[Samba] Re: SAMBA/PDC + LDAP HELP please? => For your profiles.
Louis van Belle
louis at van-belle.nl
Fri Oct 7 13:51:52 GMT 2005
realy,
thank you for notifing me..
but why is this then in the manual
http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html
Windows XP Service Pack 1
There is a security check new to Windows XP (or maybe only Windows XP
service pack 1).
It can be disabled via a group policy in the Active Directory. The policy is
called:
Computer Configuration\Administrative Templates\System\User Profiles\
Do not check for user ownership of Roaming Profile Folders
( is same as CompatibleRUPSecurity"=dword:00000001 )
And yes this is also in SP2.
I used this to avoid problems, and it works for me.
As i see in the sambalist lots of people have the same problems and
questions
so therefor i give them my working config, And this is what i did.
that of the requiresignorseal / signsecurechannel i didnt know,
so im going to test this in my 2e office location. thank you voor notifing
me for that.
the "ExcludeProfileDirs" is used in my default user profile.
and this are the default directories :
Geschiedenis, Local Settings, Temp en Temporary Internet Files
default there is also "Local Settings".. and i want these to move also
in to the profile dir on the server, there are files in i need
when users move to an other pc.
for example.
%USERPROFILE%\Local Settings\Application Data\Microsoft\Outlook (
extend.dat )
Stores a reference to which extensions (addins) you have loaded.
%USERPROFILE%\Local Settings\Application Data\Microsoft\Credentials
Contains setting of my users, so i excluded this out of the
excludeprofiledir
just some comment..
Louis
>-----Oorspronkelijk bericht-----
>Van: samba-bounces+louis=van-belle.nl at lists.samba.org
>[mailto:samba-bounces+louis=van-belle.nl at lists.samba.org]
>Namens Craig White
>Verzonden: vrijdag 7 oktober 2005 14:39
>Aan: samba at lists.samba.org
>Onderwerp: RE: [Samba] Re: SAMBA/PDC + LDAP HELP please? =>
>For your profiles.
>
>On Fri, 2005-10-07 at 08:54 +0200, Louis van Belle wrote:
>
>> when this is done.
>>
>> add 2 registry keys.
>> /cut_here
>> REGEDIT4
>> ; do not roam the following folders
>> [HKEY_CURRENT_USER\Software\Microsoft\Windows
>NT\CurrentVersion\Winlogon]
>> "ExcludeProfileDirs"="Temporary Internet Files;History;Temp"
>>
>>
>;--------------------------------------------------------------
>-----------
>> ; force Windows XP Professional clients to accept Samba as a PDC
>>
>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\
>Parameters]
>> "requiresignorseal"=dword:00000000
>> "signsecurechannel"=dword:00000000
>>
>>
>;--------------------------------------------------------------
>-----------
>> ; Do not check for user ownership of Roaming Profile Folders
>> [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
>> "CompatibleRUPSecurity"=dword:00000001
>> /cut_here
>>
>-----
>I hate to see people encouraged to apply unnecessary fixes that were
>suggested to work around issues that were created as temporary
>solutions
>to the moving target of Windows.
>
>requiresignorseal / signsecurechannel issues have long since been fixed
>in Samba - no need for those registry changes - this was a Samba 2.x
>issue.
>
>I am pretty certain that the 'CompatibleRUPSecurity' registry patch
>isn't needed any longer as well, I think that was an issue created from
>original release of WinXP SP1
>
>The 'ExcludeProfileDirs' - those folders should have been excluded
>automatically.
>
>Craig
>
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list