John H Terpstra - Samba Team
2009-Mar-20 19:26 UTC
[Samba] Re: Samba mailing list questions regarding Group Policy
Nick Pappin wrote:> Can someone clarify Samba's abilities/limitations in regards to running > Samba as a PDC with Windows XP user/machine policies (Group Policy/NT > Policy... whatever kind is possible). > > A couple specifics that would be helpful to touch on: > > - Can I apply different settings to certain groups of users/computers? If > so will they still receive the all encompassing settings that apply to all > users/computers? > - What kinds of settings can I change? am I limited to NT4 .POL templates > that I can find on the net? Can I modify any/all registry keys under > HKLocalMachine and/or HKCurrentUser? Or can I use adm type files that I see > people talking about? > > > Thanks > > P.S. > Any good howto links would be much appreciated!Nick, This is not a subject that fits the samba-technical horizon. Please keep this discussion on the samba list. Samba3 is like NT4. Any policy that can be implemented under NT4 will work nicely with Samba3 domains. The methods that can be used to control Windows client user and group restrictions (policies) includes the following: a) Use of the NTConfig.pol file (stored in the root of the Netlogon share) b) Use of Roaming Profiles (stored in the Profiles share) c) Use of Mandatory Roaming Profiles (stored in the Profiles share) d) Use of Network Default User Profiles (stored in the root of the Netlogon share) e) Use of Samba's smarts to limit how each of these may be reached. In this case your share path for the profiles share, or for the NetLogon share can make use of: path = /home/profiles/%g or path = /home/profiles/%a or path = /home/netlogon/%g Please update yourself on the Microsoft KB articles regarding Mandatory v's User, v's Group profiles settings. Each profile (NTUser.DAT file) contains a copy of the HKCU (current user) profile tree. Anything that can be edited in that registry tree can be handled through one of the above mechanisms. None of the above (other than the path switching logic) involves Samba. All use nothing other than NT4 profile handling configuration and controls. I hope this helps. - John T. -- John H Terpstra "If at first you don't succeed, don't go sky-diving!"