NT 4.0 Policies - GPO in Active Directory

Posted on 2003-03-25
Medium Priority
Last Modified: 2010-04-13
Does anyone have a document that "maps" NT 4.0 policies to the corresponding settings in Active Directory group policies?
Question by:XPCXEmp
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 51

Expert Comment

ID: 8203642
Most of what is in the NT .adm file is located in the Computer Configuration>Administative Template>System folder.  There are other things spread around a bit, but you'll find most of them in the Administrative Templates section.

As far as I can remember, the settings are labelled almost the same.

Here is a small primer on the Windows 2000 side:


Expert Comment

ID: 8203650
Windows 2000 Group Policy

Here is a spreadsheet with a listing of all the policies and how they relate to windows 2k and XP workstations


Expert Comment

ID: 8203932
Are you looking for anything in paticular?  I have all the Win2k and OfficeXP adms documented.  NT 4 workstations would still have to use a .pol file on a server share.  XP adm files are backward compatible with Win2k and offer more functionality.
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.


Author Comment

ID: 8204109
Basically what I'm trying to do is compare my existing NT 4.0 policies with W2K GPO settings so I can make the policies similar for our migration. I will be modifying other parts of the new GPO, but I have to at least have the same settings that existed in the NT policies to minimize disruption.
Just something that says that the NT 4.0 setting of Default Computer - System- Restrictions - Disable registry editing tools corresponds to W@K GPO setting of User Configuration - Administrative Templates - System - Disable registry editing tools.
Make sense?

Accepted Solution

MSGeek earned 150 total points
ID: 8204346
Makes sense.  I believe you'll find the migration will be helpful in to ways.  Users are moving to a new platform, if you happen to lock them down more than they need to be it is easier to give them access back than it is to take it away.  The other benefit you will see is that the policies for Win2k/XP are much more robust.  Let me suggest you use the template files from an XP workstation in your implementation.  They are fully backward comaptible with Win2k and offer more funtionallity.  The template files (*.adm) will have to be copied to the server from an XP workstations %systemroot%\inf folder.  They are:

08/23/2001  07:00 AM            39,356 conf.adm
08/23/2001  07:00 AM             6,823 inetcorp.adm
06/06/2002  08:36 PM           247,026 inetres.adm
08/23/2001  07:00 AM            18,516 inetset.adm
08/21/2002  11:39 PM         1,376,194 system.adm
08/23/2001  07:00 AM            34,408 wmplayer.adm
04/15/2002  11:12 PM            19,070 wuau.adm

BTW, the wuau.adm is for SUS.  I understand what you are looking for, some sort of comparison tool for NT 4 Main.pol to your Group Policies and template configuration.  I am not aware of any such tool.  I would however recomend you take two steps.  Load all the templates, including Office and associate to an OU.  There are very few templates you woul want to implement at the domain wide level (these would affect administrators as well).  Then go through the settings and configure what you feel may apply.  While you are doing this configure another OU Group Policy Object that is the exact converse of any policies you invoke to the first (locked down) OU.  This will make sure that technicians and admins are not affected by settings that do not clear out.

If the locked down setting for a normal user is "enabled' you do not want to leave and administrator set to "not defined", you want to set it to the converse or disabled.

What you will find is the logic of the poliices does not always follow the same rules, sometimes it will be the inverse, to enable some settings you actually disable.

What I am really getting at is this is a whole new ball of wax compared to NT 4 polices.  Doing a comparison would not only be time consuming, but it would also relinquish the opportunity you have to beef up security. You really need to go through these policies and test them and see for yourself what they are capable of.   Again it is much easier to back off thene to implement it latter.  Good luck.  MSGeek.

Expert Comment

ID: 8211979

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question