Troubleshooting with System Policy Editor

This section contains some common problems that you might encounter when implementing system policies and some suggestions for fixing those problems.

In general, when troubleshooting problems with system policies, verify the following:

When troubleshooting system policies, you should turn on error messages. You can do this from the Remote Update policy, as explained in "Setting Up for Manual Downloading of System Policies" earlier in this chapter. This setting displays error messages when policies cannot be downloaded correctly; the error messages might help identify the problem.

The computer seems to be picking up some of the policies, but not all of them.

In this case, the computer might not be picking up any policies for Default User or for a particular user; it might be picking up only policies set for Default Computer or for a particular computer. In this case, make sure that user profiles are enabled on that computer. In the Passwords option in Control Panel, click the User Profile tab and set the desired options.

The computer does not seem to be picking up policies from a CONFIG.POL file on the Windows NT domain.

The computer running Microsoft Client for NetWare Networks does not seem to be picking up the policies from a CONFIG.POL file on the NetWare server.

The computer running a Novell-supplied VLM or NETX client does not seem to be picking up the policies from the CONFIG.POL on the NetWare server, even though the file is in SYS:PUBLIC.

Automatic downloading of system policies on a NetWare server works only when the client computer is running Microsoft Client for NetWare Networks. If the computer is running the Novell-supplied VLM or NETX client, then you must use manual downloading from a mapped drive. For information, see "Setting Up for Manual Downloading of System Policies" earlier in this chapter.

The client computer is set for manual downloading, but it is not picking up the policies.

You have implemented a policy and then cleared it, but it appears to still be in effect, or it does not do what you thought it would do.

Does the policy have an edit box that needs to be completed? For example, do you need to specify the wallpaper or workgroup name? If so, then by clearing the policy, you are actually deleting the Registry setting for that value. For example, by clearing the wallpaper policy, the wallpaper Registry setting is made to be blank, and thus the user will have no wallpaper.

For all policies that involve settings that users can manipulate by using an option in Control Panel, the best way to stop enforcing that policy is to make sure that policy setting is grayed, in order to allow the users to make their own choices. These policies are listed in "System Policy Editor" earlier in this chapter.

You set up group policies, but one or more of the users do not get these group policies when they log on.

You used the policy named Only Run Allowed Windows Applications, but then you could not turn off this policy because you forgot to include POLEDIT.EXE in the list.

You need to prevent users from modifying their computer configuration, including even more restrictions than are available through standard system policies.

Use one or more of the following methods for ensuring administrative control of the computer's configuration.