Windows NT users can typically change their background,
desktop, Start menu, and other preferences whenever they want. However,
administrators sometimes need to prevent users from changing these settings,
such as on public kiosk and library computers.

In these cases, administrators can lock down the computers
by using policies. Windows NT’s utility for managing policies is the System
Policy Editor (Poledit.exe). System Policy Editor is a graphical tool included
with Windows NT 4.0 Server, but you can also install it on Windows NT 4.0
Workstation computers. (Check the \Clients\Svrtools\Winnt folder on the installation
CD.)

After running this utility, you have two options: Either
create a new policy, or use an existing one. If you choose to create a new
policy, you’ll see two icons in the working area of System Policy Editor:
Default Computer and Default User.

Default Computer represents the settings that the tool will
apply to all computers if you don’t specify otherwise. Default User is similar
to Default Computer, except that the settings apply to users.

Double-clicking one of these icons opens a dialog box that
displays these settings, which apply to all users and computers. To specify
different settings for some groups of users, go to Edit | Add Group, and select
the user group. A new icon will then appear, and you’ll be able to change the
settings.

In order for the policy to work on your computer, you must
save it in the Ntconfig.pol file. Be aware that this particular name is vital;
if you choose another name, the tool won’t apply the policy to your system.

If you have a domain, you must save the policy in the Netlogon
share on the primary domain controller (PDC). If you’re unsure of the location
of the share, enter net share at the command prompt on the PDC, and it
will return the exact path to the Netlogon share on your server. Computers
connected to the domain will automatically download the file and apply the
settings.

But what if you don’t have a domain, but you want to set the
policy on the local computer? You can save the file in any folder, but you’ll
have to modify two registry values. Open the Registry Editor by going to Start
| Run and entering regedt32.exe, and navigate to the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Update

Change the value of UpdateMode to 2, and modify the
NetworkPath value to the path of the file (e.g., c:\winnt\ntconfig.pol). If the
key doesn’t exist, create it manually, and give it a data type of REG_SZ (string
value).

For more information about Windows NT’s System Policy
Editor, check out the Microsoft
Knowledge Base article Q161334.

Note: Editing the registry is risky, so be sure you
have a verified backup before making any changes.