[Samba] Samba PDC and MSN Messenger

Ries van twisk rvt at dds.nl
Thu Feb 21 14:40:07 GMT 2002 

Hi,

I'm not sure what this had to do with Samba but I'm not a NT guru.. I
know there is a think like 'local user policies' I had to take a look
there to let a regular user burn CD's. Mabe there is something in there
for MSN aswell.

Wy not ask MS? Most of the time they did give my a answer although about
80-90% was correct and the rest was incorrect.

Ries

Marcel Kunath wrote:
> 
> Hello,
> 
> I run a Samba 2.2.3a server with XP clients successfully. I am aware of the
> fact that XP
> 
> restricts access to some of its users (local) in regards to some programs. I am
> unsure which
> 
> programs these are but MSN Messenger might be one of them. I think I heard
> guest users are
> 
> not allowed to use MSN Messenger under XP by default.
> 
> Now I have trouble to get MSN Messenger to start under XP for certain users:
> 
> Administrator (local) can start MSN Messenger.
> marcel (domain user and domain admin group member) can start MSN Messenger.
> anna (domain user) cannot start MSN Messenger.
> guest (guest domain user) cannot start MSN Messenger.
> 
> I have had a look at the registry options, the file executable permissions, the
> local
> 
> security policies set on the XP machine and web sites but I cannot find a way
> to give access
> 
> to all user for MSN Messenger or another messaging service like Yahoo Pager.
> 
> I included some data I have collected from my setup at the end of the email.
> 
> (Note: domain user 'marcel' is in the group "ntadmin" and I could add all my
> other users to
> 
> this group to make them able to start MSN Messenger but I would remove any
> security and file
> 
> protections from the XP machine therefore since all users then become
> administrators.)
> 
> Thanks for the help,
> 
> Marcel
> 
> Permissions on local box:
> 
> c:\program files\messenger\msmsgsin.exe:
> 
>   administrator(local/administrators) full
>   everyone read/execute, read
>   power users (local/power users) modify,read/execute,read,write
>   system full
>   users (local/users) read/execute,read
> 
> c:\program files\messenger\msmsgs.exe:
> 
>   administrator(local/administrators) full
>   everyone read/execute, read
>   power users (local/power users) modify,read/execute,read,write
>   system full
>   users (local/users) read/execute,read
> 
> C:\Documents and Settings\All Users\Start Menu\Programs\windows messenger: (a
> shortcut)
> 
>   target: "C:\Program Files\Messenger\msmsgs.exe"
> 
>   start in: %HOMEDRIVE%%HOMEPATH%
> 
>   administrator(local/administrators) full
>   everyone read/execute, read
>   power users (local/power users) modify,read/execute,read,write
>   system full
>   users (local/users) read/execute,read
> 
> Local Security Policy:
> 
> Network access: Let Everyone permissions apply to anonymous users. ENABLED
> 
> registry entries for hkey_local_machine/software/microsoft/messenger_service
> have been
> 
> untouched.
> 
> # cat /etc/samba/smb.conf
> [global]
>         workgroup = MYWORKGROUP
>         netbios name = MAIL
>         server string = Samba %v on %L
>         interfaces = 192.168.1.1/24 127.0.0.0/24
>         encrypt passwords = Yes
>         update encrypted = Yes
>         null passwords = Yes
>         passwd program = /usr/bin/passwd %u
>         passwd chat debug = Yes
>         unix password sync = Yes
>         log file = /var/log/samba-log.%m
>         time server = Yes
>         keepalive = 30
>         domain admin group = @ntadmin
>         logon script = %U.bat
>         logon path = \\%L\profiles\%U
>         logon drive = z:
>         domain logons = Yes
>         os level = 33
>         preferred master = True
>         domain master = True
>         kernel oplocks = No
>         guest account = guest
>         hosts allow = 192.168.1., 127.
>         printing = lprng
>         print command = /usr/bin/lpr -P%p -r %s
>         lpq command = /usr/bin/lpq -P%p
>         lprm command = /usr/bin/lprm -P%p %j
>         lppause command = /usr/sbin/lpc hold %p %j
>         lpresume command = /usr/sbin/lpc release %p %j
>         queuepause command = /usr/sbin/lpc -P%p stop
>         queueresume command = /usr/sbin/lpc -P%p start
>         browseable = No
> 
> [homes]
>         comment = %U Home Directory
>         read only = No
>         veto files = /.?*/
> 
> [netlogon]
>         comment = The Domain Logon Service
>         path = /etc/samba/logon
> 
> [profiles]
>         comment = NT Profile Storage
>         path = /home/ntprofiles
>         read only = No
> 
> # groups marcel
> marcel : users ntadmin
> # groups anna
> anna : users
> # groups guest
> guest : guest
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list