[Samba] gpedit.msc as centralized policy for 2k/xp clients

richard rcoates at bigpond.net.au
Sun Mar 16 08:37:54 GMT 2003

Hi Uli,
Is it possible to apply these at logon? through/via logon scripts to
centralize admin? I believe the user side is not applied till login
anyway? regards,
Richard Coates.

On Fri, 2003-03-14 at 03:30, Ulrich Kohlhase wrote:
> We use local (!) GPOs on our Win2k clients with great success:
> - log on to "master" workstation as administrator
> - create a link to the "C:\WINNT\system32\GroupPolicy" folder on your
> administrator's desktop
> - optionally add gpedit.msc to mmc (add snapin ...)
> - change settings in GPOs to fit your needs or your company's security
> policy (especially admin templates)

> - export and import on other workstations or clone "master" workstation

> Please bear in mind that LGPOs affect ALL local users and Samba domain
> users, including the local administrator account. So be careful when
> changing the LGPOs since the user-specific policy settings are immediately
> effective! Administrators control can be retained by denying read access on
> the GroupPolicy folder, logging off and logging on again. This trick
> probably won't work on WinXP any more, so you will need to find a different
> solution.
> Please post your findings, especially if an alternative for WinXP and/or
> central policy management is at all possible.
> Good luck,
> Uli

More information about the samba mailing list