Local Policy Mgmt utilities

  • Thread starter Thread starter Chuck Czarnik
  • Start date Start date
C

Chuck Czarnik

We have a bunch of W2k/XP desktops that will be in NT4
domains for at least another 18 months. I need to do some
policy mgmt on these machines, but without AD I'm stuck
with local policy only. Looking for scripts / utilities /
3rd parties that will help us automate some of this..

Any tools out there that will let us extract local policy
from one machine and shoot it to others? Or edit local
policy directly on each machine? Hopefully something we
can drive from the command line and build into scripts to
automate some of this?

Thanks in advance! Chuck Czarnik
 
There are a number of third-party tools, many that will
want or assume up-level domain functionality.
You might want to look at Doug's nearly free tool that
partly simulates local policy features on per-user basis
at www.dougknox.com

You can use the old system policies on up-level clients
when they are in an NT 4 domain. This is the old poledit.
It has two problems. One is that it is rather limited without
you extending its adm files. The bigger issue is that it will
imprint the settings on the up-level machine in a way that
once you are within an AD environment you will not be able
to reverse from group policy (you will need to manually
clean-up first).

What I would recommend, provided that you have a large
commonality between the client systems, is to make a template
for the settings that you want enforced with local policy. This
is a one-off manual thing but once you have the template you
can import it into the local policy of the other clients with the
secedit commandline tool, applying all of those settings to the
target box at one whack. What you do need to keep fully in
mind is that local policy applies to all accounts - no exceptions,
not even admins. To exempt admins temporarily set a deny
on the folder system32\grouppolicy, log off and back on, and
remove the deny if you want to hand-tweak policy settings on
that machine. For templates and their use, look for the docs
on the Security Configuration Toolset at the MS website.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Remote Install of 3rd party hotfix 2
Local Policy Update Using Remote Registry Edit 6
Local Policy vs Domain Policy 2
Local Security Policy Being Changed? 1
Group Policy Permissions 1
Administrator cannot change Local Security Policies 1
Adding a group to local admin group 4
Local Security Policy automatically resets 6

Back
Top