Policies are a batch of changes applied to the PC's registry that controls and restricts a number of things.
Policies can be used to control and restrict what shows up on the user's Start menu, whether the user can install software, what the desktop looks like, which commands are restricted, and so on.
Policy serving in a System i™ domain is similar to policy serving in a Windows NT® domain.
If the client is configured for Automatic Remote Update, then it should look for the policy file in the NETLOGON share of the logon server and apply the relevant policies during logon. This should be the default. Otherwise, Manual Remote Update can be used to load the policy from a different share. This setting can be checked in the following registry key: HKLM\System\CurrentControlSet\Control\Update, value name UpdateMode. A data value of 1 means automatic.
When you edit a policy file, you are making changes based on a template that you select. Templates specific to Windows® include common.adm, winnt.adm, and windows.adm. Other applications might provide their own templates that allow the restriction of certain functions in the application. iSeries™ Access provides several templates.
System policy files are created with the System Policy Editor (SPE), typically found as poledit.exe. The same editor can run on different OS levels, but it is important to understand that policy files created on Windows 98 and Me can be used by Windows 98 and Me (not Windows NT, Windows 2000, or Windows XP) systems and the file should have the name CONFIG.POL. Policy files created on Windows NT, 2000, and XP cannot be used by Windows 98 or Me and must have the name NTCONFIG.POL.
Be careful when you put system policies into effect. You can easily lock out a function that you did not intend to on a PC. Because policies are applied to the local registry, it remains locked out until you specifically turn it back on in the policy file. The change can be picked up during the next logon if you turn it back on in the policy file.