Re: Group Policy in a NON Active Directory environment

From: karl [x y] (jamescagney90210@excite.com)
Date: 07/23/02


From: "karl [x y]" <jamescagney90210@excite.com>
Date: Tue, 23 Jul 2002 12:55:28 -0400


No, I'm not sure about whether or not .POL files will work in Windows 2000
[I'm guessing they don't, but I would have to look up the correct answer].
What I'm describing is more or less the normal process for managing group
policy on a standalone windows computer. You can do Start, Run, MMC, add
the Security Configuration and Security Templates snap-ins. Use the
Security Configuration snapin to create a new database, import [if you wish]
the contents of a pre-existing template, modify the settings in your
security database, save and close the database/MMC [noting the location of
the policy database]. Then, do Start, Run, SECEDIT to access the help
documentation for Secedit, which is the command-line version of the Security
Configuration snapin. It can be used in a batch file or login script to
silently apply or re-apply one part or all parts of a group policy security
database

"Carl Hilton" <chilton@nomail.awod.com> wrote in message
news:eov$yBmMCHA.1892@tkmsftngp08...
> Our users are NOT local admins. Could you please explain further.... your
> script to roll out group policy? Do you mean to copy the *.POL files to
> users machines?
>
>
> "karl [x y]" <jamescagney90210@excite.com> wrote in message
> news:OebnIklMCHA.2340@tkmsftngp08...
> > You could use a batch file or other script to roll out group policy
> > databases that you have created and then execute the SECEDIT command to
> > apply them to the workstation. If the user is a local administrator on
> the
> > workstation, the changes can be undone.
> >
> >
> > "Carl Hilton" <chilton@nomail.awod.com> wrote in message
> > news:#5seoxkMCHA.2548@tkmsftngp08...
> > > Is it possible to implement a policy that is active across a site
> without
> > > Active Directory? I have a bunch of Win2K Pro machines... can I copy
the
> > the
> > > Registry.POL from a machine that I have modified and push it to other
> > > machines?
> > >
> > > 2) If I have screen saver stuff set in the .POL file, can the user
still
> > > change those settings following logon? I know I can use the registry
> > > permissions to prevent a user from changing any desktop setting, but I
> > would
> > > prefer to just prevent them from changing the screen saver settings.
> > >
> > >
> > >
> > >
> >
> >
>
>



Relevant Pages

  • Re: Cannot rebuild GP database
    ... Are you suggesting that it is a security file issue? ... I suspect it has to do with permissioning on that database ... Group Policy Management solutions at http://www.sdmsoftware.com ... There appear to be the proper permissions to the ...
    (microsoft.public.windows.group_policy)
  • Re: Cannot rebuild GP database
    ... I tried to copy the security and update databases from another ... computer, which I took ownership permissions, but they, too, have the same ... will not allow changing the actual database. ... Group Policy Management solutions at http://www.sdmsoftware.com ...
    (microsoft.public.windows.group_policy)
  • Re: Group Policy in a NON Active Directory environment
    ... Do you mean to copy the *.POL files to ... > You could use a batch file or other script to roll out group policy ...
    (microsoft.public.win2000.security)
  • Limiting access to gpedit.msc
    ... I have found to my surprise that profiles with the security ... the .pol files using the files' security tab, ...
    (microsoft.public.win2000.security)