[Samba] Windows2000 policies in a Samba PDC
Áncor González Sosa
ancorglez2 at softhome.net
Mon Dec 29 07:31:49 GMT 2003
I'm installing a Samba 3.0 PDC with LDAP backend in a classroom in
a Spanish school. Client workstations are Windows2000 and, in the future,
there will be Linux clients.
I'm following the Samba Project Documentation book (also known as Samba
Howto Collection). The document is wonderfull, but there is a part that
I don't fully understand, maybe because, as you can read, I'm not a
native English speaker. :-(
I work with Spanish versions of Windows, so some terms can be inexact
(is MY translation from Spanish Windows's terms to English, not
Microsoft's one).
I want to use complete policies, centralized in the server and applied
depending of the user and the groups the user belongs to. I want to use
those features that W2000 policies have and WinNT lacks, like making
available particular applications to particular users and/or groups.
After reading the document, I'm not sure of the way I can manage
those advances policies without having a W2K Server:
* It's said in the document (23.2.3) that W2k policies are not stored in the
NETLOGON share (like it's done with NT policies) but rather part of a
Windows 200x policy file is stored in the Active Directory itself and the
other part is stored in a shared (and replicated) volume called the
SYSVOL folder.
* It's also said (23.3) that policy files contains the registry settings for
all users, groups, and computers, so only a policy file is necessary for
managing a whole domain.
* The document also says (23.2.3.1) that W2k policies must be created with
a Microsoft Management Console (MMC) snap-in.
Start -> Programs ->Admntive Tools-> Active Directory Users and Computers
Right-click on the OU -> Properties -> Group Policy
Well, when I use this tool, I need to create some GPOs for totally defining a
policy. For each GPO I create, a complex directory is created in:
c:\WINNT\SYSVOL\sysvol\domainname\profiles
This created folder includes several subfolders and files
The document says that NTConfig.POL must be copied in NETLOGON, but using the
MMC I don't get a .POL file, but a set of complex folders! Furthermore, a part
of the policy information is supposed to be located in the AD, not in that set
of folders.
I did the tests of the MMC with a W2k server that doesn't belong to the
classroom I'm configuring. In fact, I can't use that W2k server usually.
Well, I've already explained my situation, here are the questions:
* How can I create complex W2k policies with the W2k MMC and use them in my
Samba PDC?
Of course, I would like to change the policies (or, better, create them from
the beginning) without using a W2k server. It's possible?
* Maybe the client machine converts the profile in a single .POL file
(accessible in My Computer -> Properties -> User's Profiles) in the login
process.
If it occurs this way, is *everything* stored in this .POL file? Including
those settings that are not applied (for example, settings for a different
group)?
If this assumption is right, it would mean that the only way to get a
feature-rich policy ("a la" W2k, that are really more powerfull than WinNT
policies) is creating the policy in a W2k server and login afterwards from a
W2k worksation to obtain a single .POL file.
I expect there is a way of getting a W2k policy without installing and
configuring a W2k server and replacing it with Samba afterwards, so
Where are my assumptions wrong?
What is the best way for getting feature-rich W2k policies in a Samba PDC
without installing a W2k server?
Should I resign myself to using WinNT profiles (that are poorer but easier
to create)?
Thanks a lot, I promise I will write a Spanish howto explaining everything.
PD.- Sorry about my poor English writing.
--
.--.
LINUX |o_o |
|¡_/ |
Usuario registrado #239475 // \ \
(| | )
Áncor González Sosa /'\_ _/`\
ancorglez2 at softhome.net \___)=(___/
Debian GNU/Linux 3.0 (Woody)
More information about the samba
mailing list