-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/13/2006 08:28 AM, Thierry Lacoste escreveu:> Following TOSHARG and "Samba 3 by examples" I implemented
> Folder redirection plus some security restrictions by building
> a custom NTUSER.DAT which is the default profile of my users.
> The problem is that each user has read/write access to its profile
> share therefore he can replace its NTUSER.DAT.
>
> This is why I chose mandatory profiles.
> Is there another solution?
From the beloved smb.conf manpage:
The share and the path must be readable by the user for the
preferences and directories to be loaded onto the Windows NT
client. The share must be writeable when the user logs in for
the first time, in order that the Windows NT client can create
the NTuser.dat and other directories. Thereafter, the directo?
ries and any of the contents can, if required, be made
read-only. It is not advisable that the NTuser.dat file be made
read-only - rename it to NTuser.man to achieve the desired
effect (aMANdatory profile).
> The problem with mandatory profiles is that some settings are not
> saved: for instance the Favorites folder; I did not redirect it because
> I read in several books that only the Desktop, My documents,
> Application Data and Start Menu can be redirected.
>
> Is there a way to save Favorites with mandatory profiles?
Hmmm, not sure... probably no, because it is a mandatory
profile, but you can save it on alternative paths, I don't why
to do that. :(
> Regards,
> Thierry.
Kind regards,
- --
Felipe Augusto van de Wiel <felipe@paranacidade.org.br>
Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFFCrsJCj65ZxU4gPQRArfQAKCGmwLy6Y10iOBw1g1CnhlhzqWXbQCgzR8e
xLdR7DZXmW+2ZTuIr+3Hnno=yppA
-----END PGP SIGNATURE-----