How to apply a centralised security policy in a unix-windows envronment?

hello Sir,

i would be grateful if you could advise me on the strategy to implement the following:

Current Site Definition(Scenario):
-----------------------
Compaq server with Unix installed. There are 28 PCs with Win 95 and 6 PCs with Win 98 on a LAN. Furthemore, there are 12 PCs with Win 95 and 9 PCs with Win 98 on a WAN which connects to the main server via a router (The company considers the router as their Remote Access Server).

i want to implement a solution, preferably a centralised security policy, which will allow the administrator to prevent users from manipulating the config. of the workstations on the WAN and LAN.

Awaiting a positive reply from you.
Thanks & Regards
VASHINEE19
software engineer
VASHINEE19Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

KingHollisCommented:
With the absence of a domain controller you will have to implement system policies locally.

System policies are normally located at domain controllers however local system policies can be implemented as follows. First you will need the Windows 9x poledit.exe tool which is located in the

+ Admin\Apptools\Poledit folder on the Windows 95 CD
+ Tools\Reskit\Netadmin\Poledit folder on the Windows 98 CD

You should use the Add/Remove Programs tool in Control Panel to install System Policy Editor.

Once you have the utility you should proceed as follows:

1. Click the Start button, and then click Run.
2. In the Open box, type "poledit" (without quotation marks), and then click OK.
3. In System Policy Editor, click Open Registry on the File menu.
4. Double-click the Local Computer icon, then the Network icon, and then double-click the Update icon.
5. Click the Remote Update check box, and then click Manual in the Update Mode box. In the Path box, type the path and file name for your system policy file. You can place this file in any folder on the hard disk. Click OK. This file MUST have a .pol extension or you will receive a failuer in step 8.
6. On the File menu, click Save. On the File menu, click New File.
7. Select the system policy settings you want to use.
8. On the File menu, click Save As. Save the file with the name and path you used in step 5.
9. Quit System Policy Editor, and then restart Windows.

It would be pertinent to remove Poledit after you've set the policy to avoid users changing it. You can even run poledit directly from the CD normally.

This might be a bit of a bear for 45+ machines, but I believe you can create one policy per OS and then import the .pol configurations.

Best of luck.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
VASHINEE19Author Commented:
hello Sir
i agree with the system policy editor. i even tried it. and i know that it should work. but  i use to gett the following error "An error occurred writing the registry. The file cannot be saved."

why such error?

---------------------------------
the second thing is that, if tomorrow i want to enlarge my system, then applying system policy editor on each client would be a time consuming. that's why a centralised policy would have been a better option.

what do you suggest?

thanking you
kind regards
VASHINEE19
0
KingHollisCommented:
I think this link is very informative in addressing the centralization you are looking for as well as some other information. You don't appear to have a domain, so automatic downloads of the config.pol to the clients is out. But you can have something similar with maual download using Remote Update and centrally locating one config.pol file on a network share. Then whenever changes are necessary, you should only have to run Policy Editor on one sample machine and post its config.pol in the network share.

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/win98/reskit/part2/wrkc08.asp

Best of luck!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.