[Samba] howto "upgrade/transfer" samba domain-user + domain-group data to a new windows 2003 act

ryan punt rpunt at good-sam.com
Fri Dec 8 16:51:58 GMT 2006

You could do what we do - just replace the local machine policies each time you rev the policy set. They're stored in c:\windows\system32\grouppolicy.

Using gpscript.exe (Google for it, don't have a specific site) you can dump the contents of either registry.pol file to text. You can also recombine textfiles back into a .pol file, and subsequently rev the gpt.ini file so your new .pol files are utilized. Finding the registry paths to GPOs will take some digging in ADM templates, but if you open the templates with Wordpad you can search for the description you're looking for, and eventually figure out how to format the registry entry.

For example, gpscript.exe will dump GPOs like this:

/DATA:D 0x00000001

The KEY value is relative to HKCU or HKLM, depending on whether you're dumped the machine or user policy. The above entry is from user, and disables access to Windows Update.

It's not as slick or easy as AD, but it's certainly cheaper, especially if you don't rev your policies that often.


>>> "Urs Rau" <urs.rau at gmail.com> 12/7/2006 2:52 PM >>>
Thanks Michael,

On 12/6/06, Michael Schurter <michael at susens-schurter.com> wrote:
> Urs Rau wrote:
> > We have two basic needs that demand we now introduce active directory
> > servers to our previously 'windows server free' office. One we want to
> > manage the windows xp sp2 desktops using group policies and secondly
> > we have a need to start using shared calendaring.
> >
> > Alternatively, I would also welcome any suggestions that would allow
> > us to use microsoft outlook shared calendaring and enable us to manage
> > the windows xp workstations using group  policies, using any other
> > configuration, preferably open source of course. ;-)
> Group Policy Management in Samba:
> http://samba.org/samba/docs/man/Samba-HOWTO-Collection/PolicyMgmt.html 

Not sure if I am missing the trees for the forrest but to me that page
seems to support my conclusion. That if I want to use Group Policy
features with Samba I _do need_ active directory. I could try to use
the older NT4 style System Policies but that is not what I am after, I
am after using the _Group_ Policy features that only come with using
active directory? Or did I miss something?

Urs Rau
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba 

-------------- next part --------------

This email transmission and any documents, files or previous

email messages attached to it may contain information that is

confidential or legally privileged. If you are not the intended

recipient, you are hereby notified that any disclosure, copying,

printing, distributing or use of this transmission is strictly

prohibited. If you have received this transmission in error,

please immediately notify the sender by telephone or return

email and delete the original transmission and its attachments

without reading or saving in any manner.

The Evangelical Lutheran Good Samaritan Society.


More information about the samba mailing list