friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8826eae394
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaii_5.4.0.1/rzaiipoloverview.htm

112 lines
6.9 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Overview of iSeries Access for Windows policies" />
<meta name="abstract" content="Use iSeries Access for Windows System Policies to restrict users from certain actions, and to suggest or require certain configuration features." />
<meta name="description" content="Use iSeries Access for Windows System Policies to restrict users from certain actions, and to suggest or require certain configuration features." />
<meta name="DC.Relation" scheme="URI" content="rzaiipolicyadm.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaiitypescope.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaiiconfiguration.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaiieditor.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaiicreatingpolicyfiles.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaiipolicylisting.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaiipoloverview" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Overview of iSeries Access for Windows policies</title>
</head>
<body id="rzaiipoloverview"><a name="rzaiipoloverview"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Overview of iSeries Access for Windows policies</h1>
<div><p>Use iSeries™ Access
for Windows<sup>®</sup> System
Policies to restrict users from certain actions, and to suggest or require
certain configuration features.</p>
<p>System policies can apply to individual Windows user profiles, and specific
PCs. However, these policies do not offer control over iSeries server resources, and are not
a substitute for iSeries security.
For a description of what you can do with these policies, refer to Types and
scopes of policies.</p>
<p>Use of Group Policy to control use and configuration of iSeries Access
for Windows had
limited testing and can therefore provide unpredictable results. For additional
information about Group Policy, see Microsoft<sup>®</sup> documentation. The remainder
of this topic discusses the tested, supported use of iSeries Access for Windows policies.</p>
<div class="section"><h4 class="sectiontitle">Policy support in your network</h4><p>Policies can reside
on a file server. When configured on a file server, each time users sign-on
to their Windows workstation, their workstation downloads
all the policies that apply to that Windows user profile. The user's PC
applies the policies to the registry before the user does anything on the
workstation. Each Windows operating system comes with the code needed
to download policies.</p>
<p>To use the full capability of policies, you need
the following:</p>
<ul><li>A primary logon server</li>
<li>A policy server</li>
</ul>
<p>You can use IBM<sup>®</sup> iSeries Support for Windows Network Neighborhood (iSeries NetServer™)
as the policy server.</p>
<p>See Set up your system to use policies for more
information.</p>
</div>
<div class="section"><h4 class="sectiontitle">Policy files</h4><p>Policy definitions are contained in
policy templates, which organize the policies into categories. iSeries Access
for Windows provides
five policy templates, one for each of the following functions:</p>
<ul><li>Restricting iSeries Access
for Windows functions
for a given system (sysname.adm)</li>
<li>Restricting specific iSeries Access for Windows function at runtime (caerestr.adm)</li>
<li>Restrict which components users may install or uninstall (caeinrst.adm)</li>
<li>Mandate or suggest configuration settings for specific environments, the
systems within those environments, and some configurable values for those
systems (config.adm)</li>
<li>Suggest or mandate global configurable values (caecfg.adm)</li>
</ul>
<p>You must generate the policy templates with the CWBADGEN utility before
creating or modifying specific policies. Then use the Microsoft System
Policy Editor or the Microsoft Management Console Group
Policy snap-in, gpedit.msc, to activate the templates and set their constituent
policies. If using the Microsoft System Policy Editor, save
the changes to a policy file. If using gpedit.msc, the policy settings are
stored in a Group Policy Object automatically. See Microsoft documentation for details.</p>
<p>See
Create policies for more information.</p>
</div>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzaiitypescope.htm">Types and scopes of policies</a></strong><br />
Each policy iSeries Access for Windows provides is either a restriction
or a configuration policy, and can address one or more scopes.</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaiipolicyadm.htm" title="iSeries Access for Windows provides multiple methods of setting up restrictions and profiles. These include policies that can be set using Microsoft's policy editor, and the Application Administration function of iSeries Navigator.">Restrict users with policies and application administration</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzaiieditor.htm" title="To create your own policy files, you need the Microsoft policy editor.">Microsoft System Policy Editor</a></div>
<div><a href="rzaiipolicylisting.htm" title="iSeries Access for Windows supports Microsoft System Policies. Administrators can use policies to control which functions and settings are available to each user.">iSeries Access for Windows policy list</a></div>
</div>
<div class="reltasks"><strong>Related tasks</strong><br />
<div><a href="rzaiiconfiguration.htm" title="Download a policy file across the network.">Set up your system to use policies</a></div>
<div><a href="rzaiicreatingpolicyfiles.htm" title="Create or modify policies and store them in a policy file.">Create policy files</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink