[Samba] group policies, domain policies and workstation policies without Active Directory??

Gémes Géza geza at kzsdabas.sulinet.hu
Sat Dec 6 22:37:03 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

kyle írta:
| On Sat, 06 Dec 2003 15:47:32 -0600
| Andrew Gaffney wrote:
|
|
|>Michael_Ruzek at log.at wrote:
|>
|>>I have the following situation: a network with 30 Windows NT Server on
|>>different sites, 800 clients with Windows XP; I want to migrate to Samba
|>>instead of Windows 2003 Server, but I have the effort to manage group
|>>policies, domain policies and workstation policies on the XP Clients;
|
|
|>Do you really want to apply the XP registry hack to 800 clients? Although,
|>it may no longer be necessary if you're using 3.0. Does anyone know?
|
|
| what hack are you talking about? (I'm really interested in doing this
since
| I've posted several questions on this same list before).
|
| My approach was like this :
|
| - Samba 3 server
| - Windows XP client machines
| - Roaming profiles stored on the server
| - The client machines execute a script on logon that tries to load a
| specially customized .reg file, but fails doing it because the user that
| logs won't have priviledges enough to modify the registry (entries con
| "hkey_current_user - HKU" or similar)
|
| this didn't work... any ideas? :-)
|
|
|
|
|
If you create with NT4 Servers, or Win2k servers poledit.exe a file
named NTConfig.POL and place it to the netlogon share of your Samba 3
server, then you are ready to go, as for beeing member for a Samba 3
server controled domain doesn't require patching XP's registry anymore.
The only problems are in clients don't recognizing some details of the
policy file. E.g. Win2k/XP clients fail to remove the name of the last
loged in user from the logon window.
You should see if the aplicable enforcements would suffice your needs.
About trying to apply reg files at logon, such tricks work for Win9x/Me
because there the registry is world writable, but WinNT/2k/XP/2k3 has
some security restrictions, and you can control a relatively small
amount of settings this way. However if you know that some registry
settings are working for you, you could try to write an .adm file for
it, which you could use with poledit.exe

Good Luck!

Geza Gemes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/0loO/PxuIn+i1pIRAuyAAKCyRBZvCkAmBVV/WaYx45TpPJPvSwCgqhJN
cJVjOf5NBJ+TIuWJ+H/oL7M=
=5h3O
-----END PGP SIGNATURE-----



More information about the samba mailing list