I have a bunch of W2K clients on my network and I want to be able to use GPOs, but REFUSE to go the M$ route ;-) Since GPOs are essentially registry entries, it might be somewhat easy to implement a simple program that could give admins that fine-grain control that is missing from NT4-style .pol files. What I would like to propose is a simple Win32 executable that could read from an encrypted text file (so the end-user can't change the entries) and stick those into the registry via logon scripting. I'm not one of those people that say "OK, here's an idea now someone make it," I'm perfectly willing and able to contribute. My questions for this are: - Am I barking up the wrong tree? Is there already another workaround? - Would anyone out there actually use it? - Is it truly practical? Any advice on this from the community will be greatly appreciated. -- Erich Vinson Chief of Technology TRG, Inc. ------------------------------------------------------------------------ 64 6F 6E 27 74 20 66 65 61 72 20 74 68 65 20 70 65 6E 67 75 69 6E
>Since GPOs are essentially registry entries, it might be somewhat easy to >implement a simple program that could give admins that fine-grain control >that is missing from NT4-style .pol files. > >What I would like to propose is a simple Win32 executable that could read >from an encrypted text file (so the end-user can't change the entries) and >stick those into the registry via logon scripting. I'm not one of those >people that say "OK, here's an idea now someone make it," I'm perfectly >willing and able to contribute. > >My questions for this are: > >- Am I barking up the wrong tree? Is there already another workaround? >- Would anyone out there actually use it? >- Is it truly practical?While it doesn't support encrypted files (to my knowledge) I use Kixtart to do all my registry edits in the startup scripts. The program isn't all that actively developed though... However, the advantage that GPO's had when I used them is that they seem to take effect immediatly where some of the registry edits with kixtart don't... I assume those settings are already read by the time I try and change them. For example, moving the My Documents folder by editing the registry doesn't take effect until the user logs off and back on... with a GPO it's effective the first time... So if you can find a way to fix that... I'll be there if you need things tested. Matt
> However, the advantage that GPO's had when I used them is that they seem to > take effect immediatly where some of the registry edits with kixtart > don't...The reason for this is that in a native 2K domain, you can set a GPO refresh interval that downloads and applies updated GPOs. We could certainly implement something similar to that, whether with Kixtart or developing a new app... I would like to start getting input from other admins that use Samba as a 2KServer alternative as far as the features they would like to see, how it should be deployed, etc. Not sure right now which is better, modify Kixtart or start from scratch? I have been thinking more and more and definately want to get something started, if for no other reason than it would make my life easier ;-) Of course, I'm willing to share! :-D Also, this could really help the cause of Samba as the GPO thing is a pretty major hurdle for 2K admins to overcome when considering whether to switch or not. -- Erich Vinson Chief of Technology IT, Inc. ------------------------------------------------------------------------ 64 6F 6E 27 74 20 66 65 61 72 20 74 68 65 20 70 65 6E 67 75 69 6E
> I didn't mean that so much... although that is something else... I meant > more that if I have a common My Documents folder (and at home I do) if I > change the logon script to point to a new folder it takes two logons to > have that folder redirected.I tried manually changing the registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal to a different value. You are right, even with manual modification, the change did not take effect until I logged off and back on. There is obviously some other process that must take place before the update happens. Unless, I just have the wrong key, which is entirely possible. I think that a search on the API might turn something up. I will try to look a little later. In the meantime, I am going to put together a "plan" for the GPO thing and will post to the list, probably tomorrow sometime. -- Erich Vinson Chief of Technology IT, Inc. ------------------------------------------------------------------------ 64 6F 6E 27 74 20 66 65 61 72 20 74 68 65 20 70 65 6E 67 75 69 6E
> I have created a GPO similar program specifically for deploying > applications to workstations. Similar to how GPO can push software > packages.This is one of the MAJOR things I would want to do with such a package. We all know how bad it sucks to try to maintain a consistent base among workstations without using the native W2K tools and such... That is a great concept. Would you mind sharing your source to contribute if this thing ever gets off the ground? -- Erich Vinson Chief of Technology IT, Inc. ------------------------------------------------------------------------ 64 6F 6E 27 74 20 66 65 61 72 20 74 68 65 20 70 65 6E 67 75 69 6E