Shared roaming profiles for all users (XP)?
Andrew Bartlett
abartlet at samba.org
Sat Nov 23 05:13:01 GMT 2002
On Sat, 2002-11-23 at 15:57, John H Terpstra wrote:
> On Sat, 23 Nov 2002, xfesty wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hiya.
> >
> > Is there anyway to make non changable roaming profiles for all users
> > with XP workstations, and Samba 3.0HEAD from CVS acting as a PDC?
>
> I documented the exact process for you earlier today. Please refer to the
> expressly clear instructions given for creating a mandatory profile for
> Windows XP.
>
> If you do not follow this process you will not achieve what you need.
> A mandatory profile is precisely what you need - a profile that no user
> can change. It can not be read-only, but it is not writable. To be
> writable NTUser needs to ba a .DAT file, the .MAN extension blocks
> writability. To be usable by a group of users the profile needs to be set
> so that the ACE includes that group. The group can either be a global
> group, or the global/local group called "Everyone".
I'm interested in how this lot works - the .man stops NT uploading the
changes - but does it still need write permissions or not? I'm just
worried about users deliberately messing with their profiles.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20021123/f6881713/attachment.bin
More information about the samba-technical
mailing list