On Sat, 2002-11-23 at 15:57, John H Terpstra wrote: > On Sat, 23 Nov 2002, xfesty wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Hiya. > > > > Is there anyway to make non changable roaming profiles for all users > > with XP workstations, and Samba 3.0HEAD from CVS acting as a PDC? > > I documented the exact process for you earlier today. Please refer to the > expressly clear instructions given for creating a mandatory profile for > Windows XP. > > If you do not follow this process you will not achieve what you need. > A mandatory profile is precisely what you need - a profile that no user > can change. It can not be read-only, but it is not writable. To be > writable NTUser needs to ba a .DAT file, the .MAN extension blocks > writability. To be usable by a group of users the profile needs to be set > so that the ACE includes that group. The group can either be a global > group, or the global/local group called "Everyone".
I'm interested in how this lot works - the .man stops NT uploading the changes - but does it still need write permissions or not? I'm just worried about users deliberately messing with their profiles. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
