Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

group policies

group policies

group policies

anyone any guidance on where to store these and where to get them from
i want to use them on xp and a citrix xpa box
do i just copy them from security\template or ?

any good docs or links or personal experience appreciated

RE: group policies

oh yea, policies are kinda confusing at first.  Just need to remember, it's M$ not Novell making it hurt for you.  In either network enviroment, you have to do similar.

Pick a location on your network that all users will have access to.  A public place they all can read and filescan, but nothing else.  Then create sub directories for each of the different policies you want to create.  Like at the location I am in now, I have a ZEN_VOL:Policies storage location.  In this storage location I have XP_SuperUser, 2K_Superuser, XP_CommonUser, 2K_CommonUser, XP_RestrictedUser, & 2K_RestrictedUser (similar for workstation policies).  Now in the NDS object when I go into the Group Policy properties, I tell it were the location is, then go to edit it.  ConsoleOne will copy the correct ADM files to the directory and bring up MMC for you to edit them in.

Word of caution:

You MUST use the OS you plan to use the policy on to setup the policy.  So if the policy will be used on XP workstations, you will use an XP workstation to create the policy.  Same goes for 2K, NT, & 9x.   

DO NOT use your own production PC to create the policy.  You could shoot your self in the foot.  As you create the policy, you will notice that it affect the PC you create it on.  Now when you close MMC, the policy gets removed, but I have had times when it didn't.  Really sucks when you have to get your job done and a policy has locked down your PC preventing you from doing your job.  I personally use VMWare sessions to create my policies in (nice revert feature recovers the workstation very quick if I lock my self out building a policy).

Be sure to create the SuperUser policy FIRST.  You need somthing that will unlock any security policy you play with.  Noce to be sure when you log into a PC it won't be locked down.

Brent Schmidt        Certified nut case   
Senior Network Engineer
 http://www.kiscc.com     &n

RE: group policies

As always Brent, a quality post...

For years I have been hoping that Novell would put these kinds of explanations in their documentation.  But they don't.

I would like to expand on your Superuser policy though...  Make your superuser policy so that it actually removes any restrictions you've put in place..  Mirror your restrictive policies, if you will.. for example, if you ENABLE the 'Remove Run command', make sure you set DISABLE 'remove run command' in your superuser policy.  Don't just create an empty SuperUser policy with the defaults. That won't help you out any because the 'not configured' setting won't make any change to whatever restriction is currently in place.

Marvin Huffaker, MCNE

RE: group policies

oh the joys

thanks for post
hopefully i should be doing these soon - afraid it's a weird app thats on the box and just got that to work logged in as a pleb

going to do the tie down next and then try the printing nightmare

citrix is just so much hassle eh

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close