NT4 policy problems (doesn't work!)

[chemos]

running a network with one NT4 PDC and three NT4 BDC's (single domain). i'm trying to implement policies for a particular user on the network. i used policy editor to create the file i need (config.pol) and dropped it into the netlogon share of all the domain controllers, and it doesn't work! tried changing default user settings in the pol file and copying it back in on all systems again--still no luck.

is there something i'm doing wrong here? the file name is config.pol, "Everyone" has read rights to it, and it's been placed in the netlogon share of all domain controllers. it should work, right?

some more background info.. i used the win98 poledit for the file as all workstations here are win98 (no win95). i also tried creating a new policy from scratch. this is not a group-based policy and should not require client-side installation. any help would be appreciated!

Thanks--

 

[Vegito]

are you replicating the netlogon directory to the BDCs ? also there is an in and an out netlogon directory for the BDCs, make sure it's in the right one...

 

[chemos]

forcesho>

thank you for the quick reply. i do not currently have replication running, but the config.pol (same file) has been copied to all three BDC's. according to the docs, it should work fine. i'll definitely be setting up dir. replication for future scripts and policies.

i copied the file config.pol directly to the netlogon share, but after your reply i also went in and checked to be sure that the file is located at c:\winnt\system32\repl\import\scripts on all four machines.

any other ideas? i'm at a complete loss. does the policy file have to be anywhere else for policies to work? thanks again for the fast reply..

 

[Vegito]

sorry dude, i dont quite remember, i converted to w2k servers and dont remember crap.. let me look up the books or something... maybe someone else here would know...

 

[stash]

It sounds like your policy is set up correctly on the DCs. Replication is unnecessary if you are willing to manually copy the policy files to each DC as you have done.

I have not worked with policies with 9x machines, but I can try to solve the problem from an NT perspective. First, are you sure that the clients are actually being logged on to the domain? That is, are they being authenticated by a DC? The way to check this on an NT client is to open a command prompt, and type echo %logonserver% If it returns the name of a DC, then it is on the domain. If it returns the local machine name, then it is not. I'm not sure that this will work in 98 however.

The second thing you will want to check is if you have put grouppol.dll into the windows\system directory on your 9x machines.

Hope this solves your problem