This is the first I read of a mixed NT / Win2K domain. I'm not sure if you have Win2K domain controllers and Active Directory or still using NT domain controllers. How many servers, workstations are you talking about?
You have a lot of options for the Win2k servers. Use a domain GPO within Active Directory, or use SCM and create a security template. Import the security template to all of the Win2k Servers - or better yet, if you have AD, you could also use Active Directory to apply the template within the domain GPO. Note (as documented in the Win2k Server Administrators Companion Guide): System policies set in Windows NT 4 do not migrate to Windows 2000. A Windows NT client upgraded to Windows 2000 will have only Active Directory-based group policies; no Windows NT 4 policies will survive the upgrade. The primary difference between Windows NT system policies and Windows 2000 group policies lies in where the policies are written. Windows 2000 uses only the following four trees of the registry: HKEY_LOCAL_MACHINE\Software\Policies HKEY_CURRENT_USER\Software\Policies HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies The first two are preferred. When a group policy changes, these trees are essentially deleted and their contents rewritten. Although none of the templates that come with Windows 2000 include values that write to other places in the registry, it is possible to do so. (Windows NT 4 policies can write to any part of the registry.) However, it is inadvisable to employ Windows NT-style policies that write to other parts of the registry for the following reasons: a.. Only the four trees just listed are secure. Applications, the operating system, or users can modify other parts of the registry. b.. Once a policy is set in another part of the registry, it will persist until the registry is edited or the policy is specifically reversed. c.. Sticking with the Active Directory Group Policy gives you considerably more control over when and how policies will change. Windows NT 4 Workstation and Server clients do not have Active Directory, so you will have to continue to use System Policy Editor (Poledit.exe) to set policy for those clients. Group policies will not apply to them. Similarly, run Poledit.exe on Windows 95 and Windows 98 clients and copy the resulting Config.pol file to the SYSVOL folder of the Windows 2000 domain controller. You might want to check out the following: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/tcevents/ itevents/network/tnq10107.asp http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechn ol/windows2000serv/deploy/walkthru/grpolwt.asp In terms of the regini.exe and reg.ini solution, show the list what you have so far........ :) ----- Original Message ----- From: "Network Issues" <[EMAIL PROTECTED]> To: "MSWinNT Discussions" <[EMAIL PROTECTED]> Sent: Monday, December 31, 2001 5:02 PM Subject: RE: Legal Notice > Thanks for the suggestion. I am also looking at regini.exe and creating a > batch file. > > I guess what I am confused about is actually executing the ini file and have > it affect all NTWS and W2K boxes in the domain. > > Please elaborate. > > Thanks again. > > Ron > > -----Original Message----- > From: James R. Gregg [mailto:[EMAIL PROTECTED]] > Sent: Monday, December 31, 2001 3:50 PM > To: MSWinNT Discussions > Subject: Re: Legal Notice > > I recently did this using regini.exe, reg.ini, and a batch. > > The batch copies the .ini and the .exe to a local directory and then updates > the registry according to the reg.ini. > > here is an example of the reg.ini file: > \Registry\Machine > Software > Microsoft > Windows NT > CurrentVersion > Winlogon > LegalNoticeText = REG_SZ Unauthorized access is prohibited. All > usage is monitored. Violators will be prosecuted. > > I would suggest scheduling the job via a scheduled task or using AT. > > Mr. McDonald's script shows you how to apply this to all of the machines in > your domain, which is cool because I never thought to use a net view command > to get the list of machines in the domain. The only problem with this would > be if there were some machines which did not show up in the net view list. > > Rem Next line wrapped: > > FOR /F "eol= skip=3 tokens=1,3 delims=\ " %%k IN ('net view DomainName') > DO IF NOT "%%k"=="The" Call MyScript %%k > > Another way is to have a list of the servers you want updated and include it > in a separate .txt file - servers.txt > FOR /F "eol= skip=3 tokens=1,3 delims=\ " %%k IN (servers.txt) DO IF NOT > "%%k"=="The" Call MyScript %%k > > > > > > > > > > ----- Original Message ----- > From: "Network Issues" <[EMAIL PROTECTED]> > To: "MSWinNT Discussions" <[EMAIL PROTECTED]> > Sent: Monday, December 31, 2001 4:13 PM > Subject: RE: Legal Notice > > > > Thanks for the heads-up. > > > > I've been looking at the reg.exe utility and it looks promising. However, > I > > don't see how I can implement the registry changes to all machines. There > > is no parameter to set either computer name nor domain name. > > > > Ron > > > > -----Original Message----- > > From: MacDonald, Bruce (VAN_Exchange) > > [mailto:[EMAIL PROTECTED]] > > Sent: Monday, December 31, 2001 2:15 PM > > To: MSWinNT Discussions > > Subject: RE: Legal Notice > > > > to deploy a registry change on all machines when you don't have policies > > implemented, use > > Reg.exe from the NT/Win2K resource kit. > > > > Put the command you want in a script that takes the machine name w/o the > > double backslashes as the lone parameter then you can apply it to all > > running machines in a domain with: > > > > Rem Next line wrapped: > > FOR /F "eol= skip=3 tokens=1,3 delims=\ " %%k IN ('net view DomainName') > DO > > IF NOT "%%k"=="The" Call MyScript %%k > > > > Bruce MacDonald > > Manager, Information Technology > > Pacific Newspaper Group (Kennedy Heights) > > (604) 605-7269 ph > > (604) 605-7239 fax > > [EMAIL PROTECTED] > > > > > > > > -----Original Message----- > > From: Network Issues [mailto:[EMAIL PROTECTED]] > > Sent: Monday, December 31, 2001 10:46 > > To: MSWinNT Discussions > > Subject: Legal Notice > > > > > > Goodmorning All, > > > > First, I want to wish everyone on this list a Happy and Prosperous 2002! > > > > I have this issue where my boss wants me to implement a legal notice that > > will appear each time users logon. Now here is my issue: I already know > > where the registry keys are that I need to change, however, how do I > deploy > > this change transparently-without the users intervention? > > > > I had hoped to used KIX, but I know that the users do not have the > > appropriate permissions to make and apply changes to HKEY_LOCAL_MACHINE. > > > > Any ideas? > > > > TIA > > > > Ron > > > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to [EMAIL PROTECTED] > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to [EMAIL PROTECTED] > > > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to [EMAIL PROTECTED] > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to [EMAIL PROTECTED] ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
