The System Policy Editor is a front-end to a number of configuration values stored in the Registry that can be used to enforce several network restrictions.

PolEdit can be used in two modes:

• Registry mode lets you edit the Registry of a local or remote computer directly. Any changes you make to the Registry take effect immediately.

• Policy File mode lets you create and modify .POL system policy files that can subsequently be used on other clients. Changes you make to a policy file take effect only when the policy file is invoked during the user's next network logon.

To use Registry mode to make changes to a local Registry, run PolEdit. From the File menu choose Open Registry. Two icons appear: Local User and Local Computer. Clicking Local User, which corresponds to data contained in the User.dat portion of the Registry, displays a hierarchical tree showing user items that may be edited. Clicking Local Computer similarly lets you edit items contained in the System.dat part of the Registry. It is a Windows System Tools component that can be accessed from the Programs > Accessories > System Tools menu. It can be installed via the Windows Setup tab in the Add/Remove Programs Properties dialog box. Click Have Disk, and then Browse. It is located in the \tools\apptools\poledit folder on the W98 CD.

The figure below illustrates the settings for disabling the Local User's file and print sharing controls.

System Policy Editor Local User Network Properties dialog.

IE float bug

The Network Neighborhood icon can be removed to prevent patrons from browsing the network.

System Policy Editor System Shell Properties dialog.

Network Neighborhood, and other desktop icons, can also be hidden by Tweak UI.

Desktop Tab of the Tweak UI dialog allows Windows desktop icons to be removed.

IE float bug

TweakUI v. 1.33 is available at the Microsoft Windows Update site. The earlier version of TweakUI (version 1.1.) is not intended for use on computers running W98, W98se, or Windows Me. Screen captures of several TweakUI dialogs are shown on the TweakUI page in the Systems section.

Local networks with Internet access can be configured so the Internet protocol, TCP/IP, is not used for local file sharing. Using this technique, called Protocol Isolation, a protocol that is not routable is used for local file sharing. As a result users from outside the network will be unable to obtain access to shared resources.

Computers on the local network that do not require Internet access will have NetBEUI as their only protocol; computers that connect to the Internet and to shared resources on the LAN will have NetBEUI and TCP/IP as installed protocols. Computers that are not sharing resources will have File and Print Sharing disabled completely; computers that are sharing resources will bind Windows' network sharing service only to NetBEUI.

Computers on the local network can be set up for file sharing and protocol isolation by following the steps below.

1. Open Control Panel - Network.

2. For each computer on the network, if NetBEUI is not installed in the Network Components list:

   1. Click Add.
   2. Select Protocol.
   3. Click Add.
   4. Select Microsoft as the Manufacturer, and then NetBEUI as the Network Protocol.
   5. Click OK twice to close the Network windows.
   6. Restart the computer if prompted and then reopen Control Panel - Network.

3. On computers that are to share their resources with other local users, enable File and Print Sharing. (Note: by default this enables sharing over all installed protocols):

   1. Click on the File and Print Sharing button.
   2. Check (enable) the desired options for files and/or printers.
   3. Click OK twice to close the Network windows.

4. Computers that are not intended to share resources should have File and Print Sharing removed:

   1. In the "Network Components", click on the "File and Print Sharing for Microsoft Networks" item.
   2. Click the Remove button.
   3. Click OK to close the Network window.
   4. Restart the computer if prompted and then reopen Network.
5. Primary Network Logon should be set to Windows Logon. 

6. Computers that are intended to be only local servers, and that do not need Internet access should remove the TCP/IP protocol, leaving only the NetBEUI protocol:

   1. In the Network Components box, click on each instance of the TCP/IP protocol.
   2. Click the Remove button.
   3. Repeat for all network adapters (e.g., TCP/IP -> Dial Up Adapter, TCP/IP -> 3Com Etherlink, etc.

7. Computers that need to browse the Internet should unbind TCP/IP from Microsoft Networking and from File and Printer Sharing for all instances of TCP/IP that point to a network adapter (including Dial-Up Adapter):

   1. Open TCP/IP Properties by double-clicking on the TCP/IP entry in the Configuration list that points to a network adapter. If you get the long message starting "You have asked to change TCP/IP properties for a dial-up adapter...", click OK.
   2. Click on the Bindings tab.
   3. Uncheck the option File and Printer Sharing for Microsoft Networks if it is present.
   4. Uncheck the option Client for Microsoft Networks.
   5. Click OK twice to close the Network windows. If you get the message "You have not selected any drivers to bind with. Would you like to select one now?", click No.
   6. Restart the computer if prompted and then reopen Network.

8. Make sure that NetBIOS is not enabled on all instances of TCP/IP that point to a network adapter (including Dial-Up Adapter):

   1. Open TCP/IP Properties by double-clicking on the TCP/IP entry in the Configuration list that points to a network adapter. If you get the long message starting "You have asked to change TCP/IP properties for a dial-up adapter...", click OK.
   2. Click on the NetBIOS tab.
   3. Uncheck (if checked) the option I want to enable NetBIOS over TCP/IP.
   4. Click OK twice to close the Network windows.
   5. Restart the computer if prompted.
9. Close Control Panel.