Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
When you use System Policy settings for client
computers that are running Windows 2000, Windows XP Professional, or Windows
Server 2003, consider the following guidelines:
- Client computers that are running Windows 2000, Windows XP
Professional, or Windows Server 2003 ignore System Policy settings that are
placed in the Netlogon share of a Windows 2000 domain controller or a Windows
Server 2003 domain controller. Instead, they apply Group Policy settings.
- Computers that are running Windows 2000, Windows XP
Professional, or Windows Server 2003 and that are joined to a Windows NT 4.0
domain apply System Policy settings from the Netlogon share of a Windows NT 4.0
domain controller.
- Windows NT 4.0-based client computers apply System Policy
settings that are placed in the Netlogon share of a domain controller that is
running Windows 2000, Windows Server 2003, or Windows NT 4.0.
When you use System Policy settings for client computers that
are running Windows NT 4.0 (or Windows 95 or Windows 98), consider the
following guidelines:
- System Policy settings are applied to domains.
- System Policy settings may also be controlled by user
membership in security groups.
- System Policy settings are not secure.
- System Policy settings persist in users� profiles (this is
sometimes referred to as tattooing the registry), as explained earlier in this
article. This means that after a registry setting is set by using a Windows NT
4.0 System Policy setting, the setting persists until the specified policy is
reversed or until the user edits the registry.
- System Policy settings are limited to desktop
lockdown.
To implement a System Policy setting to affect all
Terminal Server users who log on to the console or through the Terminal Server
client, follow these steps:
- Start System Policy Editor (Poledit.exe), and then make the
changes for your policy.
- On the File menu, click Save
As, and then save the policy file on your hard disk. For example, save
the file as C:\Ntconfig.pol.
- On the File menu, click Open
Registry.
- Double-click Local Computer, double-click
Network, double-click System Policies Update,
and then click to select the Remote Update check
box.
- In the Update Mode box, click
Manual (Use Specific Path), type a path in the Path
for Manual Update dialog box (for example, type
c:\ntconfig.pol).
Notes- You can name the policy file anything you
like.
- To display an error message if the policy file is not
found when Windows NT starts, click to select the Display Error
Message check box.
- Click OK.
- Save your policy to the path that you specified in step 5,
and then exit Policy Editor.
- Restart Windows NT for the changes in the policy to take
effect.
Tip Every user or computer account that logs on after a policy is in
place is subject to the policy. Therefore, it is a good idea not to edit the
default user or computer account until you are familiar with System Policy
settings. Make a test user/group account in "User Manager," and then make a
specific policy for this user/group in System Policy Editor. After you have the
policy working correctly, you can then transfer the policy to the production
environment.
The settings in this procedure modify the following
path in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Update
Remote Update:
Category: Network
Subcategory: System Policies
update
Selection: Remote update
Description: Controls how policies are applied to a Windows NT 4.0-based
computer. With UpdateMode set to 1 (Automatic, the default), Windows NT makes a
connection to the Netlogon share of the validating domain controller in the
user's context and then checks for the existence of the policy file,
NTconfig.pol. With UpdateMode set to 2 (Manual), Windows NT reads the string
that is specified in the NetworkPath value and then checks that path for the
existence of the policy file (in this case, the policy file name should be
included in the NetworkPath value). With UpdateMode set to 0 (Off), a policy
file is not downloaded from any system. Therefore, it is not applied.
Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Update
| Registry Entry | Type | Values and
Descriptions |
|---|
| UpdateMode | REG_DWORD | Off = 0, Automatic=1;
Manual=2 |
| NetworkPath | REG_SZ | Text of UNC path for
manual update |
| Verbose | REG_DWORD | Display error messages Off
= 0 or value not present; On = 1 |
| LoadBalance | REG_DWORD | Off = 0 or value not
present; On = 1 |
The UpdateMode registry entry only applies for the Windows NT 4.0
policy. For members of an Active Directory forest, the UpdateMode registry
entry is ignored, and instead, the Group Policy settings that are configured in
Active Directory are applied. To gain the same effect as using the UpdateMode
entry, you can use a GPO Loopback policy.
For additional information about using
a GPO Loopback policy, click the following article number to view the article
in the Microsoft Knowledge Base:
260370 How to apply Group Policy objects to Terminal Services servers
For additional information about how to use
System Policy settings in Windows 2000, click the following article number to
view the article in the Microsoft Knowledge Base:
318753
How to create a System Policy setting in Windows 2000