Why do users who log on to a trusted Windows NT 4.0 domain inherit the policy of the trusted authenticating domain and not the workstation domain?

A. To determine a user's policy, NT 4.0 uses information in the ntconfig.pol file on the NETLOGON share of the authenticating domain controller (DC). For example, imagine that a user from domain A logs on to a machine in domain B, which trusts domain A. A domain A DC validates the logon, so NT loads the ntconfig.pol file from the domain A DC NETLOGON share.

To apply the workstation domain's policy to the user, you need to force the workstation to load the policy from the correct location. You can accomplish this by using the NetworkPath registry value, as I explain in this FAQ. Be aware that you should use a Universal Naming Convention (UNC) path in the NetworkPath registry value rather than mapped path letters because mapped paths probably won't exist when the profile is loaded.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.