Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


NT 4.0 Policies - GPO in Active Directory

Posted on 2003-03-25
Medium Priority
Last Modified: 2010-04-13
Does anyone have a document that "maps" NT 4.0 policies to the corresponding settings in Active Directory group policies?
Question by:XPCXEmp
LVL 51

Expert Comment

ID: 8203642
Most of what is in the NT .adm file is located in the Computer Configuration>Administative Template>System folder.  There are other things spread around a bit, but you'll find most of them in the Administrative Templates section.

As far as I can remember, the settings are labelled almost the same.

Here is a small primer on the Windows 2000 side:


Expert Comment

ID: 8203650
Windows 2000 Group Policy

Here is a spreadsheet with a listing of all the policies and how they relate to windows 2k and XP workstations


Expert Comment

ID: 8203932
Are you looking for anything in paticular?  I have all the Win2k and OfficeXP adms documented.  NT 4 workstations would still have to use a .pol file on a server share.  XP adm files are backward compatible with Win2k and offer more functionality.
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.


Author Comment

ID: 8204109
Basically what I'm trying to do is compare my existing NT 4.0 policies with W2K GPO settings so I can make the policies similar for our migration. I will be modifying other parts of the new GPO, but I have to at least have the same settings that existed in the NT policies to minimize disruption.
Just something that says that the NT 4.0 setting of Default Computer - System- Restrictions - Disable registry editing tools corresponds to W@K GPO setting of User Configuration - Administrative Templates - System - Disable registry editing tools.
Make sense?

Accepted Solution

MSGeek earned 150 total points
ID: 8204346
Makes sense.  I believe you'll find the migration will be helpful in to ways.  Users are moving to a new platform, if you happen to lock them down more than they need to be it is easier to give them access back than it is to take it away.  The other benefit you will see is that the policies for Win2k/XP are much more robust.  Let me suggest you use the template files from an XP workstation in your implementation.  They are fully backward comaptible with Win2k and offer more funtionallity.  The template files (*.adm) will have to be copied to the server from an XP workstations %systemroot%\inf folder.  They are:

08/23/2001  07:00 AM            39,356 conf.adm
08/23/2001  07:00 AM             6,823 inetcorp.adm
06/06/2002  08:36 PM           247,026 inetres.adm
08/23/2001  07:00 AM            18,516 inetset.adm
08/21/2002  11:39 PM         1,376,194 system.adm
08/23/2001  07:00 AM            34,408 wmplayer.adm
04/15/2002  11:12 PM            19,070 wuau.adm

BTW, the wuau.adm is for SUS.  I understand what you are looking for, some sort of comparison tool for NT 4 Main.pol to your Group Policies and template configuration.  I am not aware of any such tool.  I would however recomend you take two steps.  Load all the templates, including Office and associate to an OU.  There are very few templates you woul want to implement at the domain wide level (these would affect administrators as well).  Then go through the settings and configure what you feel may apply.  While you are doing this configure another OU Group Policy Object that is the exact converse of any policies you invoke to the first (locked down) OU.  This will make sure that technicians and admins are not affected by settings that do not clear out.

If the locked down setting for a normal user is "enabled' you do not want to leave and administrator set to "not defined", you want to set it to the converse or disabled.

What you will find is the logic of the poliices does not always follow the same rules, sometimes it will be the inverse, to enable some settings you actually disable.

What I am really getting at is this is a whole new ball of wax compared to NT 4 polices.  Doing a comparison would not only be time consuming, but it would also relinquish the opportunity you have to beef up security. You really need to go through these policies and test them and see for yourself what they are capable of.   Again it is much easier to back off thene to implement it latter.  Good luck.  MSGeek.

Expert Comment

ID: 8211979

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question