Solved

How to apply a centralised security policy in a unix-windows envronment?

Posted on 2003-12-03
3
265 Views
Last Modified: 2013-12-04
hello Sir,

i would be grateful if you could advise me on the strategy to implement the following:

Current Site Definition(Scenario):
-----------------------
Compaq server with Unix installed. There are 28 PCs with Win 95 and 6 PCs with Win 98 on a LAN. Furthemore, there are 12 PCs with Win 95 and 9 PCs with Win 98 on a WAN which connects to the main server via a router (The company considers the router as their Remote Access Server).

i want to implement a solution, preferably a centralised security policy, which will allow the administrator to prevent users from manipulating the config. of the workstations on the WAN and LAN.

Awaiting a positive reply from you.
Thanks & Regards
VASHINEE19
software engineer
0
Comment
Question by:VASHINEE19
  • 2
3 Comments
 
LVL 10

Accepted Solution

by:
KingHollis earned 125 total points
ID: 9892550
With the absence of a domain controller you will have to implement system policies locally.

System policies are normally located at domain controllers however local system policies can be implemented as follows. First you will need the Windows 9x poledit.exe tool which is located in the

+ Admin\Apptools\Poledit folder on the Windows 95 CD
+ Tools\Reskit\Netadmin\Poledit folder on the Windows 98 CD

You should use the Add/Remove Programs tool in Control Panel to install System Policy Editor.

Once you have the utility you should proceed as follows:

1. Click the Start button, and then click Run.
2. In the Open box, type "poledit" (without quotation marks), and then click OK.
3. In System Policy Editor, click Open Registry on the File menu.
4. Double-click the Local Computer icon, then the Network icon, and then double-click the Update icon.
5. Click the Remote Update check box, and then click Manual in the Update Mode box. In the Path box, type the path and file name for your system policy file. You can place this file in any folder on the hard disk. Click OK. This file MUST have a .pol extension or you will receive a failuer in step 8.
6. On the File menu, click Save. On the File menu, click New File.
7. Select the system policy settings you want to use.
8. On the File menu, click Save As. Save the file with the name and path you used in step 5.
9. Quit System Policy Editor, and then restart Windows.

It would be pertinent to remove Poledit after you've set the policy to avoid users changing it. You can even run poledit directly from the CD normally.

This might be a bit of a bear for 45+ machines, but I believe you can create one policy per OS and then import the .pol configurations.

Best of luck.
0
 

Author Comment

by:VASHINEE19
ID: 9894617
hello Sir
i agree with the system policy editor. i even tried it. and i know that it should work. but  i use to gett the following error "An error occurred writing the registry. The file cannot be saved."

why such error?

---------------------------------
the second thing is that, if tomorrow i want to enlarge my system, then applying system policy editor on each client would be a time consuming. that's why a centralised policy would have been a better option.

what do you suggest?

thanking you
kind regards
VASHINEE19
0
 
LVL 10

Expert Comment

by:KingHollis
ID: 9895035
I think this link is very informative in addressing the centralization you are looking for as well as some other information. You don't appear to have a domain, so automatic downloads of the config.pol to the clients is out. But you can have something similar with maual download using Remote Update and centrally locating one config.pol file on a network share. Then whenever changes are necessary, you should only have to run Policy Editor on one sample machine and post its config.pol in the network share.

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/win98/reskit/part2/wrkc08.asp

Best of luck!
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question