Shared Registry problem

Gerald W. Carter cartegw at Eng.Auburn.EDU
Tue Feb 24 14:19:35 GMT 1998 

> I have multiple win95 computer configured such that the user profile is
> on the samba server.  I made one general account that multiple users 
> can access simultaneously. It is configured such that the profile is
> never saved at end of the session.

I am guessing that you mean you set the "Do not save changes" in the
registry using the policy editor ( or some means ).

> I had the problem that the user.dat part of the profile has to be
> accessed in write mode (if not : dialog box telling registry had
> problem, and have to restore from the backup). Ok i solved it by
> preventing those users using regedit.
> 
> The problem is now that they are accessing user.dat simultaneously, so
> trying to write it too. If samba locked the file, win95 says the same
> thing (problem with registry, try to restore thye backup).
> 
> How can I prevent this?

You can try turning locking off ( but I really don't think that you want
to do this ).  Alternately you can look at mandatory profiles ( page 489
of the Win95 Resource Kit.  Also look in the Hypertext version on the
Windows 95 install CD ).

> 
> Other problem : is there a way to prevent users to reboot win95 in
> MS-DOS mode, without preventing them to use DOS windows...

No.  Trust me on this one.  Sorry to say but you are fighting a losing
battle.  I manage several public Windows 95 labs ( student labs ) and it
is impossible to secure Windows 95.  You can only get a "best fit"
solution.  Here are a couple...

- Disable the shutdown command using the policy editor.  Get a utility
to reboot the computer ( i have one if you need it ) and let the user's
log off this way.  However, you can still access the Shutdown option
screen from the Task Manager?!  Doe sthat make any sense.  I say no!! 
But that's the way MS made things.

> Because if they boot in dos, they can access regedit and so mess up
> registry...

We use program call "Stop Light" that allows you to effective put a
permissioned file system on top of FAT.  See http://www.safetynet.com/
for more info on that.

The process is basically this.

	- Make a backup copy of the registry and mark it as read only
	  using Stop Light

	- Restore the backup copy during AUTOEXEC.BAT

Contact me directly if you need specific details.


j-
________________________________________________________________________
                            Gerald ( Jerry ) Carter	
Engineering Network Services                           Auburn University 
jerry at eng.auburn.edu             http://www.eng.auburn.edu/users/cartegw

       "...a hundred billion castaways looking for a home."
                                  - Sting "Message in a Bottle" ( 1979 )

More information about the samba mailing list