Solved

Group policies on NT2000 server - configured as workgroup not domain

Posted on 2004-08-11
8
250 Views
Last Modified: 2010-04-14
I have a windows NT2000 server with 9 thinclient users logging in to terminal services.  (also several mixed desktop pc's using the server for file sharing).  I do not have domain configured - just workgroup. I need to drastically restrict the access of 6 users who log on to thin clients).  I have been able to manipulate the policy but it applies to all users logging on to thin clients or console. As I do not have active directory I cannot use OU's.  I have tried altering the sharing on the folder winnt\system32\group policy and sub folders to prevent those users from accessing the policy files but this seems to have no effect. (c drive is formated fat32).

Can I use group policy in this setup ?
Can I move group policy folder to D: (NTFS ) and try ntfs permissions. ?
Can I convert C drive to NTFS ?
Can I convert to domain easily ?

many thanks

Glen
0
Comment
Question by:merlok
8 Comments
 
LVL 40

Accepted Solution

by:
Fatal_Exception earned 150 total points
ID: 11772481
I have never used a TS outside of a Domain, so my comments may not have much weight here, but this is an articled discussing the use of GPO's on a TS using a Domain Controller..

http://support.microsoft.com/default.aspx?scid=kb;en-us;260370&sd=tech

Regarding your first two questions (assuming you are speaking of Local Group Policies), I really have no answer since I would have to test these out on a server in a workgroup, and just do not have time to set it up right now.  

Definitely think about going to a Domain setup though, and definitely use NTFS for your file system.  I see no reason at all in your case to use FAT32.  Conversion is easy, using the Convert command (convert c: /fs:ntfs)

Creating your domain easily will depend on your setup and users, but I would hazard to guess that it would be easy to do.  And very beneficial to you in the end, being that you will now have a place for central management of your users.

If you need articles on the transformation, we can certainly point you in the right direction.

FE
0
 
LVL 14

Assisted Solution

by:dlwyatt82
dlwyatt82 earned 100 total points
ID: 11772782
In a standalone server configuration like yours, you only have one Group Policy Object to work with (the local policy), which make it difficult to apply a different set of policies to various users or groups. If you absolutely cannot pursue the option of setting up a domain, then I would recommend configuring user-specific registry-based policies for the users you wish to lock down. This can be accomplished via login scripts, or manually using regedt32.

It will take some research to find out exactly which registry keys / values you need to create to accomplish your desired results, but the keys will resided in either the "Software\Policies" or "Software\Microsoft\Windows\CurrentVersion\Policies" keys of each user's registry hive.
0
 
LVL 15

Assisted Solution

by:Cyber-Dude
Cyber-Dude earned 100 total points
ID: 11772912
As far as I know, You cannot use Group Policy in this configuration but on your server (i.e. Terminal Services - you may have full controll there).

You can use Group Policy on whatever location you wish but in a peer to perr network (workgroup) it is of no significance...

You can convert drice C: to NTFS easily... the question is whether you may be able to recover in case of disk or OS failure (It is strongly recommended that you will burn a recovery Boot CD that will include software for recovery)...

You CAN convert the whole WorkGroup to a Domain easily as well (just configure all clients to connect to a domain and configure the Server as a DC)..

If you wish to get a step-bystep guide... just tell me and I will run over the hills and bring those to ya...

Cyber
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 

Author Comment

by:merlok
ID: 11773680
on my previous server (NT4 terminal services) I did use regedt32 and manually edited the keys.  On the NT2000 server when I run regedt32 - load hive (NTUSER.dat ) from c:\douments and settings\username the changes I apply seem to make no difference.

This is why I am looking at local group policy.

Am I using regedt32 properly on NT2000?
0
 
LVL 3

Assisted Solution

by:saito1
saito1 earned 100 total points
ID: 11773706

Can I use group policy in this setup ?
  you should convert your network to domain environment.

Can I move group policy folder to D: (NTFS ) and try ntfs permissions. ?
  no need to do in domain environment
 
Can I convert C drive to NTFS ?
  yes, at command prompt execute the command:
  convert c: /fs:ntfs /v

  I recommend to convert your driver's format to NTFS if there is no dual boot between windows 9x
  for convert command:
http://support.microsoft.com/default.aspx?scid=kb;en-us;214579&Product=win2000

Can I convert to domain easily ?
  yes very easy:
  step by step guide to "Convert a Windows 2000 Server to a Domain Controller"
http://www.microsoft.com/technet/Security/topics/issues/w2kccadm/trust/w2kadm28.mspx#XSLTsection123121120120

Rgrds...

0
 
LVL 2

Assisted Solution

by:Ranidae
Ranidae earned 50 total points
ID: 11777801
Hi,

Just to throw my 2 cents in... I have in the past configured the local policy to restrict users in a severe way, I then found the policy object itself and denied the administrator account the NTFS read permission to the policy, that way anybody but the admin has the policy applied.  It's not a perfect solution (I would encourage a domain to get more control), but it worked for me in limiting users on local machines for workgroup environments.

Regards.
0
 
LVL 84

Expert Comment

by:oBdA
ID: 11796936
Since the terminal server is not part of a domain, it will still process the NT4 style system policies (the predecessor to group policies). Make sure you read the policies part of the Guide below before you start; unlike group policies, the settings defined in a system policy will *not* simply revert back when you set them back to "undefined", you have to undo them explicitly.

Group Policies for Windows 2000 Professional Clients in Windows NT 4.0 Domain or Workgroups
http://support.microsoft.com/?kbid=274478

How to apply System Policy settings to Terminal Server
http://support.microsoft.com/?kbid=192794

Guide to MS Windows NT 4.0 Profiles and Policies
http://www.microsoft.com/technet/prodtechnol/winntas/maintain/prof_pol.mspx
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12141871
Thanks
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Data off on old Win 2000 server. 18 593
Update a root certificate 8 677
Pskill not working on VBS script 4 160
Server 2012R2 Foundation and Server 2000 3 131
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Shell script to create broker configuration file using current broker Configuration, solely for purpose of backup on Linux. Script may need to be modified depending on OS-installation. Please deploy and verify the script in a test environment.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question