Group policy rookie

[Guest]

Hey guys,
I successfully upgraded a 2 domain environ to AD parent child mixedmode
this weekend.One little glitch i am facing at this time, is about the group
Policies.
Old nt policy was setup and was working, which is no longer taking effect
in the new environment for new users or for old users logging to a different
machine.

Our machine image which has a registry entry to get latest updates from
one of the nt servers is no longer pulling the old .pol file.


How can i make the old .pol file to work with AD environ?

Thanks
Sin

 

[Herb Martin]

Hey guys,
I successfully upgraded a 2 domain environ to AD parent child mixedmode
this weekend.One little glitch i am facing at this time, is about the group
Policies.
Old nt policy was setup and was working, which is no longer taking effect
in the new environment for new users or for old users logging to a different
machine.

Our machine image which has a registry entry to get latest updates from
one of the nt servers is no longer pulling the old .pol file.

You are in mixed mode so if you have DCs + BDCs you
must arrange replication -- see below.

How can i make the old .pol file to work with AD environ?

You cannot -- for Win2000+ clients.

You can place these in the (new) NetLogon scripts location
as you would in NT-DCs.

The NTConfig.pol will affect only NT machines (or
config.pol for 9x) but not the Win2000-class machines.

Microsoft calls the replication between BDCs and DCs
a "file replication bridge" (so you can search Google for
the details and sample) but it is really just a scheduled
batch job or some such.

 

[Guest]

Hi Herb,
Thanks for replying back.You are a DS..hehe Day saver i meant.
Let me re-emphasize about my issue.
All machines were build in as a image with a registry entry to get the
policy updates from a Nt domain controller,they were getting the proper
updates from Nt domain.Client machines which were pulling this down are all
windows 2000 professional machines.
NT domain got upgraded to Win2k in mixed mode.Th domain controller which had
the .pol file is now the BDC.
New machines as well as old users when they login to different machines are
not getting there policies updated.

( this policy file was never in replication directory on NT 4.0 DC's, I know
about lbridge.cmd and it works fine in my test environment, all i have in my
repl directory in export server was our login scripts)

My question is how to create a similar GP as .pol file which will be used
domain wide for the changes in registry.

Sin

 

[Guest]

Consider
http://support.microsoft.com/default.aspx?scid=kb;en-us;317367
http://support.microsoft.com/default.aspx?scid=kb;en-us;318753

 

[Herb Martin]

Hi Herb,
Thanks for replying back.You are a DS..hehe Day saver i meant.
Let me re-emphasize about my issue.
All machines were build in as a image with a registry entry to get the
policy updates from a Nt domain controller,they were getting the proper
updates from Nt domain.Client machines which were pulling this down are all
windows 2000 professional machines.

I had forgotten that those machine CAN use NT
policy (isn't it just for users?).

IF they can get them from the DCs (not NT) then
you are going to have to replicate them to one
of the SysVol -> NetLogon areas -- SysVol is the
replication area for 2000 DCs, and it automatic
within the 2000 class DCs (not to NT BDCs.)

NT domain got upgraded to Win2k in mixed mode.Th domain controller which had
the .pol file is now the BDC.

Copy it to one of the DCs in the equivalent SysVol NetLogon
area. If you will migrate soon or change this file seldom then
that may be suficient or else you will need to setup the
"file replication bridge."

New machines as well as old users when they login to different machines are
not getting there policies updated.

2000 class machines favor the DC(s)

( this policy file was never in replication directory on NT 4.0 DC's, I

know

That was incorrect. Unless you had somehow hard coded it.

about lbridge.cmd and it works fine in my test environment, all i have in my
repl directory in export server was our login scripts)

My question is how to create a similar GP as .pol file which will be used
domain wide for the changes in registry.

If you have the ADM file they can be converted for
use on Win2000 -- not the pol file directly. (Oops,
see below....)

There (used to be) is a tool in the ResKit (download
from Microsoft) called MigrPol.

I can't find that MigrPol on my machines right at the
moment but....

There is ANOTHER tool in the ResKit called
GPolMig.exe, apparently for converting POL files
directly.

I have never used it but it seems to be exactly what
you are seeking.