JSI Tip 0538 - How do I implement system policies on a standalone Workstation or Server?

Windows NT system policies were created for when users log on to a domain account database. You can create a system policy for use when logging onto a local account database. If a user logs on to the local account database, the policy will be applied (to everyone, including Administrators). If they logon to a domain database, domain policies will be applied.

To create a local policy, log on locally as an Administror and create a NETLOGON share on the local computer at
%SystemRoot%\System32\Repl\Import\Scripts. Grant the Everyone group Read permission and the Administrators group full control on this share.

In Poledit.exe, configure a simple policy to start with.

Double-click Local Computer.
Double-click Network.
Double-click System Policies Update.
Click Remote Update to select it.
Click Automatic (Use Default Path) in the Update Mode box.
Click OK.
Save the policy as NTConfig.pol (it will be saved in the %SystemRoot%\System32\Repl\Import\Scripts folder).

Note: If you don't want to create a NETLOGON share, choose Manual (Use Specific Path) in the Update Mode box and type the path into the Path for Manual Update dialog box. In this case, you can name your policy anything you wish.

I prefer using the registry hacks at tips 050, 070, and 215, so I can control who they are applied to (tip 105).

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.