List, Thanks tremendously to JC and JHT for guiding (nay, kicking) me toward getting ACLs to work on RHAS3. Reading the RH sysadmin guide about ACLs and searching elsewhere, as well as thinking for myself, were also a pre. Now for something completely different: High school in Amsterdam Netherlands: - RHAS3 - Samba 3.0.11 RPC, not ADS (no way we're upgrading while the bug reports keep pouring in) - ldapsam backend, Openldap 2.2.17 - Mostly Win 2000 workstations - Nitrobit 1.2 policy editor, High school works perfectly, teachers can do what they want (including print via Cups), mostly do. They don't have ACLs yet, but that will come Only, one teacher keeps downloading movies and stuffing them into "My Documents", which gets written to his profile share on the server each time he logs in or out. HUGE network traffic, even over a 100Mb/1Gb backbone, that more or less stops the rest of the network (up to 130 Windows and Linux Terminal Server Project nodes). Yes, we can stop him, but that's not the point of the question, which comes next: With Nitrobit I can store the policy on the server (using mmc) and read/implement it at each login. This makes folder redirection possible and works. Doing this, I can redirect each "My Documents" to the respective home directory, once and for all. However, The Windows group policy snapin makes it easy to redirect "My Documents", but redirecting "Start Menu" and "Desktop" requires a local (machine) security profile. I wouldn't know what that is. Can anyone on the list please point me at a Microsoft Knowledge Base url that details what this is, and how I can implement it using mmc/Group Policy? --Tonni -- mail: tonye@billy.demon.nl http://www.billy.demon.nl
Tony Earnshaw ?rta:>List, > >Thanks tremendously to JC and JHT for guiding (nay, kicking) me >toward getting ACLs to work on RHAS3. Reading the RH sysadmin guide >about ACLs and searching elsewhere, as well as thinking for myself, >were also a pre. > >Now for something completely different: > >High school in Amsterdam Netherlands: >- RHAS3 >- Samba 3.0.11 RPC, not ADS (no way we're upgrading while the bug >reports keep pouring in) >- ldapsam backend, Openldap 2.2.17 >- Mostly Win 2000 workstations >- Nitrobit 1.2 policy editor, > >High school works perfectly, teachers can do what they want >(including print via Cups), mostly do. They don't have ACLs yet, but >that will come > >Only, one teacher keeps downloading movies and stuffing them into >"My Documents", which gets written to his profile share on the >server each time he logs in or out. HUGE network traffic, even over >a 100Mb/1Gb backbone, that more or less stops the rest of the >network (up to 130 Windows and Linux Terminal Server Project nodes). >Yes, we can stop him, but that's not the point of the question, >which comes next: > >With Nitrobit I can store the policy on the server (using mmc) and >read/implement it at each login. This makes folder redirection >possible and works. Doing this, I can redirect each "My Documents" >to the respective home directory, once and for all. > >However, The Windows group policy snapin makes it easy to redirect >"My Documents", but redirecting "Start Menu" and "Desktop" requires >a local (machine) security profile. I wouldn't know what that is. > >Can anyone on the list please point me at a Microsoft Knowledge Base >url that details what this is, and how I can implement it using >mmc/Group Policy? > >--Tonni > >-- >mail: tonye@billy.demon.nl >http://www.billy.demon.nl > > > >I don't know Nitrobit at all, but with the "traditional" Windows NT4 policy editor you can use lot of adm files to offline edit the registry, creating an NTConfig.pol file on the root of your netlogon share. If I remember correctly one of the adm files shipped with the Windows NT4 ZAK (Zero Administration Kit). Cheers Geza
Tony Earnshaw: [...]> However, The Windows group policy snapin makes it easy to redirect > "My Documents", but redirecting "Start Menu" and "Desktop" requires > a local (machine) security profile. I wouldn't know what that is. > > Can anyone on the list please point me at a Microsoft Knowledge > Base > url that details what this is, and how I can implement it using > mmc/Group Policy?O.k., this was a stupid RTFM question: the answer is in the Windows XP help documentation on the machine itself. I'm sorry for having wasted anybody's time (I'm going through the torture of having to relearn Windows). The funny thing is, that one has to associate relocation of any other folder than "My Documents" with a group local to the XP machine. --Tonni -- mail: tonye@billy.demon.nl http://www.billy.demon.nl