NT system policy applied to Win 2000 clients after 2K DC u..

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I have upgraded the Primary domain controller from NT 4.0 to Win 2000 with AD & DNS running smoothly now (still using old NETBIOS domain name) but clients (already 2000 Pro) are still being affected by NT system policy.
I took the BDC offline prior to upgrade. I removed the NTconfig.pol file from Repl folder on the PDC prior to upgrade. I now have a new machine as a 2000 BDC and old NT BDC still offline. I cannot locate the old NTconfig.pol file on the 2000 DC and don't know why it is still being applied to clients. How can I remove it?
4 answers Last reply
More about system policy applied 2000 clients
  1. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    It is located in the Netlogon share of the 2k DC. That is at
    c:\winnt\sysvol\sysvol\<domainname>\scripts

    The old NT policies tattoo, so they are there until you remove them.

    --
    Derek Melber
    BrainCore.Net
    derekm@braincore.net
    "Pete" <anonymous@discussions.microsoft.com> wrote in message
    news:B9D50335-42C7-4D3F-A8AC-A2D1D61B93DD@microsoft.com...
    > I have upgraded the Primary domain controller from NT 4.0 to Win 2000 with
    AD & DNS running smoothly now (still using old NETBIOS domain name) but
    clients (already 2000 Pro) are still being affected by NT system policy.
    > I took the BDC offline prior to upgrade. I removed the NTconfig.pol file
    from Repl folder on the PDC prior to upgrade. I now have a new machine as a
    2000 BDC and old NT BDC still offline. I cannot locate the old NTconfig.pol
    file on the 2000 DC and don't know why it is still being applied to clients.
    How can I remove it?
  2. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Thanks Derek, for the reply. However, as I mentioned, I removed the NTConfig.pol file before the upgrade - it is not there...I just checked. Furthermore, I configured a couple of settings on the Default Domain Policy and they are filtering down to the users perfectly now. The only problem is, they are filtering down to domain admins (with whom I belong) and I do not want that (even though permission check box for domain admins for Apply Policy is unchecked). I have created an OU called Users, but do not know how to add those users to the OU - I get an option to move groups but not users. Any advise?

    ----- Derek Melber [MVP] wrote: -----

    It is located in the Netlogon share of the 2k DC. That is at
    c:\winnt\sysvol\sysvol\<domainname>\scripts

    The old NT policies tattoo, so they are there until you remove them.

    --
    Derek Melber
    BrainCore.Net
    derekm@braincore.net
    "Pete" <anonymous@discussions.microsoft.com> wrote in message
    news:B9D50335-42C7-4D3F-A8AC-A2D1D61B93DD@microsoft.com...
    > I have upgraded the Primary domain controller from NT 4.0 to Win 2000 with
    AD & DNS running smoothly now (still using old NETBIOS domain name) but
    clients (already 2000 Pro) are still being affected by NT system policy.
    > I took the BDC offline prior to upgrade. I removed the NTconfig.pol file
    from Repl folder on the PDC prior to upgrade. I now have a new machine as a
    2000 BDC and old NT BDC still offline. I cannot locate the old NTconfig.pol
    file on the 2000 DC and don't know why it is still being applied to clients.
    How can I remove it?
  3. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Here is what you need to do:

    1) removet those settings from the domain GPO.
    2) create an OU (you can use the one you have, named users)
    3) link a NEW GPO to this OU
    4) configure the GPO with the settings you had in the domain GPO
    5) move all users that you want to receive the policy settings to this OU
    (NOT GROUPS!!!!!)
    you are done!

    As for the nt policies, they will remain there until you set them to
    something else. They are tattooed

    --
    Derek Melber
    BrainCore.Net
    derekm@braincore.net
    "Pete" <anonymous@discussions.microsoft.com> wrote in message
    news:E62DADED-0689-4E63-90D7-BAC3CC9CEA0A@microsoft.com...
    > Thanks Derek, for the reply. However, as I mentioned, I removed the
    NTConfig.pol file before the upgrade - it is not there...I just checked.
    Furthermore, I configured a couple of settings on the Default Domain Policy
    and they are filtering down to the users perfectly now. The only problem is,
    they are filtering down to domain admins (with whom I belong) and I do not
    want that (even though permission check box for domain admins for Apply
    Policy is unchecked). I have created an OU called Users, but do not know how
    to add those users to the OU - I get an option to move groups but not users.
    Any advise?
    >
    > ----- Derek Melber [MVP] wrote: -----
    >
    > It is located in the Netlogon share of the 2k DC. That is at
    > c:\winnt\sysvol\sysvol\<domainname>\scripts
    >
    > The old NT policies tattoo, so they are there until you remove them.
    >
    > --
    > Derek Melber
    > BrainCore.Net
    > derekm@braincore.net
    > "Pete" <anonymous@discussions.microsoft.com> wrote in message
    > news:B9D50335-42C7-4D3F-A8AC-A2D1D61B93DD@microsoft.com...
    > > I have upgraded the Primary domain controller from NT 4.0 to Win
    2000 with
    > AD & DNS running smoothly now (still using old NETBIOS domain name)
    but
    > clients (already 2000 Pro) are still being affected by NT system
    policy.
    > > I took the BDC offline prior to upgrade. I removed the NTconfig.pol
    file
    > from Repl folder on the PDC prior to upgrade. I now have a new
    machine as a
    > 2000 BDC and old NT BDC still offline. I cannot locate the old
    NTconfig.pol
    > file on the 2000 DC and don't know why it is still being applied to
    clients.
    > How can I remove it?
    >
    >
    >
  4. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Pete,

    FYI, once you set a policy using the ntconfig.pol it will tatto the
    registry. If you remove the .pol file, this will not reverse the policy
    settings. You will need to put the .pol file back in and reverse the
    settings in the policy.


    FYI on GPO's, the default permissions on policies are authenticated users
    read and apply group policy. Even tho your account is a domain admin it is
    still an authenticated user and the policy will apply. You can move the
    users you want the policy to apply to in an OU or you can simply mark the
    current policy for a deny read for the domain admins.


    --
    Mark Ramey [MSFT]

    This posting is provided "AS IS" with no warranties, and confers no rights.


    "Pete" <anonymous@discussions.microsoft.com> wrote in message
    news:B9D50335-42C7-4D3F-A8AC-A2D1D61B93DD@microsoft.com...
    > I have upgraded the Primary domain controller from NT 4.0 to Win 2000 with
    AD & DNS running smoothly now (still using old NETBIOS domain name) but
    clients (already 2000 Pro) are still being affected by NT system policy.
    > I took the BDC offline prior to upgrade. I removed the NTconfig.pol file
    from Repl folder on the PDC prior to upgrade. I now have a new machine as a
    2000 BDC and old NT BDC still offline. I cannot locate the old NTconfig.pol
    file on the 2000 DC and don't know why it is still being applied to clients.
    How can I remove it?
Ask a new question

Read More

Policy Domain Controller Windows