Microsoft Windows NT System Policy settings are applied when
a user or a computer account is a member of a Windows NT domain. By comparison,
Group Policy settings are applied when a user or a computer account is a member
of an Active Directory directory service domain. With Microsoft Windows NT
Server 4.0 Terminal Server Edition, you may want to apply System Policy
settings to affect users who log on to the terminal server through the console
or through the Terminal Server client.
The procedures that are
described in this article do not apply to client computers that are running
Microsoft Windows 2000, Microsoft Windows XP Professional, or Microsoft Windows
Server 2003 in some conditions. System Policy settings are used to configure
client computers that are running Windows NT 4.0, Microsoft Windows Millennium
Edition (Me), and Microsoft Windows 98. However, in a Windows 2000 network or
in a Windows Server 2003 network, you must use Group Policy settings to
configure and control computers that are running Windows 2000, Windows XP
Professional, or Windows Server 2003. System Policy settings are different from
Windows 2000 Group Policy settings in that they overwrite registry settings on
the client computer with persistent changes. This behavior is known as
This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
How to back up and restore the registry in Windows
When you use System Policy settings for client
computers that are running Windows 2000, Windows XP Professional, or Windows
Server 2003, consider the following guidelines:
- Client computers that are running Windows 2000, Windows XP
Professional, or Windows Server 2003 ignore System Policy settings that are
placed in the Netlogon share of a Windows 2000 domain controller or a Windows
Server 2003 domain controller. Instead, they apply Group Policy settings.
- Computers that are running Windows 2000, Windows XP
Professional, or Windows Server 2003 and that are joined to a Windows NT 4.0
domain apply System Policy settings from the Netlogon share of a Windows NT 4.0
- Windows NT 4.0-based client computers apply System Policy
settings that are placed in the Netlogon share of a domain controller that is
running Windows 2000, Windows Server 2003, or Windows NT 4.0.
When you use System Policy settings for client computers that
are running Windows NT 4.0 (or Windows 95 or Windows 98), consider the
- System Policy settings are applied to domains.
- System Policy settings may also be controlled by user
membership in security groups.
- System Policy settings are not secure.
- System Policy settings persist in users’ profiles (this is
sometimes referred to as tattooing the registry), as explained earlier in this
article. This means that after a registry setting is set by using a Windows NT
4.0 System Policy setting, the setting persists until the specified policy is
reversed or until the user edits the registry.
- System Policy settings are limited to desktop
To implement a System Policy setting to affect all
Terminal Server users who log on to the console or through the Terminal Server
client, follow these steps:
- Start System Policy Editor (Poledit.exe), and then make the
changes for your policy.
- On the File menu, click Save
As, and then save the policy file on your hard disk. For example, save
the file as C:\Ntconfig.pol.
- On the File menu, click Open
- Double-click Local Computer, double-click
Network, double-click System Policies Update,
and then click to select the Remote Update check
- In the Update Mode box, click
Manual (Use Specific Path), type a path in the Path
for Manual Update dialog box (for example, type
- You can name the policy file anything you
- To display an error message if the policy file is not
found when Windows NT starts, click to select the Display Error
Message check box.
- Click OK.
- Save your policy to the path that you specified in step 5,
and then exit Policy Editor.
- Restart Windows NT for the changes in the policy to take
Every user or computer account that logs on after a policy is in
place is subject to the policy. Therefore, it is a good idea not to edit the
default user or computer account until you are familiar with System Policy
settings. Make a test user/group account in "User Manager," and then make a
specific policy for this user/group in System Policy Editor. After you have the
policy working correctly, you can then transfer the policy to the production
The settings in this procedure modify the following
path in the registry:
Subcategory: System Policies
Selection: Remote update
: Controls how policies are applied to a Windows NT 4.0-based
computer. With UpdateMode set to 1 (Automatic, the default), Windows NT makes a
connection to the Netlogon share of the validating domain controller in the
user's context and then checks for the existence of the policy file,
NTconfig.pol. With UpdateMode set to 2 (Manual), Windows NT reads the string
that is specified in the NetworkPath value and then checks that path for the
existence of the policy file (in this case, the policy file name should be
included in the NetworkPath value). With UpdateMode set to 0 (Off), a policy
file is not downloaded from any system. Therefore, it is not applied.Key
Collapse this tableExpand this table
|Registry Entry||Type||Values and
|UpdateMode||REG_DWORD||Off = 0, Automatic=1;
|NetworkPath||REG_SZ||Text of UNC path for
|Verbose||REG_DWORD|| Display error messages Off
= 0 or value not present; On = 1|
|LoadBalance||REG_DWORD|| Off = 0 or value not
present; On = 1|
The UpdateMode registry entry only applies for the Windows NT 4.0
policy. For members of an Active Directory forest, the UpdateMode registry
entry is ignored, and instead, the Group Policy settings that are configured in
Active Directory are applied. To gain the same effect as using the UpdateMode
entry, you can use a GPO Loopback policy.
For additional information about using
a GPO Loopback policy, click the following article number to view the article
in the Microsoft Knowledge Base:
How to apply Group Policy objects to Terminal Services servers
For additional information about how to use
System Policy settings in Windows 2000, click the following article number to
view the article in the Microsoft Knowledge Base:
How to create a System Policy setting in Windows 2000