Skip navigation
Menu
End-User Platforms>Active Directory

JSI Tip 10040. How do I implement system policies for Windows XP, Windows 2000, and Windows Server 2003 client computers in non-Active Directory environments?

Microsoft Knowledge Base Article 910203 contains the following summary and introduction:

SUMMARY

This article discusses how to implement system policies for Microsoft Windows XP-based, Microsoft Windows 2000-based, and Microsoft Windows Server 2003-based client computers in non-Active Directory directory service environments.

INTRODUCTION

Before the implementation of Group Policy settings and Active Directory in Windows 2000, computer and user policy settings were implemented as Microsoft Windows NT "System Policies."

Windows NT System Policies had the following limitations that Active Directory Group Policy settings do not have:

The policies persist in a user's profile until the specified policy is reversed or until you change the applicable registry setting. This behavior is frequently referred to as "tattooing" the registry.
The policies are not secure.
The policies cannot be refreshed without a restart.

Group Policy includes the functionality of Windows NT 4.0 System Policies. Group Policy also provides additional policy settings for scripts, software installation and maintenance, security settings, Microsoft Internet Explorer maintenance, and folder redirection. The following table compares Group Policy and Windows NT 4.0 System Policy.

Comparison Group Policy Windows NT 4.0 System Policy
Tool used Microsoft Management Console (MMC) Group Policy snap-in System Policy Editor (Poledit.exe)
Number of settings More than 150 security-related settings and more than 620 registry-based settings 72 settings
Applied to Users or computers in a specified Active Directory container (site, domain, or OU) or local computers and users Domains or local computers and users
Security Secure Not secure
Extensible by MMC or .adm files .adm files
Persistence Does not leave settings in the user profiles when the effective policy is changed Persistent in user profiles until the specified policy is reversed or until you change the registry
Defined by User or computer membership in security groups User membership in security groups
Primary uses Implement registry-based settings to control the desktop and user. Configure many types of security settings. Apply logon, logoff, startup, and shutdown scripts. Implement IntelliMirror software installation and maintenance. Implement IntelliMirror data and settings management. Optimize and maintain Internet Explorer. Implement registry-based settings that govern the behavior of applications and operating system components, such as the Start menu.



Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
computer password entry box overlaying a keyboard
How To Use PowerShell for Active Directory Password Help
Mar 18, 2024
Microsoft CEO Satya Nadella on stage at Microsoft Ignite 2023
Top 10 Stories About Microsoft in 2023
Dec 22, 2023
A keyboard key shows a cloud icon and says the word 'connect'
How to Access Azure AD in PowerShell
May 09, 2023
arrows on a blue background
How To Import the PowerShell Active Directory Module
May 02, 2023