Policy serving in an iSeries domain works basically as it would in an NT domain. If the client is configured for Automatic Remote Update, then it should look for the policy file in the NETLOGON share of the Logon Server and apply the relevant policies during logon. This should be the default. Otherwise, Manual Remote Update can be used to load the policy from a different share. This setting can be checked in the following registry key: HKLM\System\CurrentControlSet\Control\Update, value name UpdateMode. A data value of 1 means automatic.
Policies are a batch of changes that are applied to the PC's registry that control and restrict a number of things, including what shows up on the user's Start menu, whether the user can install software, what the desktop looks like, which commands are restricted, and so on. When you edit a policy file, you are making changes based on a template which you select. Windows-specific shipped templates include common.adm, winnt.adm, and windows.adm. Other applications may provide their own templates that allow the restriction of certain functions in the application. For example, iSeries Access provides several.
System policy files are created with the System Policy Editor (SPE), typically found as poledit.exe. The same editor can run on different OS levels, but it is important to understand that policy files created on Windows 98 and Me can be used by Windows 98 and Me (not Windows NT, Windows 2000, or Windows XP) machines and the file should have the name CONFIG.POL. Policy files created on Windows NT, 2000, and XP cannot be used by Windows 98 or Me and must have the name NTCONFIG.POL.
Be very careful when putting system policies into effect. You can easily lock out a function that you did not intend to on a PC, and since policies are applied to the local registry, it will remain locked out until you specifically turn it back on in the policy file so that the change can be picked up during the next logon.