LAB6J: SYSTEM POLICIES
In this exercise, you will implement default user and computer policies which will apply to users who log on to the domain.

1. Log on to the PDC as administrator and start System Policy Editor
2. Click on the File option, then select New to create a new policy file

   

3. Select the Default User Icon, and change the following parameters under the Desktop
   Wallpaper = \<winnt_root>\256color.bmp
   Wallpaper = tiled
   Color Scheme = Blue and Black

   

4. Select the Default Computer Icon, and change the following parameters
   Network->System Policies update->Remote Update

   

   Also enter meaningful text messages for
   Windows NT System->Logon->Logon Banner

   

   Also enable the check box Do not display last logged on User Name

5. Save the policy file in /<winnt_root>/system32/repl/import/scripts as NTCONFIG.POL
6. Close System Policy Editor
7. Log off the PDC
8. Log on the PDC as administrator
9. Were the policy changes active? [YES NO]
   [Did you get the system log on messages, and was the last logged on username clear?]
10. Log off the PDC
11. Log on the PDC as administrator
12. Were the policy changes active? [YES NO]
13. Log on to the BDC as administrator
14. Were the policy changes active on the BDC? [YES NO]
15. If your answer to the BDC was NO, why do you think the policies are not working on the BDC?

    ..............................................................
    
    ..............................................................
    
    ..............................................................
    
    

16. Shut down the BDC and restart it as a Windows NT Workstation. Earlier you joined this NT Workstation to the domain you created.
17. Log on to the DOMAIN using the NT Workstation computer, and use the username user1
18. Were the policy changes active on the NT Workstation? [YES NO]
19. Shut down the NT Workstation and restart it as the BDC

Summary
System policies allow administrators to control desktop and computer settings for users in the domain. These settings permit or deny certain rights, such as changing a screen saver or connecting to a printer. Using system policies, a user has the same environment no matter where they log on in the network.

For Windows NT computers, the policy file is stored in the Netlogon shared directory, and called Ntconfig.pol

For Windows 95 computers, the policy file is called Config.pol

When a user logs onto the domain, the policy changes are downloaded and override settings in the local registry of the computer. When a BDC validates a log on request, it uses its own Netlogon shared directory for locating policy files. This means directory replication should be enabled to copy log on scripts and policies from the PDC to all the BDC’s in the domain.