Microsoft Windows NT Server White Paper 43
tem Policy Editor.
2. From the File menu, click New Policy.
3. The Default Computer and Default User icons will be displayed. Click the
user, computer, or group to be modified.
NOTES:
If you need to add a user, group, or computer, you can copy and paste the settings without having to
manually go through each of the entries and make selections. For example, if you have made modifica-
tions to User1 and want to create a similar profile for another user (User2), select User1, then from the Edit
menu, click Copy. Select User2, then from the Edit menu, click Paste. Make any changes specific to User2
and save your changes. You will be prompted to verify your changes, and then the settings will be ap-
plied.
When you add users or computers to the policy file, they automatically assume the properties of the icons
Default User or Default Computer respectively.
4. Make changes to the options desired. For more information on each op-
tion, see the portion of this guide titled “Registry Keys Modified by the
System Policy Editor Default Templates.”
5. From the File menu, click Save As and save the policy file with the appro-
priate name:
• If workstations will be set to Automatic mode, use the file name
NTconfig.pol.
• If workstations will be set to Manual mode, use the name of your
choice.
6. If workstations will be set to Automatic mode, place the file in the
NETLOGON share of each of the domain controllers that will be perform-
ing authentication. To simplify this process, you can use directory
replication from Windows NT to replicate the file to the other domain con-
trollers. If you use replication and later make changes to the file, the
modified file will be duplicated across validating machines automatically.
Windows NT-based workstations, by default, are set to download the
policy file in Automatic mode. If you modify the setting to specify manual
update and to point to a specific machine, you must inform the workstation
about this location change. There are two ways to do this:
• Place the policy file in the location specified for manual updates, but
maintain a policy file in the NETLOGON share that points to the man-
ual path. Then, leave the Windows NT-based workstation in the
default Automatic mode. When the policy file is first downloaded this
change will be made, and at next logon and every logon thereafter,
Windows NT will go to the new location for policy file updates.
• Visit each Windows NT-based workstation either remotely or locally
and make the required registry change to point to the new location.
(Depending on the number of workstations affected, this could be very
time consuming.)
7. Log on to the Windows NT-based workstation to download and enact the
policy.