SAMBA-NTDOM digest 364

[Scott A. Morris]

> > > At 09:16 AM 9/13/98 +1000, Samba-Central wrote:
> > >
> > > >Under NT4 if you want to use a shared profile among a group of users then
> > > >you have to go through some hoops to make that possible. We need to
> > > >understand this, else we will see the types of problems some on this list
> > > >have complained about.
> > >
> > > The way I understand this, the problem remains in the profile ACL
> > > which requires a matching for for names to SID (lsaLookupNames).
> > 
> > Gents, the determining ACL is not on the users' profile directory, it
> > appears to be something set inside the NTUser.DAT file itself.
> 
> Actually, I believe you have to set it in both places...the permission
> structure within the registry files looks disturbingly like the
> permission structure within NTFS...I wonder if anybody has any idea
> where to get some information regarding this...I'll hunt through
> DevStudio a bit and see if there's any documentation.
> 
> Scott
> -- 
> Scott Ruffner                   Computer Science Department	
> Systems Engineer                226E Olsson Hall
> ruffner at cs.virginia.edu         University of Virginia
> (804)982-2219

Several monthes ago I wrote a tool to copy the local profile from one
user to another.  All I did was copy the profile dir, set the acl on
the profile dir (and all files and subdirectories, of course), and
then load the ntuser.dat, change the acl on all its subkeys, unload
their ntuser.dat, and then update the ProfileList
(HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList).

I can't authoritatively say that this is all that is necessary, but
it works, and after rigourous testing, we used this tool to migrate
~150 user profiles from accounts in one domain to accounts in another.

Hope this helps!
-- Scott

--
Scott A. Morris   
samorris at cs.colorado.edu
Unix/NT Network Administrator
Department of Computer Science
University of Colorado at Boulder