.

Any advice?  Thanks in advance!
0
Comment
Question by:kwhitelaw
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 4

Expert Comment

by:EricWestbo
ID: 6989469
easy way to do this roaming profile... keep the policy in place for the profile & add a policy for logoff script to delete temporary internet files, etc.  No files, no update.

as for the legal notice... does this happen at logon or prior?  could it be a local startup script?

/ew
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 6990395
I would also look at

By default, the History, Local Settings, Temp, and Temporary Internet Files folders are excluded from a user's  profile. This means that these folders are not stored on the network and do not follow the user from PC to PC.

  You can exclude addition folders by ADDing the Default Domain Policy to the MMC and setting Exclude
  directories in roaming profile, by navigating through User Configuration\Administrative
  Templates\System\Logon/Logoff.

  There is no way to use this policy to include the folders that are excluded by default.

  The results of the GPO are stored in the registry at:

  HKEY_CURRENT_UsER\Software\Policies\Microsoft\Windows\System\ExcludeProfileDirs. The
  ExcludeProfileDirs value name is a REG_SZ data type, that stores the additional excluded folders in
  Folder-name[;Folder-name...] format.

  If you subsequently disable the policy, or set it to Not configured, Group Policy deletes the ExcludeProfileDirs
  value name.

  NOTE: If you add ExcludeProfileDirs, you must also add it at:

  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy
  Objects\LocalUser\Software\Policies\Microsoft\Windows\System

---------------------
excluding folders from roaming profiles.
In Windows 2000, the default value of ExcludeProfileDirs at
  HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon is Local
  Settings;Temporary Internet Files;History;Temp;Local Settings\Application Data\Microsoft\Outlook.

  The Exclude directories in roaming profile Group Policy at User Configuration\Administrative
  Templates\System\Logon/Logoff lets you add to the list of folders which are excluded from your roaming profile.
  The additional folders that you configure are stored in the ExcludeProfileDirs value name, as a string variable
  (REG_SZ), at HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System.

  NOTE: You could reduce the number of Days to keep pages in history on the General tab of Internet Options,
  and check the Empty temporary Internet Files when browser is closed box on the Advanced tab.
3712 » Excluded profile folders are being uploaded to your Windows 2000 profile?

  Even though you have excluded some directories from your profile (tips 3868 and 3543), these excluded folders are
  uploaded to your profile when you log off?

  When Windows 2000 retrieves the ExcludeProfileDirs value, it writes the data to Ntuser.ini. If the data exceeds 260
  characters, a buffer overflow occurs and the entire string is considered to be NULL.

  To resolve the issue, limit the total length of the exclusion list to 260 characters.
-------------------------------
and


From: snirh   Date: 03/28/2001 12:39AM PST Group policy planning with screen shots
                 
      http://www.microsoft.com/WINDOWS2000/library/planning/management/groupsteps.asp

http://www.microsoft.com/WINDOWS2000/library/planning/management/groupsteps.asp
                                   http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolicyintro.asp

 Windows 2000 Group Policy White Paper
                                         http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolwp.asp

Step by Step Guide to Managing the Group Policy Feature Set
                                         http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/dsec/dsec_pol_zbgy.asp

"Troubleshooting Group Policy in Windows 2000"
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/support/tshootgp.asp
------------

I hope this helps !

0
 
LVL 13

Accepted Solution

by:
ocon827679 earned 200 total points
ID: 6996279
I don't think that group policies will apply to Win NT or 9x machines due to registry differences.  My understanding is that you need to use the System Policy Editor to create an NTCONFIG.POL (or use the one from when the NT domain was in place) and put this file in the Netlogon share located at c:\winnt\SYSVOL\sysvol\domainname\scripts, where domainname is the FQDN.  
I'm assuming that your legal notice on the NT machines is different then the one that you have in W2K group policies??  It may have been applied during the WS build directly to the registry and since W2K group policies won't appl to Win NT machines you still see it.  Remember in NT system policies you were limited to the number of characters you could place in the policy for HKLM-Software- Microsoft- WindowsNT-Current Version-Winlogon- LegalNoticeText.  We had that problem and therefore made the notice part of the WS build process.  
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 4

Expert Comment

by:MFK
ID: 7003046
ocon827679 is right 2000 policies do not apply to NT....Do as he says
0
 

Expert Comment

by:mariusk
ID: 7008031
Group policies works only on win2k/xp machines.
WinNT has other type of policy that you can edit using "poledit" and templates that comes with the OS.
It's not sophisticated as gpo's, but that's what you can do on an NT.
0
 

Author Comment

by:kwhitelaw
ID: 7009676
Thanks for the answer.  Nice work.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month7 days, left to enroll

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question