Since GPOs are essentially registry entries, it might be somewhat easy to implement a simple program that could give admins that fine-grain control that is missing from NT4-style .pol files.
What I would like to propose is a simple Win32 executable that could read from an encrypted text file (so the end-user can't change the entries) and stick those into the registry via logon scripting. I'm not one of those people that say "OK, here's an idea now someone make it," I'm perfectly willing and able to contribute.
My questions for this are:
- Am I barking up the wrong tree? Is there already another workaround? - Would anyone out there actually use it? - Is it truly practical?
While it doesn't support encrypted files (to my knowledge) I use Kixtart to do all my registry edits in the startup scripts. The program isn't all that actively developed though...
However, the advantage that GPO's had when I used them is that they seem to take effect immediatly where some of the registry edits with kixtart don't... I assume those settings are already read by the time I try and change them. For example, moving the My Documents folder by editing the registry doesn't take effect until the user logs off and back on... with a GPO it's effective the first time...
So if you can find a way to fix that... I'll be there if you need things tested.
Matt
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
