Shared roaming profiles for all users (XP)?

Andrew Bartlett abartlet at
Sat Nov 23 05:13:01 GMT 2002

On Sat, 2002-11-23 at 15:57, John H Terpstra wrote:
> On Sat, 23 Nov 2002, xfesty wrote:
> > Hash: SHA1
> >
> > Hiya.
> >
> > Is there anyway to make non changable roaming profiles for all users
> > with XP workstations, and Samba 3.0HEAD from CVS acting as a PDC?
> I documented the exact process for you earlier today. Please refer to the
> expressly clear instructions given for creating a mandatory profile for
> Windows XP.
> If you do not follow this process you will not achieve what you need.
> A mandatory profile is precisely what you need - a profile that no user
> can change. It can not be read-only, but it is not writable. To be
> writable NTUser needs to ba a .DAT file, the .MAN extension blocks
> writability. To be usable by a group of users the profile needs to be set
> so that the ACE includes that group. The group can either be a global
> group, or the global/local group called "Everyone".

I'm interested in how this lot works - the .man stops NT uploading the
changes - but does it still need write permissions or not?  I'm just
worried about users deliberately messing with their profiles.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list