Windows NT 4.0 system policies

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Windows NT 4.0 system policies

If a Windows NT 4.0 client computer is upgraded to Windows XP Professional, Windows XP 64-bit Edition (Itanium), or a Windows Server 2003 operating system, the computer receives only Computer Configuration Group Policy, not Windows NT 4.0 computer System Policy. The policy that is received by the user who logs on is User Configuration Group Policy, if the user account is in Active Directory. If the user account is managed by a Windows NT 4.0 domain controller, the user receives Windows NT 4.0 user System Policy. For more information, see Computer Configuration and User Configuration.

Policies that are included with Windows 2000, Windows XP Professional, Windows XP 64-bit Edition (Itanium), and the Windows Server 2003 family set registry keys and values only in one of these four reserved trees:

  • HKEY_LOCAL_MACHINE\Software\Policies

  • HKEY_CURRENT_USER\Software\Policies

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

The first two trees are preferred. All four trees are secure, and they cannot be modified by a user who is not an administrator. When Group Policy changes for any reason, these trees are wiped clean and the new policies are rewritten. Windows NT 4.0 policies do not respect these special trees, and they can write to any part of the registry. After such a policy is applied, it persists until the value is intentionally reversed, either by a counteracting Windows NT 4.0 policy or by editing the registry.