On Wed, 5 Feb 2003, Jonathan Gowland wrote:
> We are using a system running Red Hat Linux 7.0 with Samba 2.2.7a as
> our PDC.
>
> For the most part, we want to use roaming profiles, so that users'
> settings are backed up via the PDC, and are available if they need to
> change or reinstall their Windows desktop machine. However, there are
> a few Windows systems (running NT 4.0 or Windows 2000) for which
> we would like to be able to disable roaming profiles.
>
> Atlas is a system running Windows 2000 server. It is a member of the
> domain.
>
> On a system running Windows NT 4.0 Terminal Server edition I did the
> following:
>
> - Logged on as local administrator.
>
> - Ran poledit.exe.
>
> - Added machine Atlas.
>
> - Double-clicked Atlas icon. Under "Windows NT User
Profiles"->"Choose
> profile default operation", selected "Use local profile".
>
> - Saved as NTConfig.pol and copied to the root directory of the netlogon
> share.
>
> When a user does a domain logon on Atlas, the Samba log log.atlas does
> not show NTConfig.pol being accessed. When the user logs off, updates
> to the user's profiles are saved.
>
> Agrigento is a system running Windows 2000 Workstation, and is also a
> member of the domain. I ran poledit.exe as above, but added a computer
> entry for Agrigento, and saved NTConfig.pol.
>
> When a user does a domain logon on Agrigento, the Samba log
> log.agrigento shows NTConfig.pol being accessed. However, when the user
> logs off, updates to the user's profiles are saved, so the policy
change
> in NTConfig.pol seems to have no effect.
You need to make the profile a mandatory profile if you want it to be
read-only. The proedure is documented in the NT4/Win2K Server Resource
kits.
>
> So what am I doing wrong? Is it possible to disable the use of roaming
> profiles on a per-machine basis? (I've been told that you can do this
> on a per-account basis, but this is not appropriate for our needs.)
By default all MS Windows roaming profiles are 'user' centric. I do not
know of a way to do this on a 'machine-of-origin' basis. I am working on
this for a presentation at the SambaXP conference so I am interested in
any of your findings.
- John T.
--
John H Terpstra
Email: jht@samba.org