Hi guys,
I'm just about to shoot on my foot so I wanted to check if there is
something else to blow my full leg actually ;-))
I have setup a working Samba 3 PDC controller with user authentication and
roaming profiles. I want to lock down [*] the desktop on client machines
(win xp) as I did with poledit (NTConfig.POL) on Win9x/WinNT4 machines.
[*] Lock downs suck as : disabling msn messenger, disabling some IE
cappabilities, disabling some harmful programs (outlook.exe
premium-rate-dialer.exe ...), hiding access to disk drives...
Since the only possible way to do this (according to what I have read) is
using some Active Directory group policies, and taking into account that
samba 3 isn't capable (yet) of acting as a AD server, I have to find another
solution :-)
<scary_solution>
I've thought of building a specially crafted .reg file (actually a set of
them) which will be imported in each logon on the machine; that way, I can
control the way the desktop acts for each user.
I will have a "general.reg" file for common lockdowns, some specific
"group-A.reg", "group-B.reg" files for each group and
finally some
"user-A.reg" with specific lockdowns (or not) for special users.
</scary_solution>
I know this isn't great security since any user would be able to craft a
.reg file themselves and revert the lockdown... but for average user this
could be ok... :-)
Comments? ;-)
--
Window$ Macht Frei!
