[Samba] Vista Roaming Profiles and GPMC.MSC

Fri Mar 30 20:35:41 GMT 2007

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tom Robinson schrieb:
> Robert Schetterer wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Tom Robinson schrieb:
>>> Hi All
>>>
>>> Our company got a Windows Vista installed laptop even though we ordered
>>> it with XP. Now I'm faced with the task of integrating the beast into
>>> our samba controlled domain. Something I was hoping to delay for some
>>> time.
>>>
>>> Our PDC is samba 2.2.8a with openldap 2.1.4
>>> We also have a Domain Member Server running samba 3.0.10.
>>>
>>> There is a document on the Microsoft site that I downloaded
>>> (http://www.microsoft.com/downloads/details.aspx?FamilyID=311f4be8-9983-4ab0-9685-f1bfec1e7d62&DisplayLang=en)
>>>
>>> explaining how to do folder redirection so that at least some of the
>>> XP/Vista profile will roam. To do this you have to logon to Vista as a
>>> "Domain User" and run GPMC.MSC. The problem is that, even though I logon
>>> as a domain user (DOMAIN\user) the GPMC.MSC issues the warning:
>>>
>>>  "To manage Group Policy, you must log on to the computer with a domain
>>> user account."
>>>
>>> With samba 2.2.8a we have no "Domain Users" group. Could this be the
>>> problem? How would I add this group to the PDC?
>>>
>>> Is there a workaround for this?
>>>
>>> Any help is appreciated.
>>>
>>> Thanks,
>>>
>>> Tom
>>>
>> Hi Tom, i dont think you will get vista to join a samba 2.2.8a pdc
>> domain, at my tests upgrade to samba latest was needed to handle vista
>> in a minimum, the adm format ( policies ) changed in vista its now called
>> admx, after all a simply folder redirect reg patch should work in vista
>> include it as local admin,
>> i would recommend setup win xp, and wait for stabelizing vista, in mean
>> time upgrade your samba setup to latest.
>> But maybe someone else can give you more advice handle vista, my tests
>> where very basic, cause i will not implement vista anywhere in the next
>> year, and will not sombody advice to do so.
>>
> 
> Hi Robert,
> 
> Thanks for your reply.
> 
> Surprisingly I have the Vista box already joined to the domain. It
> authenticates to the PDC and logs on sucessfully. So I suspect a problem
> elsewhere in the 2.2.8a config or LDAP.
> 
> I can't upgrade so simply on the server as it is the main authentication
> for the entire domain. It is scheduled for upgrade later this year. The
> new Vista laptop is for one of our directors and he wants it working
> now. :-/
> 
> I'm not sure what you mean with the reg patch and the admx files. This
> sounds like a workaround that may work for me. How do I integrate the
> admx and reg patches into vista?
> 
> Regards,
> 
> Tom
> 
Hi Tom very suprised to hear that you could join the domain,good for you,
but i expect you will get in more troubles later with vista and  samba,
i know upgrade may paine, but you have to do it anyway cause of security
fixes.

i have no idea how to integrate policies in vista, but reg patches
should be the same as in xp

read
http://www.microsoft.com/technet/technetmag/issues/2007/02/Templates/default.aspx?loc=en

for the new admx format, formally known as adm ( which was compatible to
 a nt4 domain policies in netlogon share
as NTConfig.POL with poledit or in local computer with mmc with the
group policy snap in )

i dont think that your boss will have muc fun with vista in your samba
domain at all, and its a failure to use m$ os before reaching service
pack 1 level.
There are known issuses with vista like slow copy renaming of files etc
and it not very compatibile in drivers and software.

- --
Mit freundlichen Gruessen
Best Regards

Robert Schetterer

https://www.schetterer.org
Munich/Bavaria/Germany
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFGDXSdfGH2AvR16oERAjAhAKCNnK0I6lirwPLhvHoPVFFsPYrxBgCdG6oi
pyyN2ZPBh5y60+ahq3Qof/c=
=vzQb
-----END PGP SIGNATURE-----