Tomasz Chmielewski schrieb:
Robert Schetterer schrieb:
Tomasz Chmielewski schrieb:
Tomasz Chmielewski schrieb:
I'm just exploring the Profile Editor, described on
http://www.pcc-services.com/custom_poledit.html - and policies
saved to NTConfig.pol file and copied to the netlogon share work
great for Windows XP machines.
However, with Windows 2000, they don't work at all. Winh XP
machines - policies are applied.
I see in Samba logs that the NTConfig.pol is copied from the server
to the w2k workstation, but it has no effect.
This Profile Editor is designed for Windows 2000, as it was shipped
with w2k SP4, so I expected it will work with 2000.
Am I missing something?
I searched the internet, but no clue about the issue :(
In the event log it is as eventid: 1000, source: uservenv, and in
the log itself it says something like (translated from German):
RegLoadKey aborted. Returned value "False Parameter." for
C:\Documents and Settings\Administrator.DOMAIN\prfCA.tmp
prfCA.tmp (and other such tmp files) are the exact copy of the
NTConfig.POL that is saved in the netlogon directory.
I tried creating other NTConfig.POL files (with only basic setting
like IE start site), but this message just shows all the time, and
settings are not applied.
Any clue?
I use Windows 2000 SP4, and Samba 3.0.20.
Windows XP works fine with NTConfig.POL files and the same Samba.
this ist stuff need to be fixed in the profile share
should be like this
[profiles]
path = /var/lib/samba/profiles
# vfs objects = extd_audit
read only = no
create mask = 0755
directory mask = 0755
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
force user = %U
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
locking = No
oplocks = False
level2 oplocks = False
# valid users = %U, @"Domain Admins"
why [profiles]?
as it's explained here: https://bugzilla.samba.org/show_bug.cgi?id=3042
one has to put this into [netlogon] share:
acl check permissions = no
hi,
C:\Documents and Settings\Administrator.DOMAIN\prfCA.tmp is in the users
profile
and in know this behavior
and fixed it with this entries in profile share
my netlogon share is like this
[netlogon]
path = /var/lib/samba/netlogon/
vfs objects = vscan-clamav, extd_audit
read only = no
public = yes
write list = @"Domain Admins"
create mask = 0755
directory mask = 0755
browseable = No
locking = No
oplocks = False
level2 oplocks = False
the prfCA.tmp always comes up for me when the win client crashes at
backwriting ( power loss etc )
the profile to the server , after reboot this file has the wrong
permissions an cant be loaded from the server profile
so a profile failure apears with this file.
I cant image what setting acl check permissions = no in the netlogon
share should be involved to this failure
i only use server profile no caching on the clients , controlled by adms,
i dont wanna struggle with bugzilla but i see no relation to the
netlogon share as it only a share for the scripts neeeded
at login time, but has nothing to do with C:\Documents and
Settings\Administrator.DOMAIN\
which is always part of the profile, but after all setting the parameter
acl check permissions = no mabe a good idea at all cause it will help
against failures with acls in the netlogon and the profile share,
perhaps John has som clearing words.
I guess setting create mask = 0755 directory mask = 0755 fixes this
failure too, but that could a security lack at all, and will not like by
some people or network setups.
Regards
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
