SAMBA-NTDOM digest 364

Scott A. Morris samorris at
Tue Sep 15 17:31:19 GMT 1998

> > > At 09:16 AM 9/13/98 +1000, Samba-Central wrote:
> > >
> > > >Under NT4 if you want to use a shared profile among a group of users then
> > > >you have to go through some hoops to make that possible. We need to
> > > >understand this, else we will see the types of problems some on this list
> > > >have complained about.
> > >
> > > The way I understand this, the problem remains in the profile ACL
> > > which requires a matching for for names to SID (lsaLookupNames).
> > 
> > Gents, the determining ACL is not on the users' profile directory, it
> > appears to be something set inside the NTUser.DAT file itself.
> Actually, I believe you have to set it in both places...the permission
> structure within the registry files looks disturbingly like the
> permission structure within NTFS...I wonder if anybody has any idea
> where to get some information regarding this...I'll hunt through
> DevStudio a bit and see if there's any documentation.
> Scott
> -- 
> Scott Ruffner                   Computer Science Department	
> Systems Engineer                226E Olsson Hall
> ruffner at         University of Virginia
> (804)982-2219

Several monthes ago I wrote a tool to copy the local profile from one
user to another.  All I did was copy the profile dir, set the acl on
the profile dir (and all files and subdirectories, of course), and
then load the ntuser.dat, change the acl on all its subkeys, unload
their ntuser.dat, and then update the ProfileList
(HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList).

I can't authoritatively say that this is all that is necessary, but
it works, and after rigourous testing, we used this tool to migrate
~150 user profiles from accounts in one domain to accounts in another.

Hope this helps!
-- Scott

Scott A. Morris   
samorris at
Unix/NT Network Administrator
Department of Computer Science
University of Colorado at Boulder

More information about the samba-ntdom mailing list