Policy Templates
Q. How do I create my own Policy
template?
A. When system policy editor is run you can select
which templates to include. There are 3 which are supplied with NT, and
are stored in the %systemroot%/inf directory
- common.adm
- windows.adm
- winnt.adm
The only ones you will use normally are common.adm and winnt.adm.
Windows.adm was supplied for compatibility with windows95 machines,
however policies created with Windows NT will not work on Windows 95 so
this template is not used.
To select which templates to use, select "Policy template"
from the options menu.
The structure of an adm file is simple and follows the structure shown
below
CLASS MACHINE or USER
CATEGORY !!<string for first level>
CATEGORY !!<string for second level> this is optional
POLICY !!<string for name to be displayed next to check box>
KEYNAME !!<string for the keyname where the value is, do not include the first
VALUENAME !!<actual value name>
VALUEON "1" VALUEOFF "0"
PART !!<displayed in the bottom of the system policy screen> TEXT
END PART
END POLICY
END CATEGORY
END CATEGORY
[strings]
<strings defined>="Windows NT Network"
Simple! The !! means what's after is a string and has to then be defined
in the [strings] section. You don't have to use strings and can just put
the entries directly be enclosing in quotes if it contains a space, it
just might help for long key names if used repeatedly. For every keyword
(except for class) there must be a end keyword, e.g. for category there
must be a end category, same as an if and endif etc.
For examples, look at the common.adm and winnt.adm files and then
compare to how they look in the system policy editor to get the display
and effect you want. There are many other combinations and effects such as
a drop down box which can be accomplished using the following
PART !!<string> DROPDOWNLIST
VALUENAME ""<actual value>
ITEMLIST
NAME "<string>" VALUE NUMERIC n
NAME "<string>" VALUE NUMERIC n
NAME "<string>" VALUE NUMERIC n
END ITEMLIST
END PART
|