Using System Policy Editor

You can use System Policy Editor to create system policies. More specifically, you can do the following with System Policy Editor:

Set entries for the default computer and user policy entries. This creates a default policy file for all users and computers, which is downloaded when each user logs on.
Create entries for individual users, individual computers, or groups of users. By default, these include the policy entries you defined for Default User and Default Computer.
Specify whether and in what manner you want policies downloaded from a centralized server, or specify whether you want to have policies downloaded from other specific locations for all or some users.

Caution

System Policy Editor is a powerful tool; you should restrict its use to network administrators. To avoid unauthorized use, do not install this tool on users’ computers, and restrict access to the source files so users cannot install it themselves.

Installing System Policy Editor

You can install and use System Policy Editor from the Netadmin\Poledit directory on the Microsoft Windows 98 Resource Kit compact disc.

To install System Policy Editor

In Control Panel, double-click the Add/Remove Programs icon, click the Windows Setup tab, and then click Have Disk.
In the Install From Disk dialog box, click Browse and specify the Netadmin\Poledit directory on the Microsoft Windows 98 Resource Kit compact disc.
Click OK, and then click OK again in response to the dialog boxes.
In the Have Disk dialog box, select the System Policy Editor check box, and then click Install.

To run System Policy Editor

On the Start menu, click Run. Type poledit, and then click OK.

If you want to use group policies, you must install that capability on each computer running Windows 98 by either using a custom setup script when you install Windows 98 or using the Add/Remove Programs option in Control Panel.

To set up capabilities for group policies using Add/Remove Programs

In Control Panel, double-click Add/Remove Programs, click the Windows Setup tab, and then click Have Disk.
In the Install From Disk dialog box, click Browse and specify the Netadmin\Poledit directory on the Microsoft Windows 98 Resource Kit compact disc.
Click OK, and then click OK again in response to the dialog boxes.
In the Have Disk dialog box, select the Group Policies check box, and then click Install.

Windows 98 Setup places Grouppol.dll in the Windows System directory on the client computer and makes the required registry changes.

For more information about adding the ability to use group policies when installing Windows 98 using custom setup scripts, see Chapter 4, "Automated Installations."

Modifying Policies and the Registry with System Policy Editor

You can use System Policy Editor in two different modes: Registry mode and Policy File mode:

In Registry mode, you can directly edit the registry of the local or the remote computer, and changes are reflected immediately. For more information about editing the registry for a remote computer, see Chapter 23, "System and Remote Administration Tools."
In Policy File mode, you can create and modify system policy (POL) files for use on other computers. In this mode, the registry is edited indirectly. Changes are reflected only after the policy is downloaded when the user logs on.

To use System Policy Editor in Registry mode

In System Policy Editor, on the File menu, click Open Registry. Then double-click the appropriate Local User or Local Computer icon, depending on what part of the registry you want to edit. After you make changes, you must shut down and restart the computer for the changes to take effect.

Important
Use Registry mode only when you want to make direct changes to the registry. You should typically change system settings by using the Control Panel options and other tools provided with Windows 98.

To use System Policy Editor in Policy File mode

In System Policy Editor, on the File menu, click New or Open to open a policy file.

When you edit settings in Policy File mode, clicking a registry option sets one of three possible states:

Selected
Cleared
Dimmed

Each time you select an option, the display cycles to show the next possible state. This is different from selecting a standard check box, which sets an option only to on or off. Table 8.2 summarizes the three possible states for options in a policy file.

Table 8.2 Option states in a policy file

Option state	Meaning

	Selected — this policy will be implemented, changing the state of the user’s computer to conform to the policy when the user logs on. If the option was previously checked the last time the user logged on, Windows 98 makes no changes.
	Cleared — this generally forces the registry setting to the opposite of the on state. Depending on the specific policy, this has the effect of either implementing or not implementing the policy each time the user logs on.
	Dimmed — the setting is unchanged from the last time the user logged on, and Windows 98 will make no related modifications to the system configuration. The dimmed state ensures that Windows 98 provides quick processing at system startup, because it does not need to process each entry each time a user logs on.

Caution

When you define a policy option, make sure you have set the proper state for the option. If you set an option by selecting it but then change your mind and clear the option, you can inadvertently destroy the user’s previous configuration. If you decide not to set a particular policy option, make sure that option is shaded so that the user can configure and retain the setting for that option.

For example, you might select the option to specify Microsoft Client for NetWare Networks and then click again to clear that option. When the user logs on and the policy is downloaded, this setting would wipe out the user’s current configuration that specifies Client for NetWare Networks.

If a setting requires additional information, an edit control appears at the bottom of the Default User Properties dialog box. For example, if Wallpaper is selected in the Desktop settings, the following dialog box appears.

Usually, if a policy has been selected and you no longer want to enforce it, you should clear the box to cancel the policy. However, in the following cases, a few policies might behave differently than you might expect if the check box is cleared:

The policy setting contains an edit box that must be completed (as opposed to a simple check box).
The policy setting can also be set by users through Control Panel.

In these cases, you should consider making sure the check box is dimmed when you no longer want to enforce the policies. A user can then modify this information as needed.

Table 8.3 describes the results of different settings for such policies.

Table 8.3 Policy settings and their behavior

Policy	Behavior

Settings for Wallpaper	Selecting it forces the specified wallpaper to be used. Clearing it removes the wallpaper (the user will not have any wallpaper). Leaving it dimmed means that the user can choose wallpaper after clicking Display in Control Panel.
Client for NetWare Networks: Preferred Server	Selecting it sets the preferred server you specify. Clearing it deletes the preferred server from the computer’s registry. The user must specify the preferred server at every logon if set to primary logon. Leaving it dimmed means the user can specify the preferred server after clicking Network in Control Panel.
Microsoft Client for Windows Networks: Domain	Selecting it sets the Windows NT Logon domain you specify. Clearing it deletes the domain setting from the computer’s registry. The user must specify the domain at every logon if set to primary logon. Leaving it dimmed means the user can specify the domain after clicking Network in Control Panel.
Microsoft Client for Windows Networks: Workgroup	Selecting it sets the workgroup for that computer. Clearing it deletes the workgroup setting from the computer’s registry. Leaving it dimmed means the user can specify the workgroup after clicking Network in Control Panel.