Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Policy Editor (changing policies) 1

Status
Not open for further replies.
GeneK

GeneK

MIS
Jan 3, 2001
2
US
This is a two part question.

Question 1

I have set policies on a standalone PC. On the Default User policies, I disabled the Run option on the menu. I just discovered that I need to make several changes in the registry. Is there a way to make changes without re-doing all of the policies (3) that I have set.


Question 2

I have read that I can copy policies from PC to PC. Can anyone tell me how this is done. I need to know what files I need to copy to floppy and what other steps that I need to follow. I have approximately 40 standalone PCs that policies have to be set on and any shortcut suggestions would be helpful.
 
Sort by date Sort by votes
It's been a while since I used Poledit but I'll give it a shot and the other members can correct my errors.

Answer 1

Make sure you you set up an Administrative profile on each (non-networked) machine. It should allow full privileges so you can modify the existing profiles with ease.

Answer 2

I haven't tried to copy policies among standalones but you might try setting up a "standard" policy on one machine, copy the policy to a floppy and then use poledit to enact the policy on each of the other machines. The files you are dealing with have POL and ADM extentions.

These really aren't answers... just guesses. I hated the Policy Editor so much I decided to write my own software to replace it. You can get the gist of it by clicking on the A plain black box link in my personal profile, below.

Note: I am not trying to sell anything. The software isn't ready for distribution. I only include the link here so I can get feedback to help me provide an easier way to prevent user blunders.

[sig]<p> <br><a href=mailto: > </a><br><a href= plain black box</a><br><i>"I sure hope I'm retired when it comes time to fix all the the Year-2000 problems in our systems!"</i><br>
<b>Edward Yourdon, <u>Time Bomb 2000</u></b>[/sig]
 
Upvote 0 Downvote
to get your run back on start menu you have to go back in to polacy editor and make sure you leave the box unticked and white
note the boxs have three states white ticked,white unticked and grey; grey means you are not bothered about the setting.

if you want to copy policys across stand alone machines you have to do two things first open poledit on each machine and change the the &quot;logon&quot;location this is set to look on either a nt server or novell server change this to c:\windows then reboot the machine.
next go to machine you are runing poledit on and make three policys 1 default user make sure there have no acces to any thing this is so if there just press esc to get in to windows there can not do a thing 2 aministator give them full acces this so you can make any changes later 3 the name of the user who is using the machine set them what ever level you like when you have done this save the file as config.pol and copy it to c:\windows on each machine.

Big Note back up the registry first.
if you wish ti tighten even more set menu time to 0 in msdos.sys make your machine boot c then a and password the bios [sig]<p>Tim Dodgson<br><a href=mailto:t_dodgson@yahoo.com>t_dodgson@yahoo.com</a><br><a href= </a><br> [/sig]
 
Upvote 0 Downvote
Oops, Tim, I feel a bit foolish. I think we both missed something in GeneK's post. He may have done something that is preventing him from running Poledit.exe on the one system.

GeneK, copy Regedit.exe to a floppy (administrators who want to secure their systems don't allow that file or Poledit.exe to remain on the local hard drives), then paste this into an MSDOS style text file and save it as YesRun.txt on the floppy:
[tt]
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
&quot;NoRun&quot;=dword:00000000
&quot;RestrictRun&quot;=dword:00000000
[/tt]
Boot the machine to MSDOS mode, CD to the Windows directory, copy Regedit and the text file to the hard drive and then enter REGEDIT YESRUN.TXT.

Delete Regedit.exe and YesRun.txt and reboot the machine.

The &quot;NoRun&quot; value is probably the one that is keeping you from running the Policy editor but you may have accidentally tried to restrict the programs the user is allowed to run so I included &quot;RestrictRun&quot;.

Sorry about that! I didn't read your post clearly but this should get you back on your feet. Suffice it to say that you should burn this post, scatter the ashes and never tell your users about ways to circumvent your policies.
[sig]<p> <br><a href=mailto: > </a><br><a href= plain black box</a><br><i>"I sure hope I'm retired when it comes time to fix all the the Year-2000 problems in our systems!"</i><br>
<b>Edward Yourdon, <u>Time Bomb 2000</u></b>[/sig]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ClayTaco
  • Locked
  • Question
Modifying Group Policy From Command 1
Replies
3
Views
89
ClayTaco
ClayTaco
Comput3rGuy
  • Locked
  • Question
Policy enabled that blocks NT 4.0 Drivers
Replies
1
Views
330
karlisi
karlisi
BobMCT
  • Locked
  • Question
Directory Tree keeps changing back to &quot;Read Only&quot; - Why?
Replies
4
Views
89
strongm
strongm
gbl
  • Locked
  • Question
Standard User on W7 home changing own status to Admin
Replies
2
Views
80
cdogg
cdogg
richardy2k04
  • Locked
  • Question
Group Policy - Amount of idle time required before suspending session not working?
Replies
5
Views
138
richardy2k04
richardy2k04

Part and Inventory Search

Sponsor

Back
Top