Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Windows 2000 ADS with NT4.0 standalone server with citrix metaframe 1.80 and remote policy issues

Posted on 2004-04-13
6
Medium Priority
?
385 Views
Last Modified: 2013-12-04
3 servers, 1 windows 2000 ADS , 1 Windows 2000 standalone, 1 NT4.0 standalone terminal server enabled and citrix metaframe 1.80 installed; users are logging in by the citrix client.

I have been asked to lock down the nt 4.0 box for the remote users, so basically they will have only 1 published application and access to the printers. I have read other news groups but have not come across a mix 2000/nt 4.0 enviroment for remote user policies.

Any suggestions?
0
Comment
Question by:HynesCo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 12

Expert Comment

by:trywaredk
ID: 10820912
Guide To Windows NT 4.0 Profiles and Policies (Part 4 of 6)
http://support.microsoft.com/default.aspx?scid=kb;EN-US;185589

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
LVL 1

Author Comment

by:HynesCo
ID: 10823372
Been there, done that, looking for some real world info dealing with Citrix and NT 4.0 policies and issues in a 2000 Active Directory domain.  I apologize if I didn't make that clearer earlier.
0
 
LVL 85

Expert Comment

by:oBdA
ID: 10826449
Are those machine stand-alone or member server? An NT4 machine that's part of a W2k domain will still look for the usual NTConfig.pol in %Logonserver%\netlogon, so you can still use poledit, load the templates you need and create the necessary policies.
Where or what are your concerns?
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 1

Author Comment

by:HynesCo
ID: 10826856
I am getting

The operating system was unable to create profile directory \\servername\path\ntconfig.pds
you will be loged on with the local profile only.

2000 Active directory with  nt 4.0 member servers

My concerns are
I dont want to jack with the ntconfig.pol on the 2000ADS server I only have about 15 remote citrix users
who also logon locally from time to time, the 200+ other accounts are local

so remote users are logging in by a public address that gets forwarded to the nt4.0 server IP not the 2000ADS IP

so on the nt box I used poledit and changed the local computer\system policy update to remote,  created a test.pol and manually tied it to my test user via the terminal server profile path on the local user account.

Am I just way off base here, I am definitly not an expert on policys.







0
 
LVL 85

Accepted Solution

by:
oBdA earned 2000 total points
ID: 10827742
You're on the wrong track. System Policies have nothing to do with a (terminal) user's profile path. They're just a bunch of registry manipulations that gets applied when a user logs on.
And there's no need to worry about your W2k DC, the NT4 policies won't apply to it.
If this is just a single Terminal Server, you can even keep the policy file local.
So create a global group and put your TS users in there. Then create an NTConfig.pol file which applies the settings you need to the group you created. Do *not* use the Default User (and try to stay away from the Default Computer as well) for that, or the policies will affect anyone logging on to the machine, including the Administrator. Save the file someplace on your TS, then use the article below to point your TS to it.
You might want to try this on some test machine first, before you create a policy for your production server! For testing the implications and the basic function of this, an NT4 workstation will work. System Policies are very nice if you know how to handle them; but if you're not careful, you can mess up a user's profile badly. That's why you should try to stay away from the computer settings, unless you're sure you know what you're doing. You can delete a user profile, but fixing computer settings can turn out to be messy ...
Note especially that if you enabled a policy at some point, it was applied to some users, and you set it back to "grey", the policy will *not*, I repeat *not* go away (like a W2k Group Policy). The registry setting defined by the policy will simply remain unchanged.

How to Set Up Locally-Based System Policies
http://support.microsoft.com/?kbid=168579

Here's the "real" guide with pictures and everything :)
Guide to MS Windows NT 4.0 Profiles and Policies
http://www.microsoft.com/technet/prodtechnol/winntas/maintain/prof_pol.mspx
0
 
LVL 1

Author Comment

by:HynesCo
ID: 10829113
oBdA,

You da man!
oh yea, the pics did help :)  
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question