[Samba] POLEDIT replacement?

Eric A. Hall ehall at ehsco.com
Mon Oct 24 04:35:59 GMT 2005

On 10/23/2005 8:45 PM, Eric A. Hall wrote:

> One possibility is to use the poledit.exe that comes with Win2k SP4 
> instead of the one for NT. The newer tool seems like it can read the
> newer .adm file format

That's correct, it can read the Unicode-formatted policy files.

> so you should be able to load up the XP policy files and get most of
> the "local policy" functionality if not all the distributed stuff.

Yes, no, and maybe.

Also note that some of the XP admin templates can be used directly by the
Win2k poledit, without modification. In particular, the policy templates
for Windows Media Player, Windows Update, Windows Firewall, and a couple
of others. These can't be read by the NT4 poledit, because those templates
are Unicode-based.

Some of the other XP admin template files have newer content which is
commented out to poledit and is therefore ignored, but according to
it should be possible to edit and read the XP-native content:

| Creating Ntconfig.pol files based on Windows XP Professional .adm files
| You can create Ntconfig.pol files based on the Windows XP Professional
| .adm files and apply these settings to Windows XP Professional–based
| clients. To do this, you need the Windows NT 4.0 System Policy Editor
| tool, Poledit.exe, which is installed with Windows 2000 Server and
| Advanced Server. You can install Poledit.exe on Windows XP
| Professional–based computers by installing the Administrative Tools
| package that is included on the Windows 2000 Server and Microsoft®
| Windows® 2000 Advanced Server operating system CDs.
| To install Administrative Tools on a Windows XP Professional–based
| computer, open the i386 folder on the applicable Windows 2000 Server
| disc, and then double-click the Adminpak.msi file. Follow the
| instructions that appear in the Administrative Tools setup wizard.
| To create an Ntconfig.pol file
|   1. Using a text editor such as Notepad, remove all #if version
| and #endif statements from the following .adm files: System.adm,
| Inetres.adm, and Conf.adm, and then save the files. This prevents
| inadvertent loading of these files by Poledit.exe.
|   2. Open Poledit.exe.
|   3. In the System Policy Editor window, on the Options menu, click
| Policy Template.
|   4. In the Policy Template Options dialog box, click Add, select one
| of the .adm files that you modified in step 1 above, and then click OK.
|   5. Specify the appropriate policy settings, as documented in System
| Policy Editor Help.
|   6. Save the file as Ntconfig.pol to the NETLOGON share of the
| Windows NT 4.0 domain controller.

That's very poorly written, but it sounds like you can use the Win2k
policy editor to load the native XP admin files (after you edit them to
remove the version checks). Unfortunately, it doesn't work here. There
could be some other reasons for that and its worth pursuing further.

On a wholly separate point, the Win2k server CD also includes newer
versions of the traditional policy admin templates (things like common.adm
and winnt.adm), and some of those provide some important functionality
over the NT4 equivalents. So getting your hands on those templates is
worthwhile, even if the above cannot be made to work.

Eric A. Hall                                        http://www.ehsco.com/
Internet Core Protocols          http://www.oreilly.com/catalog/coreprot/

More information about the samba mailing list