Enforcing Network Login via POLEDIT

by Johannes Helmig [Published on 9 Oct. 1999 / Last Updated on 9 Oct. 1999]

This procedure is more detailed than actually required, because I use it also as an example on usage of the "System Policy Editor" ( POLEDIT ) on the local Registry and on downloading a profile from the Network server.

When a Windows95/98 system is configured for Login to a Novell Netware server or Microsoft NT-server, users have the option to select in the Login-Window the button "Cancel":

That will NOT connect them to the Network server, but still allows them access to the local Windows95/98 system. Using POLEDIT, users can be forced now to connect to the network.

This procedure to enforcing Network-Login works only with
Network-servers supporting a User-database
(like: Novell-Netware or Microsoft Windows NT-server)
Do NOT try this on a PC-to-PC (Peer-to-Peer) network !

1) Using POLEDIT on the local Registry

Start up POLEDIT, select from the Menu: File / Open Registry:

It displays the 2 parts of the Registry:
- USER.DAT as "Local user"
- SYSTEM.DAT as "Local Computer"
In this example, we double-click on "Local Computer":

To enforce the Login to the Network, open the key: "Network",
then "Logon" and put a checkmark on:
"Require Validation by Network for Windows Access"

now, save your modification back
to the local Registry:

When a user now selects the button "Cancel" in the Login window, he will be presented the following message and then presented again with the Login window:

Warning: This is not fully securing the local Windows95/98 system !
To gain access to the local data, it is still possible to reboot the system,
display the Boot-menu (pressing F8 for Win95) , to select:
"Command prompt Only" to get the DOS-7 prompt ("C:>") and then
view/copy files on the disk !
If you need a strong security: Use Windows NT with a disk in NTFS format !

But on a large network, it is a lot of work to go around and to edit on all systems the Registry. Solution 2 results to the same, but with much less efforts.

2) Using POLEDIT to download a profile from the server
On the network server, a file (called "CONFIG.POL") is stored with UPDATE information, which is loaded into the local Registry during the Network Login process (updating the Registry):
Server enforced System Policies (POLEDIT)

See Also

The Author — Johannes Helmig

Dr.Johannes Helmig is working as Director, Technical Knowledge Management in the Belgium office of Gerber Technology where he is involved in Customer Service and internal training, with special interest in Networking.


Featured Links