58 lines
3.6 KiB
HTML
58 lines
3.6 KiB
HTML
|
<?xml version="1.0" encoding="utf-8"?>
|
||
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="dc.language" scheme="rfc1766" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<meta name="dc.date" scheme="iso8601" content="2005-09-06" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow"/>
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<title>Policy serving</title>
|
||
|
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="ic.css" />
|
||
|
</head>
|
||
|
<body>
|
||
|
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
|
||
|
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
|
||
|
|
||
|
|
||
|
<a name="logon_policyserving"></a>
|
||
|
<h2 id="logon_policyserving">Policy serving</h2>
|
||
|
<p>Policy serving in an iSeries domain works basically as it would in an NT domain.
|
||
|
If the client is configured for Automatic Remote Update, then it should look
|
||
|
for the policy file in the NETLOGON share of the Logon Server and apply the
|
||
|
relevant policies during logon. This should be the default. Otherwise, Manual
|
||
|
Remote Update can be used to load the policy from a different share. This
|
||
|
setting can be checked in the following registry key: HKLM\System\CurrentControlSet\Control\Update,
|
||
|
value name UpdateMode. A data value of 1 means automatic.</p>
|
||
|
<p>Policies are a batch of changes that are applied to the PC's registry that
|
||
|
control and restrict a number of things, including what shows up on the user's
|
||
|
Start menu, whether the user can install software, what the desktop looks
|
||
|
like, which commands are restricted, and so on. When you edit a policy file,
|
||
|
you are making changes based on a template which you select. Windows-specific
|
||
|
shipped templates include common.adm, winnt.adm, and windows.adm. Other applications
|
||
|
may provide their own templates that allow the restriction of certain functions
|
||
|
in the application. For example, iSeries Access provides several.</p>
|
||
|
<p>System policy files are created with the System Policy Editor
|
||
|
(SPE), typically found as poledit.exe. The same editor can run on different
|
||
|
OS levels, but it is important to understand that policy files created on
|
||
|
Windows 98 and Me can be used by Windows 98 and Me (not Windows NT, Windows
|
||
|
2000, or Windows XP) machines and the file should have the name CONFIG.POL.
|
||
|
Policy files created on Windows NT, 2000, and XP cannot be used by Windows
|
||
|
98 or Me and must have the name NTCONFIG.POL.</p>
|
||
|
<p>Be very careful when putting system policies into effect. You
|
||
|
can easily lock out a function that you did not intend to on a PC, and since
|
||
|
policies are applied to the local registry, it will remain locked out until
|
||
|
you specifically turn it back on in the policy file so that the change can
|
||
|
be picked up during the next logon.</p>
|
||
|
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
|
||
|
</body>
|
||
|
</html>
|