[Samba] NTConfig.POL not working for Win 2000 (for XP working fine)?

Tomasz Chmielewski mangoo at wpkg.org
Sat Nov 19 16:14:41 GMT 2005


Robert Schetterer schrieb:
> Tomasz Chmielewski schrieb:
> 
>> Tomasz Chmielewski schrieb:
>>
>>> I'm just exploring the Profile Editor, described on 
>>> http://www.pcc-services.com/custom_poledit.html - and policies saved 
>>> to NTConfig.pol file and copied to the netlogon share work great for 
>>> Windows XP machines.
>>>
>>> However, with Windows 2000, they don't work at all. Winh XP machines 
>>> - policies are applied.
>>>
>>> I see in Samba logs that the NTConfig.pol is copied from the server 
>>> to the w2k workstation, but it has no effect.
>>>
>>> This Profile Editor is designed for Windows 2000, as it was shipped 
>>> with w2k SP4, so I expected it will work with 2000.
>>>
>>> Am I missing something?
>>
>>
>>
>> I searched the internet, but no clue about the issue :(
>>
>> In the event log it is as eventid: 1000, source: uservenv, and in the 
>> log itself it says something like (translated from German):
>>
>> RegLoadKey aborted. Returned value "False Parameter." for C:\Documents 
>> and Settings\Administrator.DOMAIN\prfCA.tmp
>>
>> prfCA.tmp (and other such tmp files) are the exact copy of the 
>> NTConfig.POL that is saved in the netlogon directory.
>>
>> I tried creating other NTConfig.POL files (with only basic setting 
>> like IE start site), but this message just shows all the time, and 
>> settings are not applied.
>>
>> Any clue?
>>
>> I use Windows 2000 SP4, and Samba 3.0.20.
>>
>> Windows XP works fine with NTConfig.POL files and the same Samba.
>>
>>
> this ist stuff need to be fixed in the profile share
> should be like this
> [profiles]
>   path = /var/lib/samba/profiles
> #   vfs objects = extd_audit
>   read only = no
>   create mask = 0755
>   directory mask = 0755
>   browseable = No
>   guest ok = Yes
>   profile acls = yes
>   csc policy = disable
>   force user = %U
>   hide files = /desktop.ini/ntuser.ini/NTUSER.*/
>   locking = No
>   oplocks = False
>   level2 oplocks = False
> #  valid users = %U, @"Domain Admins"

why [profiles]?

as it's explained here: https://bugzilla.samba.org/show_bug.cgi?id=3042
one has to put this into [netlogon] share:

acl check permissions = no

-- 
Tomek
http://wpkg.org
WPKG - software deployment and upgrades with Samba



More information about the samba mailing list