[Samba] OT Windows policy question

Tony Earnshaw tonye at billy.demon.nl
Sat Apr 2 16:45:42 GMT 2005


Thanks tremendously to JC and JHT for guiding (nay, kicking) me
toward getting ACLs to work on RHAS3. Reading the RH sysadmin guide
about ACLs and searching elsewhere, as well as thinking for myself,
were also a pre.

Now for something completely different:

High school in Amsterdam Netherlands:
- Samba 3.0.11 RPC, not ADS (no way we're upgrading while the bug
reports keep pouring in)
- ldapsam backend, Openldap 2.2.17
- Mostly Win 2000 workstations
- Nitrobit 1.2 policy editor,

High school works perfectly, teachers can do what they want
(including print via Cups), mostly do. They don't have ACLs yet, but
that will come

Only, one teacher keeps downloading movies and stuffing them into
"My Documents", which gets written to his profile share on the
server each time he logs in or out. HUGE network traffic, even over
a 100Mb/1Gb backbone, that more or less stops the rest of the
network (up to 130 Windows and Linux Terminal Server Project nodes).
Yes, we can stop him, but that's not the point of the question,
which comes next:

With Nitrobit I can store the policy on the server (using mmc) and
read/implement it at each login. This makes folder redirection
possible and works. Doing this, I can redirect each "My Documents"
to the respective home directory, once and for all.

However, The Windows group policy snapin makes it easy to redirect
"My Documents", but redirecting "Start Menu" and "Desktop" requires
a local (machine) security profile. I wouldn't know what that is.

Can anyone on the list please point me at a Microsoft Knowledge Base
url that details what this is, and how I can implement it using
mmc/Group Policy?


mail: tonye at billy.demon.nl

More information about the samba mailing list