Good morning All,

Had several questions from my customer about ZEN Group Policy's and I was hoping to get some additional assistance from the team: Currently they are 11.2.4 MU 1 on the Production environment, and have just started testing 11.3 in their Lab environment.

From Customer:

We are still having problems applying some settings. Mainly they are the security policy settings. I noticed that in the directory - "C:\Program Files (x86)\Novell\ZENworks\bin\handlers\CacheFiles\Work stationCache\GroupPolicy\Machine\Microsoft\Windows NT\SecEdit" there is a file GptTmpl.inf that contains most of the settings that we are showing non-compliant on. This file does not appear to be copying over to "C:\Windows\System32\GroupPolicy\Machine\Microsoft \Windows NT\SecEdit"

Is this normal? If so what are the recommended ways for setting the security settings in Group Policy?

Here are some examples of settings that are not being applied:

MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes

Network access: Allow anonymous SID-Name translation

Services: Disabling services

User Rights Assignments (user_rights_settings) - Log On As a Batch Job

Auditing settings - I know this is addressed in TID 7012001. This does not mention that it is resolved in 11.3, has it been for sure?

If we have a policy that is in Policies\CORE and applied to each site, and then a site has a policy that they create that is in Polices\Sites\xxx\xxx do they merge or does one overwrite the other?

And what is the best practice for computer/user policies? Is it best to have one policy and set the settings? Or is it best to have a policy that configures the computer settings and one that configures the user settings?

Thank you for any assistance that can be offered.