Samba mailing list questions regarding Group Policy

John H Terpstra - Samba Team jht at samba.org
Fri Mar 20 19:27:01 GMT 2009


Nick Pappin wrote:
> Can someone clarify Samba's abilities/limitations in regards to running
> Samba as a PDC with Windows XP user/machine policies (Group Policy/NT
> Policy... whatever kind is possible).
> 
> A couple specifics that would be helpful to touch on:
> 
>    - Can I apply different settings to certain groups of users/computers? If
>    so will they still receive the all encompassing settings that apply to all
>    users/computers?
>    - What kinds of settings can I change? am I limited to NT4 .POL templates
>    that I can find on the net? Can I modify any/all registry keys under
>    HKLocalMachine and/or HKCurrentUser?  Or can I use adm type files that I see
>    people talking about?
> 
> 
> Thanks
> 
> P.S.
>     Any good howto links would be much appreciated!

Nick,

This is not a subject that fits the samba-technical horizon. Please keep
this discussion on the samba list.

Samba3 is like NT4.  Any policy that can be implemented under NT4 will
work nicely with Samba3 domains.

The methods that can be used to control Windows client user and group
restrictions (policies) includes the following:

a) Use of the NTConfig.pol file
	(stored in the root of the Netlogon share)
b) Use of Roaming Profiles
	(stored in the Profiles share)
c) Use of Mandatory Roaming Profiles
	(stored in the Profiles share)
d) Use of Network Default User Profiles
	(stored in the root of the Netlogon share)
e) Use of Samba's smarts to limit how each of these may be reached.
In this case your share path for the profiles share, or for the NetLogon
share can make use of:
	path = /home/profiles/%g
or
	path = /home/profiles/%a
or
	path = /home/netlogon/%g

Please update yourself on the Microsoft KB articles regarding Mandatory
v's User, v's Group profiles settings.


Each profile (NTUser.DAT file) contains a copy of the HKCU (current
user) profile tree.  Anything that can be edited in that registry tree
can be handled through one of the above mechanisms.

None of the above (other than the path switching logic) involves Samba.
 All use nothing other than NT4 profile handling configuration and controls.

I hope this helps.

- John T.

-- 
John H Terpstra
"If at first you don't succeed, don't go sky-diving!"


More information about the samba-technical mailing list