Group policies for Win98

JBCurry jbcurry at
Mon Jan 15 15:49:00 GMT 2001

Sam -

If your environment is configured properly so that individual user policies
are working, then group policies will also work.  (Your e-mail suggests you
are successfully using policies on a small scale, either machine or user.)

The standard Unix groups will resolve group membership.  You define group
names and membership in /etc/group.  You can use the command "groupadd" to
add the groups, then use "usermod -G" to specify the groups a user should
belong to.

In your config.pol file, (on the server in the /netlogon directory), you
would add the groups that you wish to configure policies for.  (Note that
policies can get tricky when a user is a member of several groups, or if you
have a combination of machine, user and group policies.)

Sounds like you've already installed the group policy handler on your Win9x
machines.  This is required for Win9x to be able to pick up group policies.
On the Win98 CD, this would be in \tools\reskit\netadmin\poledit. Once the
PC is configured, you should log off and on again a couple of times to make
sure Win98 picks up the group policies. You need to do this on every Win9x
machine that uses group policies.

If your group policies still don't seem to work, make sure you have the most
recent version of grouppol.dll for your Win9x clients.  I understand that
some older version(s) don't work properly.

If you need to throw NT into the mix, there are some parameters for mapping
group names between Unix and Windows NT.  These parameters are "domain group
map", "domain user map", and "local group map".  Check out Samba
FAQ's/HOWTO's or pick up a copy of something like Richard Sharpe's "Special
Edition: Using Samba" for more info on these parameters.

> -----Original Message-----
> From: samba-ntdom-admin at
> [mailto:samba-ntdom-admin at]On Behalf Of eirvine
> Sent: Saturday, January 13, 2001 4:40 AM
> Subject: Re: Group policies for Win98
> Hi Sam,
> I use samba in a school too. I have about 1650 individual
> accounts.
> When giving students and staff accounts I give them a uid
> in a particular range (man pw) depending on who they are.
> This is all done via a perl script I wrote which calls pw.
> eg:
>   o	teachers have uid's between 1000 and 2000,
>   o	office staff are between 2000 and 3000,
>   o	year 7's of this year will be between 13000 and 14000
>   o	year 7's of last year will be between 12000 and 13000, etc...
> Based on the UID, a root preexec perl script figures out
> what config.pol file they should have when they log in, and copies
> the appropriate config.pol file to their profile directory.
> This UID scheme also has other uses, particularly wrt setting quotas
> and end-of-year rollover.
> BTW- where is your school?
> Eddie.
> Sam Silvester wrote:
> >
> > Hi Everyone!
> >
> > I'm working on a Samba server for a small (~600 students)
> school, in which
> > we want to have individual accounts for each user.
> >
> > We also use system policies to maintain some level of control over the
> > workstations, but I can't work out how to get group policies
> working. I've
> > installed support for group policies on the workstations and created the
> > policy file with the groups 'students', 'teachers' and 'admins'
> >
> > Provided all of the individual accounts are entered into the smbpasswd
> > file, how do I then specify which group they are in, and then make the
> > workstations pick this up???
> >
> > thanks in advance,
> >
> > Sam!
> >
> > --
> > Programming is an art form that fights back.
> >
> > Sam Silvester
> > <sam at>
> >
> > Ph:  0408 492 205
> > Fax: (08) 8849 2376
> >
> >

More information about the samba-ntdom mailing list