[Samba] OT Windows policy question

Gémes Géza geza at kzsdabas.sulinet.hu
Sat Apr 2 20:02:49 GMT 2005

Tony Earnshaw írta:

>Thanks tremendously to JC and JHT for guiding (nay, kicking) me
>toward getting ACLs to work on RHAS3. Reading the RH sysadmin guide
>about ACLs and searching elsewhere, as well as thinking for myself,
>were also a pre.
>Now for something completely different:
>High school in Amsterdam Netherlands:
>- RHAS3
>- Samba 3.0.11 RPC, not ADS (no way we're upgrading while the bug
>reports keep pouring in)
>- ldapsam backend, Openldap 2.2.17
>- Mostly Win 2000 workstations
>- Nitrobit 1.2 policy editor,
>High school works perfectly, teachers can do what they want
>(including print via Cups), mostly do. They don't have ACLs yet, but
>that will come
>Only, one teacher keeps downloading movies and stuffing them into
>"My Documents", which gets written to his profile share on the
>server each time he logs in or out. HUGE network traffic, even over
>a 100Mb/1Gb backbone, that more or less stops the rest of the
>network (up to 130 Windows and Linux Terminal Server Project nodes).
>Yes, we can stop him, but that's not the point of the question,
>which comes next:
>With Nitrobit I can store the policy on the server (using mmc) and
>read/implement it at each login. This makes folder redirection
>possible and works. Doing this, I can redirect each "My Documents"
>to the respective home directory, once and for all.
>However, The Windows group policy snapin makes it easy to redirect
>"My Documents", but redirecting "Start Menu" and "Desktop" requires
>a local (machine) security profile. I wouldn't know what that is.
>Can anyone on the list please point me at a Microsoft Knowledge Base
>url that details what this is, and how I can implement it using
>mmc/Group Policy?
>mail: tonye at billy.demon.nl
I don't know Nitrobit at all, but with the "traditional" Windows NT4 
policy editor you can use lot of adm files to offline edit the registry, 
creating an NTConfig.pol file on the root of your netlogon share. If I 
remember correctly one of the adm files shipped with the Windows NT4 ZAK 
(Zero Administration Kit).



More information about the samba mailing list