Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

System Policies vs. Group Policies

Posted on 2004-03-31
3
Medium Priority
?
442 Views
Last Modified: 2010-05-18
Network : W2k professional workstations + 11 W2k server domain controllers. Last fall the servers were upgraded from NT4.
I inherited this setup and my experience is largely W2k.
If I type start/run/poledit the system ploicy editor opens up.
If I click File/Open Policy and browse to a domain controller netlogon share, there is an ntconfig.pol file which I can of course click on and see a few users and their system policies properties.

I can see all users and computers in the network in Active directory Users and Computers.

It is my understanding that in this environment, policies from the system policy editor are ignored right?? Group Policy is the way to restrict/ manage things right??
However..
It seems like some of the settings in system policy editor are being applied to the users in the ntconfig.pol file. How can this be???
0
Comment
Question by:Brian_Blair
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 11

Expert Comment

by:infotrader
ID: 10725566
Generally, for each policy there are typically 3 settings...  Enable, Disable, or Ignore.

The Policy Hierarchy goes something like Domain Policy --> OU Group Policy --> Local Policy.

What this means is that if you SPECIFICALLY set a certain policy as "Enabled" or "Disabled", then the policy will pass on to the next one in the hierarchy.  However, if you choose not to do anything with the policy, then effectively speaking, you are letting the next group decide.

For example, if you set a policy to "Disable non-Administrative shutdown of system" on the Domain level, then nobody should be able to shutdown the computer unless they are Administrators.  However, if you set it to "Disable", then EVERYBODY will be able to shut it down.

The part you are having trouble with, I believe, is when nothing is set on the Domain policy, then that the local policy will take over.  This is by design.

- Info
0
 

Author Comment

by:Brian_Blair
ID: 10725914
Thank you for your comments.
So if nothing is specifically set on the domain policy, then policies defined in the old system policy editor will be applied?

I always thought it was the local security policy  defined in administrative tools on the local machine that gets applied when nothing is defined in the domain policy.
0
 
LVL 11

Accepted Solution

by:
infotrader earned 1500 total points
ID: 10728853
What you said is true.  I believe when you performed the upgrades to the system, the local policy was also inherited as well.  You might want to double-check your local policy to make sure whatever it is that is causing you greive is turned off.

- info
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question