Brief questions :-)

Simo Sorce simo.sorce at
Wed Mar 14 23:59:07 GMT 2001

On Wed, 14 Mar 2001, Martin Radford wrote:

> > 1) What are the reasons to NOT turn off local profile caching in an NT lab
> > served by Samba?  Caching has caused too many headaches and ulcers and I'm
> > preparing to wipe the lab clean next week (to fix many issues).  As I do,
> > I really want to turn off the stupid caching.
> I work at a university.  We configure our NT boxes to delete the
> profile at logout.  We do this to prevent large numbers of profiles
> building up on disk, taking up hundreds of megs of disk space.  If you
> run out of space while downloading the profile, the PC tends to
> blue-screen.
Not only, with caching roaming people tend to loose or overwrite parts of
their profile moving from a machine to another, annoying the sysadms for
backup restores.

> > 2) When local profile caching is disabled, does NT just read all
> > shortcuts, etc. off the network copy of the profile as it needs to?
> > Although that may slow things down a little, I think that makes most
> > sense, but I can never accuse Windows* of doing anything sensical.
> It downloads the profile to disk when you log on.

You may also limit wich folders must be copied and what the maximum
dimension for that (obviously you don't want to copy browsers caches up
and down the net....)

> > 3) What's the best way to restrict users from installing new programs?
> > Could I do that in a policy?  If so, where is the best information on
> > creating policies?  I know I could also just play some tricks with file
> > permissions on each NT machine (such as make Program Files read-only) but
> > that seems like too much work, and it could be circumvented, and I can see
> > how it could cause problems with program temp files, etc...
> In theory, applications are not supposed to write to Program Files.
> (Of course, in practice, many do.)  However, depending on what
> software you're running, you should be able to write-protect *most* of
> Program Files .  The trouble is that you as soon as a user finds some
> writable space, they can try installing software into it.  One other
> trick is to limit the number of directories where users have execute
> permissions.  If you can make sure that there isn't anywhere writable
> that allows user execute you might have reached your goal.
Nt is so silly that there's always a way to install applications, think of
ZIP drives, if you have them or other removable relatively big, users may
always install there with double damage (use of uncheked/unouthorized
software and messing of registry with false paths as directories disapper
as soon they change disk).

> > 4) Here's another annoying problem and I don't know who to blame, NT or
> > Samba.  Occasionally when a user selects something from the Shut Down
> > menu, the screen will do its "fade" and the hourglass appears, but at that
> > point everything just seems to sit still.  I can press ALT+F4 and the fade
> > and hourglass will go away as if nothing ever happened.  I'm forced to use
> > CTRL+ALT+DEL and select either Logoff or Shut Down.  What could be causing
> > that?  It doesn't seem to do that with local accounts.
> I've never seen that behaviour, I'm afraid.

Samba is only a file sharing system, I think you may blame NT (or some
app.) with enough security.


Simo Sorce - Linux Systems Consultant
E-mail: simo.sorce at
Tel: +39 0348 7149179 - Fax: +39 02 700442399
Be happy, use Linux!

More information about the samba-ntdom mailing list