Reader to Reader - September 1998

Email this Article

Printer-Friendly

View Reader Comments

[September 1998]
Reader to Reader - September 1998
By: Readers
Reader to Reader
InstantDoc #3799
From the September 1998 edition of Windows IT Pro

DOWNLOAD THE CODE:

Listing_01.txt

Listing_02.txt

[Editor's Note:Share your NT discoveries, comments, experiences with products, problems, and solutions and reach out to other Windows NT Magazine readers (including Microsoft). Email your contributions (400 words or less) to Karen Bemowski at kbemowski@winntmag.com. Please include your phone number. We will edit submissions for style, grammar, and length. If we print your letter, you'll get $100.]

When rolling out system policies in a large network environment, having a plan that details who will manage the policies and how to manage them is helpful. When you are creating this plan, keep in mind eight tips.

Tip 1. Back up ntconfig.pol (Windows NT) or config.pol (Windows 95). Always keep the last .pol file as a backup in case the users' local Registry corrupts. Using the existing .pol file to fix the problem might not work because that file might have caused the corruption. When you use the backup .pol, you might need to re-create user profiles.

Tip 2. Always use the same templates. If you have five templates loaded in the System Policy Editor (SPE), make sure you have the same five templates loaded when editing the .pol file. If you reconfigure an existing .pol file but neglect to include a previously loaded template, that file will lose the existing configurations that the previous template created.

Tip 3. Set the options properly. Make sure you have selected the system policies options you want. If you decide not to set a particular option, make sure the check box is gray, so that the domain controller uses the previous configuration for that option. If the check box is clear, you will inadvertently change the previous configuration of the system policies file.

Tip 4. Keep it simple. Minimize the number of specific user and specific computer entries in the system policies. An effective minimization approach is to first create one standard system policies file for all users by editing the default settings, and then create settings for specific users on an exception basis.

Tip 5. Don't copy a .pol file into %systemroot%\system32\repl\import\scripts on the domain controller until you're certain it works correctly. The workstation automatically searches for .pol files in the Netlogon share, so once you copy a .pol file into %systemroot%\system32\repl\import\scripts, the file is live, ready or not.

Tip 6. Label your global groups. Edit the description to all global groups in the system policies file to include [POLICY] as the prefix. This way, administrators will immediately know the groups in that system policies file.

Tip 7. Print a document containing the group priorities for each .pol file for easy reference. If you have more than one .pol file, label each list in every file.

Tip 8. Allow only network administrators access to SPE. To avoid unauthorized access, do not install SPE on users' computers. In addition, to prevent users from installing SPE, restrict their access to source files.

If you run into problems after planning and implementing your system policies, don't despair. Microsoft's Zero Administration Kit (ZAK) documentation has a helpful section on troubleshooting system policies. (For more information about ZAK, go to Microsoft's Web site, http://www.microsoft.com/windows/zak/default.htm.) Before you start the troubleshooting process, go through the following checklist.

1. Check to see whether you used the right SPE. You must use only the Win95 SPE to create the config.pol file and only the NT SPE to create the ntconfig.pol file. Otherwise, unpredictable results can occur.

2. Check for user policies. The settings in users' policies override the corresponding settings in groups' policies.

3. Check for multiple system policies for the same Registry key. When multiple templates configure the same Registry setting, multiple policies can result. When multiple policies exist, the system policies file listed last in SPE is the one that the domain controller will follow.

4. Check for binary keys. System policies can't configure information stored in a binary key. If an application stores data in a binary key, you cannot configure that data through SPE.

5. Check the replicated .pol files. In a large network with multiple domain controllers, NT spreads the load over all the controllers. When NT spreads a load, it replicates ntconfig.pol to the logon shares of the domain controllers. If you have multiple domain controllers, check the Microsoft Windows NT Server 4.0 Resource Kit to see whether you properly set up the directory replication function.

Consistency is the key to successful system policies. If you keep accurate records of your configurations and have a solid change control process in place, system policies are powerful and much safer to use than editing the Registry manually.

—Larry Dragich
dragich@mich.com

Resetting User Settings
In "Modify Windows NT Script to Work with NetWare Clients" (Reader to Reader, March 1998), Lenny Zeltser provides an alternative script to the script Steve Hong presented in "Tip for NT Administrators" (Reader to Reader, October 1997). Steve's script changed the username back to the user's logon after a systems administrator had logged on to the machine to perform administrative tasks. Lenny's script modifies the appropriate Registry key so that Steve's script works when there's a Novell NetWare client on the workstation.

