[Samba] Creating Custom System Policy Templates

Ilia Chipitsine ilia at paramon.ru
Sat Mar 12 10:10:10 GMT 2005

> Has anyone looked into creating custom templates for Microsoft's System
> Policy editor ?  I like the idea of managing workstations through the

yes, I did look at it :-)
I even have been using custom templates for some years, since nt4 

maybe I will eventually create and maitain online resource on this 
subject. currently I'm out of time to do that, and I'm not sure it will
be profitable (in any sence).

maybe we can cooperate our efforts on this ? (no kidding)

I attached custom template for enabling Outlook attachements displaying
(without Exchange server), it is well known that MS Outlook, for example
blocks by default "exe, reg, pif" files. According to that template 
(sorry, haven't yet translated it to English) You can unblock such 

> NTConfig.POL file, but the included templates are quite a bit outdated.
> Does anyone know if it would be worth-while to take the time and create an
> updated Template to add policies to manage newer features of Windows
> 2000/XP through the NTConfig.POL file, or if it is even possible ?

it is _definetly_ possible.

any settings in HKLM and HKCU branches (hives) can be propagated through 
NTConfig.POL (of course, You need to create custom template for such 

> Currently, if I have to adjust the machine's registries, I just push it out
> with a Kixtart Script, which means that if I want to adjust any "User"
> registry settings, the user has to be logged in when I run the script.  I
> think the System Policy Editor would be a better way to go, as long as you
> keep in mind the "tatoo" effect on the registry.

Kixtart is just brilliant. much easier (and as You noticed, no "tatoo" 
effect) than POLEDIT, but it can be used against only registry where user 
has writing permission, HKCU of course, but HKLM is questionable (unless 
your users have admin rights).

I even have some stupid software that stores settings on 
HKEY_CLASSES_ROOT, it is also manageble with Kixtart.

> Does anyone have any info on whether or not this is feasible, or if samba
> will soon support Group Policy Objects (so I won't need to do this)?  Or if

there's Nitrobit solution. Haven't tested it yet.
looks nice.

yes, GPO + samba will be nice, but I guess it will be ready when all of us
will do it possible :-) Samba code is not produced by itself yet, just by 
people who write it.

> someone already has accomplished this or has any other comments.....
> Mike Petersen
> mgpeter at pcc-services.com
> References:
> Creating Custom Templates for SPE -
> http://www.oreilly.com/catalog/winsyspe/chapter/ch08.html
> Microsofts Group Policy Reference Spreadsheet -
> http://download.microsoft.com/download/a/a/3/aa32239c-3a23-46ef-ba8b-da786e167e5
> e/PolicySettings.xls
> Samba Rocks !!
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
-------------- next part --------------

CATEGORY  "MS Outlook"


			POLICY "?????????? ??????"

                        KEYNAME "Software\Microsoft\Office\11.0\Outlook\Security" 

                        PART "?? ??????????? ???????????? ??????????" EDITTEXT

                        VALUENAME "Level1Remove"



			POLICY "???????? ?????????"

                        KEYNAME "Software\Microsoft\Office\11.0\Outlook\Options\Mail" 

                        PART "?? ???????????? MS Word 2003 ? ???????? ????????? ?????" CHECKBOX DEFCHECKED

                        VALUENAME "EditorPreference"

                        VALUEON NUMERIC 20000

                        VALUEOFF NUMERIC 0



			POLICY "?????????????"

                        KEYNAME "Software\Microsoft\Office\11.0\Outlook\Preferences" 

                        PART "???????? ?????????????" CHECKBOX DEFCHECKED

                        VALUENAME "DoAging"

                        VALUEON NUMERIC 1

                        VALUEOFF NUMERIC 0


                        PART "???????????? ??? ??????? ?????? ????????" CHECKBOX DEFCHECKED

                        VALUENAME "ArchiveOld"

                        VALUEON NUMERIC 1

                        VALUEOFF NUMERIC 0


;                        PART "????? ??????? ????" CHECKBOX DEFCHECKED

;                        VALUENAME "EveryDays"

;                        VALUEON NUMERIC 1

;                        VALUEOFF NUMERIC 0





More information about the samba mailing list