Microsoft Windows NT 4.0 User Manual
Page 45
Microsoft Windows NT Server White Paper
37
e applied to the HKEY_CURRENT_USER key in the registry.
NOTE: If a setting is ignored (gray) in the group settings, but the same setting is marked as enabled
or disabled in the Default User settings, the Default User setting are used. The Default User settings
take precedence over only those settings that are ignored in the group settings.
•
If the policy file includes settings for the specific computer name, these are
applied to the HKEY_LOCAL_MACHINE registry key. Otherwise, the De-
fault Computer settings are applied. This process is independent of the
user account for the user who is currently logged on. All users receive
these settings when they use this computer.
NOTES:
•
Group policies do not operate in a NetWare only environment, because Windows NT checks for
Windows NT global groups only, not NetWare groups.
•
If an administrator logs on, a policy is in effect, no explicit settings exist for the administrative ac-
count, and the Default User settings are present, the administrator will receive the settings of the
Default User. Administrative accounts are not exempt from policies. This should be a key factor to
consider when implementing policies.
The System Policy Editor provides a hierarchical Group Priority dialog that
helps you see and manage the order in which group policies are applied. The
next illustration shows the dialog and explains these priorities.
Additional Implementation Considerations
Although a properly implemented policy can simplify system administration in
the long term, such policy requires careful planning. Before you implement
system policies, consider the following:
•
Would administration be simplified by defining group settings rather than
creating settings for individual users?
•
Where are the computers located in your network? Is geographic location
an important aspect of your network’s design— for example, is your net-
work distributed over a large geographic area? If so, computers from a
certain locale may benefit from retrieving policy files from a machine that is
close at hand, as opposed to using a domain controller that may not be
nearby.