General discussion

Locked

Windows XP System Policy in NT4.0 Domain

By Eclipse860 ·
I am using System Policies in an NT 4.0 domain. The policies work fine on our XP Prof. clients. I am reading an article in the Windows XP Resource Kit that explains how to use Windows 2000/XP .ADM files to create your Ntconfig.pol file. This will give you more options to lock-down the workstation. The article explains that the .ADM files need to be modified. After the modification, the template will not load and cannot be used. It finds an unexpected keyword. There is no mention of this in the article. The article is found under the Part II Desktop management, Chapter 5 Managing Desktops, Manageing Desktop Without Active Directory, System Policy. If anyone can help me with this, it would be greatly appreciated

This conversation is currently closed to new comments.

16 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Windows XP System Policy in NT4.0 Domain

by TimTheToolMan In reply to Windows XP System Policy ...

Hi,

Did you copy and paste the code from somewhere? It could be that there is simply a typo in there somewhere...

Otherwise, if you cant find a list of reserved words in your doco, then I suggest commenting out sections until you find the problem area.

Cheers,
Tim.

Collapse -

Windows XP System Policy in NT4.0 Domain

by Eclipse860 In reply to Windows XP System Policy ...

Yes, the article states that the .ADM files can be located in the Windows\Inf folder (and they are). I have been very careful to make sure that I dont remove anything except the lines the article says to remove. I have not added anything into the file. The line it is getting stuck on is obviously part of the code. I dont feel comfortable remarking them out since this applies policies to the computer. I would hate to see reprecutions of such a procedure 3 months down the road. You wouldthink for a Resource Kit article, it would have mentioned something about this.

Collapse -

Windows XP System Policy in NT4.0 Domain

by TimTheToolMan In reply to Windows XP System Policy ...

Hi,

I'm not suggesting you permanently comment them out! Just temporarily in order to help you find the line (and hopefully word) that is causing the problems.

Once you know that, you'll have a much better idea of the problem! Or if you're notsure, you can post back here the code fragment surrounding that error and we'll see if we can figure it out.

So, by a process of elimination you'll be able to work out the problem line...

Cheers,
Tim.

Collapse -

Windows XP System Policy in NT4.0 Domain

by Eclipse860 In reply to Windows XP System Policy ...

Ok, I see. I know the lines. I will comment them out and see if it will load the template and if so, I will post the lines here and see if you (or anyone) can make sense of them. Thanks.

BTW I dont like the rating system, I dont want to set this as answered but I also dont want to say that it didnt help me!

Collapse -

Windows XP System Policy in NT4.0 Domain

by TimTheToolMan In reply to Windows XP System Policy ...

Hi,

I've subscribed to this question now, so you can simply post a comment rather than rejecting each time. When the comment is posted, I'll be notified and take a look...

TechRepublic isn't terribly clear about how their site should be used, is it!

Cheers,
Tim.

Collapse -

Windows XP System Policy in NT4.0 Domain

by TimTheToolMan In reply to Windows XP System Policy ...

Oh.. And this is how I answer you... :-)

BTW, dont skimp on the size of the code fragment. The more the better - it could be something a fair way up that causes the error down lower...

Cheers,
Tim.

Collapse -

Windows XP System Policy in NT4.0 Domain

by TimTheToolMan In reply to Windows XP System Policy ...

Hi,

OK, at a first glance this looks like the tool used to load the new config might not be the right one... Take a look at the following Microsoft article for a similar problem... Is there an updated one you're supposed to use?

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q184290

(remove spaces from the above URL)

The #if and #endif lines are "compiler directives" that mean the lines between them are only executed based on "version". I suspect version is the version of the policy editor, although it could be something to do with the version of windows the policy relates to.

You said the policy works fine for XP clients? You mean locally on the XP machines? Rather than part of the domain policy? Or something like that?

I might see if I can dig up the documentation you're looking at myself...

Cheers,
Tim.

Collapse -

Windows XP System Policy in NT4.0 Domain

by TimTheToolMan In reply to Windows XP System Policy ...

Hi,

Your instructions are these ones?

"To create an Ntconfig.pol file

Using a text editor such as Notepad, remove all #if version and #endif statements from the following .adm files: System.adm, Inetres.adm, and Conf.adm, and then save the files. This prevents inadvertent loading of these files by Poledit.exe.
For example, in the Inetres.adm file, remove these lines:

#if version <= 2
#endif

Open Poledit.exe.
In the System Policy Editor window, on the Options menu, click Policy Template.
In the Policy Template Options dialog box, click Add, select one of the .adm files that you modified in step 1 above, and then click OK.
Specify the appropriate policy settings, as documented in System Policy Editor Help.
Save the file as Ntconfig.pol to the NETLOGON share of the Windows NT 4.0 domain controller."

The bit that worries me is the following statement... "This prevents inadvertent loading of these files by Poledit.exe."

...then you're asked to load it into poledit.exe... so what gives? For a start this is badly worded (or understood) documentation.

So I'm guessing you correctly open a policy template in poledit and its when you try to load the system.adm file that it fails?

Well... The documentation says you can. And the documentation says you cant. I think we're going to need to work out what commands are supported in a .adm file to know what's going on for sure.

Cheers,
Tim.

Collapse -

Windows XP System Policy in NT4.0 Domain

by TimTheToolMan In reply to Windows XP System Policy ...

Hi,

Well that didn't take too long...

Yep, the file format is definitely stuffed. EXPLAIN statements arent components of CATEGORIES, they are components of POLICIES.

Take a look at the following area of TechNet. It specifies the file formatof a .adm file.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/policy/policyref_17hw.asp

It seems the removal of the #if & #endif has had the desired effect of "inadvertent loading of these files by Poledit.exe"

Take a look at the format to decide whether you think its worth your while correcting it for Microsoft. Even they produce bugs. This is a careless one.

Cheers,
Tim.

Collapse -

Windows XP System Policy in NT4.0 Domain

by Shanghai Sam In reply to Windows XP System Policy ...

Thank you for your help. I will look at the document you mentioned. I have so much going on right now, I may never even try to get it to work again anyway. I was just really excitid to see I had some more options available for lock down, ordo I?? Hehe. Thanks again. Enjoy the points.

Back to Windows Forum
16 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums