Shared roaming profiles for all users (XP)?

Andrew Bartlett abartlet at samba.org
Sat Nov 23 08:32:00 GMT 2002 

On Sat, 2002-11-23 at 19:01, John H Terpstra wrote:
> On 23 Nov 2002, Andrew Bartlett wrote:
> 
> > On Sat, 2002-11-23 at 14:46, xfesty wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Hiya.
> > >
> > > Is there anyway to make non changable roaming profiles for all users
> > > with XP workstations, and Samba 3.0HEAD from CVS acting as a PDC?
> > >
> > > I'm setting up a bunch of workstations for an internet cafe, and all
> > > users need to basically have the same settings (i.e. desktop icons,
> > > Internet Explorer settings, start menu items, etc.) as others, yet not
> > > be able to change them.
> > >
> > > I tried setting the profile dir to the same for all users, and making
> > > it read only, but I'm experiencing two problems -
> > >
> > > (1) XP will refuse to load the profile if its read-only, and
> > > (2) XP won't load the profile if it wasn't created by the same user.
> > >
> > > I'm also finding cookies in IE sometimes aren't being properly set,
> > > people can't view hotmail attachments, MSN messenger refuses to work,
> > > and a bunch of other oddities.
> > >
> > > Anyway past this?  I remember back when I was using Windows 2K Server
> > > as a PDC, it was possible to have this.
> >
> > If the ntuser.dat is renamed ntuser.man, and you make the profile owned
> > by root, read-only to the suer, and you set root to have rid 500 in
> > LDAP, does it work?
> >
> > (ie add root to ldap, then change the RID).
> 
> The SID is stred inside the NTUser.DAT file. Access control (the ACE) is
> stored inside the file. That is what Rishard Sharpe was working on
> decoding recently. When his work is done we will be able to set our own
> ACE's inside the NTUser.DAT file and thus create from any profile a global
> per group or a global group mandatory profile.
> 
> Just setting file ownership and permissions does not get one past the
> hurdle of the ACE inside the file.

But if we take a 'normal' profile, change the ownership to admin, but
don't change the SIDs, can we use it as a mandatory profile for a single
user?

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20021123/ca46520f/attachment.bin

More information about the samba-technical mailing list