Hello,
I'm looking for some extremely general tips/hints/ideas here, because I
am sure that I may be missing out on some good ways of managing the
Windows PCs on my network.
This is what I have and what is available to me:
- Samba 3.0.x (current Debian/Sarge version)
- LDAP backend for Samba
- Windows XP SP2 clients
- Domain users are typically unprivileged users
- A 'reference PC' for the WinXP disk image, with various
applications pre-installed and setup
- I do *not* have any Windows servers or Active Directory available,
nor any plans to do so
This is what I have figured out and have working so far:
- Domain logons for Windows XP systems to the Samba system
- Use of sysprep on the reference PC and partimage to deploy WinXP
systems
- Use of roaming profiles with folder redirects into users' home on
the Samba server for many folders (e.g. 'My Documents',
'Recent
Docs' etc.)
- Use of poledit.exe and various templates to create NTConfig.POL in
Samba's NETLOGON share, thus supporting various System Policies (1).
- Using gpedit.msc on the reference PC to 'deploy' various initial
policy settings (2)
This is what I *don't* have figured out. I basically need to find out
whether any of this is possible and, if so, whether it is possible using
my existing toolset:
- Updating and managing settings that I originally set via
gpedit.msc on the reference PC: this is (2) above. I cannot
change these settings once I've deployed the PC live, whereas for
settings in (1) above, I can do this via the appropriate System
Policy change. (Basically, if I understand the Windows-terminology
correctly, I have instituted Local Group Policy rather than 'real'
Group Policy?)
- Deploying software to the WinXP machines: would be nice :-)
Any suggestions for dealing with this setup would be most appreciated,
particularly relating to policy management. I've read much of the Samba
Book on this area, but it's a little confusing as to what options are
actually available to me with this setup.
Many thanks,
Dave.
--
Dave Ewart
davee@ceu.ox.ac.uk
Computing Manager, Cancer Epidemiology Unit
Cancer Research UK / Oxford University
PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370
Get key from http://www.ceu.ox.ac.uk/~davee/davee-ceu-ox-ac-uk.asc
N 51.7518, W 1.2016
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
Url :
http://lists.samba.org/archive/samba/attachments/20070220/c5ccb97f/attachment.bin
Am Dienstag, 20. Februar 2007 schrieb Dave Ewart:> Deploying software to the WinXP machines: would be nicecheck http://wpkg.org/ works like a charme br, Sebastain -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20070220/bba48655/attachment.bin
On Tue, Feb 20, 2007 at 04:02:21PM +0000, Dave Ewart wrote:> This is what I *don't* have figured out. I basically need to find out > whether any of this is possible and, if so, whether it is possible using > my existing toolset: > > - Updating and managing settings that I originally set via > gpedit.msc on the reference PC: this is (2) above. I cannot > change these settings once I've deployed the PC live, whereas for > settings in (1) above, I can do this via the appropriate System > Policy change. (Basically, if I understand the Windows-terminology > correctly, I have instituted Local Group Policy rather than 'real' > Group Policy?)If you're up for some lower level methods and roll-your-own type solutions, you may find the following helpful. I use this method to supplement the usual Active Directory Group Policies for cases where Group Policies don't work for one reason or another. For example, it can be used to apply user policies based on the machine that is logged into which can't normally be done. With a few exceptions, all Group Policies actually do are make specific, documented changes to the registry in either the HKEY_LOCAL_MACHINE (for computer/machine policies) or HKEY_CURRENT_USER (for user policies) registry hives. The documentation for all of the Group Policies is found in the C:\Windows\inf\*.adm files. Once you familiarize yourself with the file format you can find out exactly what registry values are set to enable certain Group Policies. After you determine what registry values need to be set you can deploy those changes using various methods: * Create a script (JavaScript, VBScript, Python if you have it installed on the PCs, etc.) that sets the appropriate values in the registry. When done in a script you have the flexibility to conditionally apply changes. * Create a REG file with the changes and then create a script that imports the registry file using reg.exe. For computer/machine policies, set the script to run when the computer boots up. For user policies, run the script during the login script so that it runs as the logged in user. It's not a point and click method like Active Directory Group Policies but it can be used to accomplish the same thing. Ed Plese