[Samba] NTConfig.POL not working for Win 2000 (for XP working
fine)?
Tomasz Chmielewski
mangoo at wpkg.org
Sat Nov 19 16:14:41 GMT 2005
Robert Schetterer schrieb:
> Tomasz Chmielewski schrieb:
>
>> Tomasz Chmielewski schrieb:
>>
>>> I'm just exploring the Profile Editor, described on
>>> http://www.pcc-services.com/custom_poledit.html - and policies saved
>>> to NTConfig.pol file and copied to the netlogon share work great for
>>> Windows XP machines.
>>>
>>> However, with Windows 2000, they don't work at all. Winh XP machines
>>> - policies are applied.
>>>
>>> I see in Samba logs that the NTConfig.pol is copied from the server
>>> to the w2k workstation, but it has no effect.
>>>
>>> This Profile Editor is designed for Windows 2000, as it was shipped
>>> with w2k SP4, so I expected it will work with 2000.
>>>
>>> Am I missing something?
>>
>>
>>
>> I searched the internet, but no clue about the issue :(
>>
>> In the event log it is as eventid: 1000, source: uservenv, and in the
>> log itself it says something like (translated from German):
>>
>> RegLoadKey aborted. Returned value "False Parameter." for C:\Documents
>> and Settings\Administrator.DOMAIN\prfCA.tmp
>>
>> prfCA.tmp (and other such tmp files) are the exact copy of the
>> NTConfig.POL that is saved in the netlogon directory.
>>
>> I tried creating other NTConfig.POL files (with only basic setting
>> like IE start site), but this message just shows all the time, and
>> settings are not applied.
>>
>> Any clue?
>>
>> I use Windows 2000 SP4, and Samba 3.0.20.
>>
>> Windows XP works fine with NTConfig.POL files and the same Samba.
>>
>>
> this ist stuff need to be fixed in the profile share
> should be like this
> [profiles]
> path = /var/lib/samba/profiles
> # vfs objects = extd_audit
> read only = no
> create mask = 0755
> directory mask = 0755
> browseable = No
> guest ok = Yes
> profile acls = yes
> csc policy = disable
> force user = %U
> hide files = /desktop.ini/ntuser.ini/NTUSER.*/
> locking = No
> oplocks = False
> level2 oplocks = False
> # valid users = %U, @"Domain Admins"
why [profiles]?
as it's explained here: https://bugzilla.samba.org/show_bug.cgi?id=3042
one has to put this into [netlogon] share:
acl check permissions = no
--
Tomek
http://wpkg.org
WPKG - software deployment and upgrades with Samba
More information about the samba
mailing list