System Policy Support

System policies allow you to control the actions that a user is permitted to perform.

A policy can be defined by any application or component. The policy appears in the administrator user interface; information that you set about the policy migrates to the local computer's registry. The application or component that defines a policy must check the registry to enforce its own policy.

Policy information is typically added to a local registry in the following sequence:

  1. Categories, policies, and parts are described in a policy template (*.ADM) file. The Microsoft Resource Kit includes three policy template files: WINNT.ADM, COMMON.ADM, and WINDOWS.ADM. Applications or components can also provide their own policy template files.
    Note: Z and I Emulator for Windows supplies a policy template for each language currently supported. The templates are on the installation image in the admin directory. For example, the policy template for the US English language is named ENUPOL.ADM and the policy template for the French language is named FRAPOL.ADM.
  2. You run the policy editor, which reads one or more policy templates and lists the available categories and policies. You set up the desired policies, and the policy editor uses registry functions to save the work to a policy (*.POL) file. A group policy editor is provided with Windows. Documentation about the use of Microsoft policy editors can be found at
  3. After the user logs on (and user profiles are reconciled if they are enabled), the policy downloader determines where to find the file on the network, opens the policy file, and merges the appropriate computer, user, and user group policies into the local registry.
Note: When using the group policy editor provided with Windows operating system, the Not Configured setting allows the same permission or access to features as the Enabled setting.