On Sat, 2002-11-23 at 19:01, John H Terpstra wrote: > On 23 Nov 2002, Andrew Bartlett wrote: > > > On Sat, 2002-11-23 at 14:46, xfesty wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > Hiya. > > > > > > Is there anyway to make non changable roaming profiles for all users > > > with XP workstations, and Samba 3.0HEAD from CVS acting as a PDC? > > > > > > I'm setting up a bunch of workstations for an internet cafe, and all > > > users need to basically have the same settings (i.e. desktop icons, > > > Internet Explorer settings, start menu items, etc.) as others, yet not > > > be able to change them. > > > > > > I tried setting the profile dir to the same for all users, and making > > > it read only, but I'm experiencing two problems - > > > > > > (1) XP will refuse to load the profile if its read-only, and > > > (2) XP won't load the profile if it wasn't created by the same user. > > > > > > I'm also finding cookies in IE sometimes aren't being properly set, > > > people can't view hotmail attachments, MSN messenger refuses to work, > > > and a bunch of other oddities. > > > > > > Anyway past this? I remember back when I was using Windows 2K Server > > > as a PDC, it was possible to have this. > > > > If the ntuser.dat is renamed ntuser.man, and you make the profile owned > > by root, read-only to the suer, and you set root to have rid 500 in > > LDAP, does it work? > > > > (ie add root to ldap, then change the RID). > > The SID is stred inside the NTUser.DAT file. Access control (the ACE) is > stored inside the file. That is what Rishard Sharpe was working on > decoding recently. When his work is done we will be able to set our own > ACE's inside the NTUser.DAT file and thus create from any profile a global > per group or a global group mandatory profile. > > Just setting file ownership and permissions does not get one past the > hurdle of the ACE inside the file.
But if we take a 'normal' profile, change the ownership to admin, but don't change the SIDs, can we use it as a mandatory profile for a single user? Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
