Enforcing Network Login via POLEDIT

by Johannes Helmig [Published on 9 Oct. 1999 / Last Updated on 9 Oct. 1999]

This procedure is more detailed than actually required, because I use it also as an example on usage of the "System Policy Editor" ( POLEDIT ) on the local Registry and on downloading a profile from the Network server.



When a Windows95/98 system is configured for Login to a Novell Netware server or Microsoft NT-server, users have the option to select in the Login-Window the button "Cancel":

That will NOT connect them to the Network server, but still allows them access to the local Windows95/98 system. Using POLEDIT, users can be forced now to connect to the network.

This procedure to enforcing Network-Login works only with
Network-servers supporting a User-database
(like: Novell-Netware or Microsoft Windows NT-server)
Do NOT try this on a PC-to-PC (Peer-to-Peer) network !


1) Using POLEDIT on the local Registry

Start up POLEDIT, select from the Menu: File / Open Registry:

It displays the 2 parts of the Registry:
- USER.DAT as "Local user"
- SYSTEM.DAT as "Local Computer"
In this example, we double-click on "Local Computer":


To enforce the Login to the Network, open the key: "Network",
then "Logon" and put a checkmark on:
"Require Validation by Network for Windows Access"


now, save your modification back
to the local Registry:

When a user now selects the button "Cancel" in the Login window, he will be presented the following message and then presented again with the Login window:


Warning: This is not fully securing the local Windows95/98 system !
To gain access to the local data, it is still possible to reboot the system,
display the Boot-menu (pressing F8 for Win95) , to select:
"Command prompt Only" to get the DOS-7 prompt ("C:>") and then
view/copy files on the disk !
If you need a strong security: Use Windows NT with a disk in NTFS format !


But on a large network, it is a lot of work to go around and to edit on all systems the Registry. Solution 2 results to the same, but with much less efforts.


2) Using POLEDIT to download a profile from the server
On the network server, a file (called "CONFIG.POL") is stored with UPDATE information, which is loaded into the local Registry during the Network Login process (updating the Registry):
Server enforced System Policies (POLEDIT)

See Also

Advertisement

Featured Links