Desktop Strategies for Computers Running Windows 2000 and Windows XP Without Active Directory
Updated: March 28, 2003
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
If you have computers running Windows 2000 Professional and Windows XP Professional in a domain that does not include Active Directory, you can manage desktops locally by implementing the following features:
Roaming User and Logon Scripts When using either a Windows NT 4.0 domain or Active Directory, both roaming user profiles and logon scripts are configured on the user object.
Folder Redirection You can redirect special folders to alternate locations, either to a local or network location by modifying the values of the registry entries in the following registry subkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Redirecting folders by using logon scripts Group Policy is the recommended method for redirecting user’s folders. You can also achieve similar results by using logon scripts to set values of the registry entries in the subkey User Shell Folders. This approach provides functionality that is similar to Folder Redirection.
In Windows NT 4.0 environments, you can use System Policy to set the appropriate values. However, when you use System Policy to set values, the registry settings persist. And you do not get the advantages of using Group Policy to set paths such as automatic moving of files when the path changes.
Internet Explorer Maintenance Instead of using Group Policy to control Internet Explorer settings, administrators can use the Internet Explorer Administration Kit (IEAK) to apply settings to Internet Explorer clients using auto-configuration packages. For more information about IEAK, see the Microsoft Internet Explorer Administration Kit (IEAK) link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.
System Policy (for registry-based policy) Domain-based Group Policy processing requires that the User and Computer objects be located in Active Directory. If the User or Computer objects are located in a Windows NT 4.0 domain, then Windows NT 4.0 System Policy is processed for whichever of these objects is located in that domain — this could be the Computer or User object, or both. System Policy is defined as the policy mechanism that is used natively in Windows NT 4.0; it is a set of registry settings that together define the computer resources that are available to a group of users or an individual.
Local Group Policy object You can set settings in the local Group Policy object (LGPO) for any computer, whether or not it participates in an Active Directory domain. Although System Policy scales more easily to a large number of clients, the LGPO can be useful if you only need to apply certain settings to a small number of Windows XP Professional or Windows 2000–based clients in a Windows NT 4.0 or other domain.
The LGPO is located at \systemroot\System32\GroupPolicy. Not all Group Policy extensions are available for the local GPO. Each Group Policy extension snap-in queries the Group Policy engine to get the GPO type, and then determines whether the GPO is to be displayed. To set the LGPO, use the Group Policy snap-in focused on the local computer. You can use a LGPO to set policy for these Group Policy extensions only: scripts, security settings, Administrative Templates, and Internet Explorer maintenance; you cannot set policy for Software Installation, Folder Redirection, and Remote Installation Services.