Re: POLEDIT
<xamigax@gmail.com> wrote in message
news:cbf586fc-50e0-43df-9e5f-552d5a8fdca0@j20g2000hsi.googlegroups.com...
On 3 dc, 13:11, xami...@gmail.com wrote:
> On 30 nov, 14:20, xami...@gmail.com wrote:
>
>
>
> > Hi there!
>
> > I have to recycle 20 old PCs (from PII to PIV, 64Mo RAM at least each)
> > into barcode readers.
> > The society I have my mission in wants to have W98se on them (for many
> > PCs won't be supporting more than this, plus we need USB to work for
> > WiFi keys).
>
> > I have set up a prototype wich is perfectly working for it's supposed
> > to do.
>
> > Here's the prototype description:
> > Win98se + MSInstaller2.0 + IE5.5 + DotNet2.0 + barcode reader
> > application (NOO_RemotePC, if anyone knows this) + WiFi USB drivers
>
> > Since the company does NOT want users to do anything BUT barcode, I
> > used POLEDIT to set up few restrictions (well, when I'm saying few
> > that very much "understatement"!).
>
> > I have set up two users:
> > administrator: no restriction at all, of course.
> > cbar: almost everything is forbiden (I can post the poledit settings)
>
> > Since W98 logon also allow to "escape" from login, I managed (just
> > can't remember how!) to copy cbar settings to the default user.
>
> > So, as said before, the proto is working fine.
> > Few people will have enough knowledge to tweak the security, for all
> > users have access to is the keyboard & the mouse (I know F8 is still a
> > solution while booting).
>
> > My problem is that I am now struggling to have the same settings on
> > the others machines.
>
> > All machines are ready to work, but none of them is "secured".
> > I wanted to know if anyone has any idea on how to duplicate the
> > POLEDITed security from one PC to the others.
>
> > My main trouble is the very large range of different machine: I tried
> > to use Acronis TrueImage, but the machine reboot is then endlessly
> > trying to add new hardware/drivers.
>
> > Any help VERY welcome!
>
|> > Share & Enjoy,
|> > Manolo
|>
|> Thanks both of you for answering.
|> I finally found a way to duplicate all policies quite easily (easier
|> than having to set-up each one of the remaining PCs).
|> Help welcomed, even if some of the suggestions could not be done
|> (company 's decision).
|> Like having the policy on a network location.
|>
|> Plus I faced *many* troubles having exactly the same settings doing
|> exactly the same results!
|> Do I need to blame the poor W98 multi-user capabilities, the high
|> variety of hardware involved from one PC to another...?
|> Or both
|>
|> So, here's what I ended with:
|> I set up Poledit on each PC, then only define the users I need
|> (Administrator & BarCode), leaving all settings to default.
|> Then I copy the user.dat (3 different: default user + admin + barcode)
|> into their respective folders.
|> And the job seems to be done!
|>
|> I successfully "secured" one machine doing so, now trying for a second
|> one (can't believe how often I am asked to help poor educated users
|> around the building... Costing me a lot of time & energy.
|>
|> I'll come back later to post the result I got doing things the way I
|> am...
|> So if someone needs help in the future (is there still a future for
|> W98, appart from industrial company like the one I am working for?),
|> he might found these posts usefull.
|>
|> Share & enjoy,
|>
|> Manolo
|
|
|Back for more:
|
|As said in this previous post, my choice was to duplicate USER.DAT
|from one PC to the others.
|Things turned out to be much easier this way.
|I now have 17 machines, working perfectly the way the company wanted
|them to!
|After we (company's responsibles & I) validated the first "prototype",
|I did an image (thanks acronis!) of the entire disk...
|
|I picked up the machine I had set up earlier, wich were held in the
|archives room, to aply the policies on them, one by one.
|
|I had installed each PC with all the "barcode" application requiered:
|Win98SE (USB support for Wifi)
|MSInstaller2.0
|IE5.5 (most "economical" choice, since most PC are old and with little
|(64Mo) RAM)
|DotNet2.0
|NOO_RemotePC (barcode app)
|
|believe me: a lot of reboot for each machine
!
|
|Then I "fine" tuned each:
|Telling W98 that users can have their own profiles,
|Adding two users to the default "esc on login": admin + cbar
|Having once logged each and cleaned up their desktop & start menu
|
|Install the "POLEDIT" manager
|copy the "config.pol" from the prototype
|
|Then replacing each "USER.DAT" with the one I copied form my
|prototype.
|Here the trick:
|by default all users have "all rights"
|
|So the order you copy the "USER.DAT" DOES matter.
|So, when you're ready to have your policies copied, "escape" the login
|request.
|Then replace the USER.DAT located in "c:\windows\profiles\admin\" & "c:
|\windows\profiles\cbar\" with the ones from your prototype.
|Restart the PC (DO NOT LOG OFF)
|Log in as admin
|Then replace the "c:\windows\user.dat" with the one form your
|prototype.
|Then restart (DO NOT LOG OFF)
|You now have your 3 "profiles" working 100%
|
|Don't forget to save some "image" (Acronis True Image, still the best)
|of the result!
|My last advice:
|do multiple images, so you can have various "restoration points" (IE:
|before replacing all USER.DAT is a minimum if you don't want to have a
|full reinstall to be requiered, in case of troubles)
|
|So, my prime mission is successfull; I can now give more time to
|poorly skilled, and way too few "updated knowledges" (talking from a
|computer point of view) employes ;-) !
|
|
|Share & Enjoy,
|
|Manolo
Thanks for posting back with your results.
The difficulty with our supplying answers to your issues related to your
indications of specific policies required by the company. We could not know
exactly what those were, moreover, you had indicated that these would
over-rule any suggestions that might have been made.
This is not unusual when setting up ANY OS and network with company defined
policies. IT and testing departments [and the like] suffer under those same
issues whenever a portion of the network is changed in some form, be it for
new VISTA computers, a network printer, web access, changes limiting
previous allowed activity, and dozens of other allowances or limits; or as
in your case, machines for consumer and/or other defined simple and/or
specific use.
Many have been in your position before, and many have used something
similar to what you did. Others, however, have needed to proceed in a
different manner, such as: by using the base clone for basic roll-out, but
distribute specific additional setups or updated setups via the master
server(s)..There are numerous *white papers* and other help distributed by
Microsoft and others, but they can only example or provide a direction, as
individual network setups may be close, but need other specialized aspects
addressed on individual segments or specific computers.
Again, thanks for posting your method and successful results. Be aware
though, that you must remain diligent related to these special nodes in the
network, as they require monitoring for potential tweaks and potentially may
still be compromised [sometimes it takes many tweaks to plug the holes, or
the eventual maintenance.
{Hint: People hate being limited on a business's computer, most think that
computer is THEIR'S to use as they wish. Block their external contact with a
firewall and policies, and they will attempt to install an anti-firewall and
bypass those policies; block usage of E-Mail and they will seek a way to
circumvent that; block installation of personal programs and they will ask
somewhere for information on how to circumvent that. Its a never ending
battle. It doesn't really matter whether its 98 or VISTA, if there is a
determined individual, they WILL search for a way around the
restrictions/limitations, and be irate when confronted that they can't do
these things or can be fired when they do.}
Good luck...
--
MEB
http://peoplescounsel.orgfree.com/
________