I installed the poledit.exe and created a policy named it test.pol the same name as the test user but it doesn't kick(told it to leave the run command of the start menu) in so I need to know what to name this file or how to get windows to enforce polices I am using microsoft family logic as primary logon

I found some microsoft articles but the onces I found did not tell how to get windows to enforce policies

Thanks Mac!!!!

partly answered in my other reply: look thru the policy settings (clicking on each policy), you should find an entry that has in the lower part of the Poledit window an area to define the location of a policy file for download to a client. This was originally intended to be used for use with server logon.

Most probably location of this policy (sorry J am not on a Win9x machine just now): System policiy options, possibly also Login policy options, possibly also Networking policy options.

Activate the corresponding policy in the upper part, and the fields in the lower part open up for data entry. Define the path and name of your xxx.pol file (as you have or will save it from the Policy editor).

______________
Regards - Richard

Now that I have done some more reading
I need to know more before I can add a policy of my own......
I can see how you can put your putter in dreamland

Do you know of any sites that discuss the poledit.exe besides microsoft

I want to know more about the policy template sections where you select temp plates
(are they hidden where you don't see the info but it is added when you save)
(I can open the .adm file with notepad)
(if the template is in the window does that mean it gets added automatically)

also I need to know more about the options boxes just how do they work Some of the sites that I found said once you check a box some things change and you cannot go back but they didn't explain it

I need to find out the order things are picked like the way the registry does

When you set the policy does it change the user.dat file or system.dat file in any way or is it just a top layer.....((((the registry gets changed when you tell it to look at the new policy but does it change any thing else in the files))))

MAC!!!!!!!

Maybe J am repeating something you already know: Windows Policies have been developed mainly for the enterprise environment with many workstations handled by servers. Thru these common policies administrators can try and keep there users under control.

For special situations, these policies are also useful on standalone machines.

But don't expect too much. Policies influence only software components that have been coded to check and follow these settings. So if you have an app that implements a similiar functionality, but diesn't bother to check policies or doesn't define own policy settings, then such an app does have system access anyhow. E.g. there are many third party registry tools who are unknown to the Windows Explorer shell, so even when you Enable the "Don't Run Regedit / Poledit" policy, these other tools will pass the test and give users access.

"...Do you know of any sites that discuss the poledit.exe ..."
Microsofts site and the resource kit documentation. if you have a retail edition of Win98, you should find the chapter on RK for Win98 in the same directory you had installed Poledit from.

From my web search (J was interested too to see what exists elsewhere):
[where win95 is mentioned, goes for win98 too;
where winnt mentioned take care, will mostly be nt specific]
http://www.sans.org/infosecFAQ/win/SPE.htm (http://www.winguides.com/external.php?url=http://www.sans.org/infosecFAQ/win/SPE.htm)
http://www.elkantler.net/security/security.htm (http://www.winguides.com/external.php?url=http://www.elkantler.net/security/security.htm)
http://www.ewtglant.navy.mil/N8/C2Systems/C2PC&NT_HTML/nt_lessons/block_2/policy_editor/policy_editor_frame.html (http://www.winguides.com/external.php?url=http://www.ewtglant.navy.mil/N8/C2Systems/C2PC&NT_HTML/nt_lessons/block_2/policy_editor/policy_editor_frame.html)
http://news.hut.edu.vn/books/Troubleshooting%20and%20Configuring%20the%20Window s%20NT95%20Registry/htm/ch28.htm (http://www.winguides.com/external.php?url=http://news.hut.edu.vn/books/Troubleshooting%20and%20Configuring%20the%20Window s%20NT95%20Registry/htm/ch28.htm)
http://www.zdnet.com/pcmag/pctech/content/solutions/uu1521b.htm (http://www.winguides.com/external.php?url=http://www.zdnet.com/pcmag/pctech/content/solutions/uu1521b.htm)
http://www.iopus.com/guides/policyeditor.htm (http://www.winguides.com/external.php?url=http://www.iopus.com/guides/policyeditor.htm)
http://www.elementkjournals.com/w9p/0005/w9p0055.htm (http://www.winguides.com/external.php?url=http://www.elementkjournals.com/w9p/0005/w9p0055.htm)
http://www.atlguide2000.com/eng/win98/syspol.htm (http://www.winguides.com/external.php?url=http://www.atlguide2000.com/eng/win98/syspol.htm)

Then of course several books (MSPress, Riley and dothers):
http://www.oreilly.com/catalog/winsyspe/ (http://www.winguides.com/external.php?url=http://www.oreilly.com/catalog/winsyspe/)
http://www.micromail.ie/titles/5467.html (http://www.winguides.com/external.php?url=http://www.micromail.ie/titles/5467.html)

"...know more about the options boxes just how do they work ..."
These option boxes are tri-state: off (empty), on (crossed / x-ed), or don't mind (greyed).
Now "don't mind" actually can mean either of: policy not implemented (not to be followed), but can also, at user level mean follow the same policy but taken from the local machine policies for this machine. In an enterprise environment a greyed local machine policy can mean to get company policies from the server.

"...I can open the .adm file with notepad..."
that's right, they are plain text files with special syntax.
An admin file defines what is shown in Policy editor and what settings in the registry should be made or stored in the xxx.pol file.
If you have coded an own policy-aware application, you could set up an own template for managing these policies.
Microsoft has done this for MS Office 97 and later (not only for Windows management).

"...Some of the sites that I found said once you check a box some things change and you cannot go back ..."
would have to see a sample of that. But even as an Admin, you can lock yourself out of some needed features (remember my warning about disabling regedit / poledit) !

"...I need to find out the order things are picked like the way the registry does ..."
The registry just shows you everything and itself does not enforce anything - it's just a database.
What should be done is implemented in software, so when no implementation -> no enforcement.
Settings done at the level of the Local machine icon make the definition when no setting at the level of a User icon are made (or left greyed).

"...When you set the policy does it change the user.dat file or system.dat file in any way or is it just a top layer..."
You either use the Policy Editor to immediatly change the current registry, so that means System.dat and the User.dat of the current user,
or you edit a xxx.pol file, and then settings are merged at login time per userid into the registry (login can be network login from server or the microsoft familiy login).


______________
Regards - Richard

I finaly figured out I better leave this alone because if I download any windows updates from microsoft or if I add a program I will be over riding stuff with a policy...........If this was a putter on the a network then a policy would be great......like what they use at the libary here...they have all areas locked out and I like it......

I will have hold to my own advise that I give to other people leave stuff alone and leave it default or you will pay later....... (that is in areas like this)

So I think I better just stick with a tweak here and there in the registry when needed

Thanks Mac!!!!!!!