[Samba] gpedit.msc as centralized policy for 2k/xp clients

Sergiu Dunca sergiu.dunca at art-net.ro
Mon Mar 17 10:09:40 GMT 2003

Hi Uli,
How can I export/import on other workstations GPO deployed for local 
computer from the "master" workstations ?


Ulrich Kohlhase wrote:

>>I would like to figure out how to do this
>>gpedit.msc+AD+gpc+gpt magic for
>>win2k/xp with linux+samba(2.2/3.0/tng)+openldap and is it possible at
>We use local (!) GPOs on our Win2k clients with great success:
>- log on to "master" workstation as administrator
>- create a link to the "C:\WINNT\system32\GroupPolicy" folder on your
>administrator's desktop
>- optionally add gpedit.msc to mmc (add snapin ...)
>- change settings in GPOs to fit your needs or your company's security
>policy (especially admin templates)
>- export and import on other workstations or clone "master" workstation
>Please bear in mind that LGPOs affect ALL local users and Samba domain
>users, including the local administrator account. So be careful when
>changing the LGPOs since the user-specific policy settings are immediately
>effective! Administrators control can be retained by denying read access on
>the GroupPolicy folder, logging off and logging on again. This trick
>probably won't work on WinXP any more, so you will need to find a different
>Please post your findings, especially if an alternative for WinXP and/or
>central policy management is at all possible.
>Good luck,

More information about the samba mailing list