I ran into a different problem with Steve's script when trying to implement it on a NetWare network. The systems administrators at my company must log on to the local workstation as Administrator. (They don't have Administrator privileges on the domain.) When they log off, the workstation is not ready for the user to log on to the domain. Listing 1 contains my solution to this problem. I place this script on the network in a location where all users have it in their PATH statement. That way, before the systems administrators log off,they just go to the Run command and enter setuser and the string for input.

—Dan Bohman
dan.bohman@crown.com

Bug in HP Print Servers
Several models of external HP print servers contain a firmware bug that prevents them from printing large documents in a Windows NT network using the IPX/SPX protocol and Service Pack 2 (SP2) or SP3. This bug affects HP JetDirect 150EX, HP JetDirect High Performance, and possibly other models.

HP internally refers to the bug as the 20-page plus problem because it appears to affect documents that have more than 20 pages. In reality, the printer's limit is about 1MB of output, regardless of the number of pages.

When you send a print job 1MB or larger to an affected print server, the printer will print the first few pages, stall, then reprint the first few pages two or three more times. This problem also occurs when you send several smaller print jobs to the print server at about the same time.

You can work around the problem by configuring the print server to use the TCP/IP or Data Link Control (DLC) protocol instead of the IPX/SPX protocol. However, HP JetDirect 150EX doesn't support TCP/IP and DLC, rendering the 150EX useless to NT users with SP2 or SP3.

Installing DLC on NT automatically installs print server support for the HP JetDirect High Performance print server. To use TCP/IP printing support, you need to install the software that HP ships with the print server. (HP also ships TCP/IP in case you haven't already installed it on your network.) Both protocols work, but I found DLC to be more stable than TCP/IP.

Prev. page [1] 2 next page

You must log on before posting a comment.

If you don't have a username & password, please register now.

ADS BY GOOGLE SPONSORED LINKS

Order Your SharePoint Fundamentals CD!: Learn how to uncover rich information management capabilities with this free SharePoint CD.

Try Idera’s new SQL admin toolset!: 24 essential desktop tools for managing SQL Server for $495.

Simplify your data management: Affordable multi-database query and design tool-- free trial!

Virtualization Congress Oct. 14-16: Don't miss Virtualization Congress, the premiere EMEA conference dedicated to hardware, OS and application virtualization. Oct. 14-16 in London.

FEATURED LINKS

Master SharePoint with 3 eLearning Seminars: Learn how to customize field types, create scheduled services, and go further with the Content Query Web Part with MVP Andrew Connell. Register today!

Microsoft BI Conference – Oct. 6-8: Discover best practices and gain product insight from Microsoft’s product experts in the 2nd annual event in Seattle.

Attention User Groups & User Group Leaders...: Announcing the eNews Generator—a FREE HTML e-newsletter builder for user group leaders. Build your HTML and text e-newsletters in minutes. And add Windows IT Pro & SQL Server Mag articles alongside your own message!.

Get SQL Server 2008 at SQL Connections: Don’t miss SQL Server Magazine Connections Conference, the premier event for Microsoft developers and DBAs, in Las Vegas, November 10-13. Every attendee will receive a copy of SQL Server 2008 Standard Edition with one CAL.

SQL Server Magazine Master CD: Take the Experts with You!: Find the solutions you need in thousands of searchable articles, helpful bonus content, and loads of expert advice with the SQL Server Magazine Master CD. Order comes with a 1-year subscription to the new, online articles posted every day!

	SQL Server Magazine Register Subscribe FAQ for Windows WinInfoNews
	Contact Us / Customer Service Editorial Calendar Media Kit Affiliates / Licensing Technical Resources Directory
	Windows IT Pro Office & SharePoint Pro Windows Dev Pro IT Library Connected Home Windows Excavator SuperSite IT Job Hound ITTV

	Copyright © 2008 Penton Media, Inc. All rights reserved. Terms and Use Privacy Statement Reprints and Licensing

Search

Related Whitepapers

Related eBooks

Related Essential Guides

Related Resources

vLabs Links

SQL Job Openings

ADS BY GOOGLE SPONSORED LINKS

FEATURED LINKS