[Samba] Creating Custom System Policy Templates
Ilia Chipitsine
ilia at paramon.ru
Sat Mar 12 10:10:10 GMT 2005
> Has anyone looked into creating custom templates for Microsoft's System
> Policy editor ? I like the idea of managing workstations through the
yes, I did look at it :-)
I even have been using custom templates for some years, since nt4
workstations.
maybe I will eventually create and maitain online resource on this
subject. currently I'm out of time to do that, and I'm not sure it will
be profitable (in any sence).
maybe we can cooperate our efforts on this ? (no kidding)
I attached custom template for enabling Outlook attachements displaying
(without Exchange server), it is well known that MS Outlook, for example
blocks by default "exe, reg, pif" files. According to that template
(sorry, haven't yet translated it to English) You can unblock such
attachements.
> NTConfig.POL file, but the included templates are quite a bit outdated.
> Does anyone know if it would be worth-while to take the time and create an
> updated Template to add policies to manage newer features of Windows
> 2000/XP through the NTConfig.POL file, or if it is even possible ?
it is _definetly_ possible.
any settings in HKLM and HKCU branches (hives) can be propagated through
NTConfig.POL (of course, You need to create custom template for such
purpose)
>
> Currently, if I have to adjust the machine's registries, I just push it out
> with a Kixtart Script, which means that if I want to adjust any "User"
> registry settings, the user has to be logged in when I run the script. I
> think the System Policy Editor would be a better way to go, as long as you
> keep in mind the "tatoo" effect on the registry.
Kixtart is just brilliant. much easier (and as You noticed, no "tatoo"
effect) than POLEDIT, but it can be used against only registry where user
has writing permission, HKCU of course, but HKLM is questionable (unless
your users have admin rights).
I even have some stupid software that stores settings on
HKEY_CLASSES_ROOT, it is also manageble with Kixtart.
>
> Does anyone have any info on whether or not this is feasible, or if samba
> will soon support Group Policy Objects (so I won't need to do this)? Or if
there's Nitrobit solution. Haven't tested it yet.
looks nice.
yes, GPO + samba will be nice, but I guess it will be ready when all of us
will do it possible :-) Samba code is not produced by itself yet, just by
people who write it.
> someone already has accomplished this or has any other comments.....
>
> Mike Petersen
> mgpeter at pcc-services.com
>
> References:
> Creating Custom Templates for SPE -
> http://www.oreilly.com/catalog/winsyspe/chapter/ch08.html
>
> Microsofts Group Policy Reference Spreadsheet -
> http://download.microsoft.com/download/a/a/3/aa32239c-3a23-46ef-ba8b-da786e167e5
> e/PolicySettings.xls
>
> Samba Rocks !!
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
-------------- next part --------------
CLASS USER
CATEGORY "MS Outlook"
POLICY "?????????? ??????"
KEYNAME "Software\Microsoft\Office\11.0\Outlook\Security"
PART "?? ??????????? ???????????? ??????????" EDITTEXT
VALUENAME "Level1Remove"
END PART
END POLICY
POLICY "???????? ?????????"
KEYNAME "Software\Microsoft\Office\11.0\Outlook\Options\Mail"
PART "?? ???????????? MS Word 2003 ? ???????? ????????? ?????" CHECKBOX DEFCHECKED
VALUENAME "EditorPreference"
VALUEON NUMERIC 20000
VALUEOFF NUMERIC 0
END PART
END POLICY
POLICY "?????????????"
KEYNAME "Software\Microsoft\Office\11.0\Outlook\Preferences"
PART "???????? ?????????????" CHECKBOX DEFCHECKED
VALUENAME "DoAging"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END PART
PART "???????????? ??? ??????? ?????? ????????" CHECKBOX DEFCHECKED
VALUENAME "ArchiveOld"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END PART
; PART "????? ??????? ????" CHECKBOX DEFCHECKED
; VALUENAME "EveryDays"
; VALUEON NUMERIC 1
; VALUEOFF NUMERIC 0
;;
; END PART
END POLICY
END CATEGORY
More information about the samba
mailing list