Shared roaming profiles for all users (XP)?

Andrew Bartlett abartlet at samba.org
Sat Nov 23 05:13:01 GMT 2002


On Sat, 2002-11-23 at 15:57, John H Terpstra wrote:
> On Sat, 23 Nov 2002, xfesty wrote:
> 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hiya.
> >
> > Is there anyway to make non changable roaming profiles for all users
> > with XP workstations, and Samba 3.0HEAD from CVS acting as a PDC?
> 
> I documented the exact process for you earlier today. Please refer to the
> expressly clear instructions given for creating a mandatory profile for
> Windows XP.
> 
> If you do not follow this process you will not achieve what you need.
> A mandatory profile is precisely what you need - a profile that no user
> can change. It can not be read-only, but it is not writable. To be
> writable NTUser needs to ba a .DAT file, the .MAN extension blocks
> writability. To be usable by a group of users the profile needs to be set
> so that the ACE includes that group. The group can either be a global
> group, or the global/local group called "Everyone".

I'm interested in how this lot works - the .man stops NT uploading the
changes - but does it still need write permissions or not?  I'm just
worried about users deliberately messing with their profiles.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20021123/f6881713/attachment.bin


More information about the samba-technical mailing list