John, > I would like to figure out how to do this > gpedit.msc+AD+gpc+gpt magic for > win2k/xp with linux+samba(2.2/3.0/tng)+openldap and is it possible at > all?
We use local (!) GPOs on our Win2k clients with great success: - log on to "master" workstation as administrator - create a link to the "C:\WINNT\system32\GroupPolicy" folder on your administrator's desktop - optionally add gpedit.msc to mmc (add snapin ...) - change settings in GPOs to fit your needs or your company's security policy (especially admin templates) - export and import on other workstations or clone "master" workstation Please bear in mind that LGPOs affect ALL local users and Samba domain users, including the local administrator account. So be careful when changing the LGPOs since the user-specific policy settings are immediately effective! Administrators control can be retained by denying read access on the GroupPolicy folder, logging off and logging on again. This trick probably won't work on WinXP any more, so you will need to find a different solution. Please post your findings, especially if an alternative for WinXP and/or central policy management is at all possible. Good luck, Uli -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
