[Samba] Tips/hints for Windows network management

Ed Plese ed at edplese.com
Wed Feb 21 21:35:55 GMT 2007 

On Tue, Feb 20, 2007 at 04:02:21PM +0000, Dave Ewart wrote:
> This is what I *don't* have figured out.  I basically need to find out
> whether any of this is possible and, if so, whether it is possible using
> my existing toolset:
> 
>     - Updating and managing settings that I originally set via
>       gpedit.msc on the reference PC: this is (2) above.  I cannot
>       change these settings once I've deployed the PC live, whereas for
>       settings in (1) above, I can do this via the appropriate System 
>       Policy change.  (Basically, if I understand the Windows-terminology 
>       correctly, I have instituted Local Group Policy rather than 'real'
>       Group Policy?)

If you're up for some lower level methods and roll-your-own type
solutions, you may find the following helpful.  I use this method to
supplement the usual Active Directory Group Policies for cases where
Group Policies don't work for one reason or another.  For example, it
can be used to apply user policies based on the machine that is logged
into which can't normally be done.

With a few exceptions, all Group Policies actually do are make specific,
documented changes to the registry in either the HKEY_LOCAL_MACHINE (for
computer/machine policies) or HKEY_CURRENT_USER (for user policies) registry
hives.

The documentation for all of the Group Policies is found in the
C:\Windows\inf\*.adm files.  Once you familiarize yourself with the file
format you can find out exactly what registry values are set to enable
certain Group Policies.

After you determine what registry values need to be set you can deploy
those changes using various methods:

 * Create a script (JavaScript, VBScript, Python if you have it
   installed on the PCs, etc.) that sets the appropriate values in
   the registry.  When done in a script you have the flexibility to
   conditionally apply changes.

 * Create a REG file with the changes and then create a script that
   imports the registry file using reg.exe.

For computer/machine policies, set the script to run when the computer
boots up.  For user policies, run the script during the login script so
that it runs as the logged in user.

It's not a point and click method like Active Directory Group Policies
but it can be used to accomplish the same thing.


Ed Plese

More information about the samba mailing list