[Samba] how to set folder redirection on Windows 7 with a Samba PDC

Daniel Müller mueller at tropenklinik.de
Wed Aug 25 05:59:20 MDT 2010 

In the first. I think for the case of xp and 2000 the netlogon script is
Done with administrator rights. But with vista and 7 it is different.
Some things will not work as they should.
Ex: if you want to change registry settings(HKL_machine) you must be
administrator.
This could be done by third party software (sanur,runas).
After all kixstart is no replacement of ntconfig.pol.
Greetings Daniel

-----------------------------------------------
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Abe Lau
Gesendet: Mittwoch, 25. August 2010 13:39
An: German Molano
Cc: samba at lists.samba.org
Betreff: Re: [Samba] how to set folder redirection on Windows 7 with a Samba
PDC

On Tue, Aug 24, 2010 at 1:38 AM, German Molano <gmolano at ignios.net> wrote:

>  On 22/08/2010 01:44 a.m., Abe Lau wrote:
>
>
>> On Sun, Aug 22, 2010 at 2:48 PM, German Molano
<gmolano at ignios.net<mailto:
>> gmolano at ignios.net>> wrote:
>>
>>     On 21/08/2010 10:54 p.m., Abe Lau wrote:
>>
>>        Hi,
>>        I have read that Windows 7 is using a new admx format and that
>>        it is not
>>        compatible with the old-school poledit.  If I would like to
>>        stick with a
>>        Samba PDC, is there any elegant way to get Windows 7 client to
>>        obey the
>>        folder redirection(and possibly other rules) set using poledit&
>>        NTConfig.pol?
>>
>>    Yes there is a way to do folder redirection with kixtart tools
>>     you can write directly to the Windows Registry modyfing the
>>    Workstation Settings.
>>
>>    In your netlogon start up script call kix32 runtime with your own
>>    script with some values like these:
>>
>>    $UserShellFolders =
>>
>>
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User
>>    Shell Folders"
>>    WriteValue($UserShellFolders, "Personal", "H:\Documents", "REG_SZ")
>>    WriteValue($UserShellFolders, "AppData",
>>    "H:\.winsettings\appdata", "REG_SZ")
>>    WriteValue($UserShellFolders, "Desktop", "H:\WinDesktop", "REG_SZ")
>>    WriteValue($UserShellFolders, "My Music", "H:\Music", "REG_SZ")
>>    WriteValue($UserShellFolders, "My Pictures", "H:\Pictures", "REG_SZ")
>>    WriteValue($UserShellFolders, "My Video", "H:\Videos", "REG_SZ")
>>    WriteValue($UserShellFolders,
>>    "{374DE290-123F-4565-9164-39C4925E467B}", "H:\Downloads", "REG_SZ")
>>
>>
>>
>>        I have been searching the mailing list, but there doesn't
>>        seems to be much
>>        detailed information on how to get Windows 7 to integrate
>>        nicely with a
>>        Samba PDC.  Any insights?
>>
>>        Thanks,
>>        Abe
>>
>>
>>    --     To unsubscribe from this list go to the following URL and read
>> the
>>    instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>> Thanks German Molano.
>>
>> That may seems to be a viable solution.  By the way, the webpage doesn't
>> mention Windows 7 being supported?  Is the webpage just outdated?
>>
>
> Yes it is supported but some Registry values are protected and some values
> differs from Windows 7/Vista to Windows XP/2000, but with kixstart you
could
> distinct between platforms and apply settings depend on it, it could be
done
> like this:
>
> $ntversion = READVALUE("HKLM\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\", "CurrentVersion")
>
> Select
>
>        Case $ntversion = 6.1 ;Windows 7
>
>                WriteValue(....
>
>        Case $ntversion = 6.0 ;Windows Vista
>
>                WriteValue(....
>
>        Case $ntversion = 5.1 ;Windows XP
>
>                WriteValue(....
>
>        Case $ntversion = 5.0 ;Windows 2000
>
>                WriteValue(....
>
>
>
>
>> Not knowing much about kixtart, does it mean that I could replace
>> everything in NTConfig.pol with a kixtart script?  That would be an
elegant
>> solution before Samba4 is ready I suppose :-)
>>
>>
> NTConfig.pol modifies resgistry settings at logon, so yes you could
replace
> it, but is little less "graphical" because you deal with a script not with
a
> GUI. Also you could deliver policies with a Domain Group basis with
> conditionals like this:
>
> If InGroup( "MYDOMAIN\Accounting" )
>
>    WriteValue(....
>
> EndIf
>
>
>
>  Abe
>>
>
>
>
Thanks German.

I tried to read into the manual of Kixtart, and it seems to me that the way
to go with samba is to run kixtart via the netlogon logon script.  This
looks straight-forward and easy to implement.

However, does it mean kixtart will run only with limited user privileges,
and thus cannot modify anything that will need administrative privileges?
If that is the case, I shouldn't be considering it  a replacement of
NTConfig.pol isn't it?

Abe
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list