Re: [Samba] group policies, domain policies and workstation policies without Active Directory??
On Mon, 8 Dec 2003 09:47:36 +0200 (EET) Hannu Tikka wrote: > Haven't tested this yet, but I have thought to create a scheduled task > which runs on Administrator privileges a .bat from netlogon share at every > logon. To that .bat I can put all updates that needs to run with > Administrator rights. > Does this sound like a potential solution? yes, of course... good old cron on unix systems ;-) what I'm not very sure is how to apply specific constrains to specify users, since they all members of the domain. How should I craft the .reg file I import on the registry? -- Window$ Macht Frei! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] group policies, domain policies and workstation policies without Active Directory??
> On Sat, 06 Dec 2003 15:47:32 -0600 > Andrew Gaffney wrote: > >> [EMAIL PROTECTED] wrote: >> > I have the following situation: a network with 30 Windows NT Server on >> > different sites, 800 clients with Windows XP; I want to migrate to >> Samba >> > instead of Windows 2003 Server, but I have the effort to manage group >> > policies, domain policies and workstation policies on the XP Clients; > >> Do you really want to apply the XP registry hack to 800 clients? >> Although, >> it may no longer be necessary if you're using 3.0. Does anyone know? > > what hack are you talking about? (I'm really interested in doing this > since > I've posted several questions on this same list before). > > My approach was like this : > > - Samba 3 server > - Windows XP client machines > - Roaming profiles stored on the server > - The client machines execute a script on logon that tries to load a > specially customized .reg file, but fails doing it because the user that > logs won't have priviledges enough to modify the registry (entries con > "hkey_current_user - HKU" or similar) > > this didn't work... any ideas? :-) > Haven't tested this yet, but I have thought to create a scheduled task which runs on Administrator privileges a .bat from netlogon share at every logon. To that .bat I can put all updates that needs to run with Administrator rights. Does this sound like a potential solution? Of course I have to create that scheduled task on every machine, but after that everything should be quite automatic. Hannu -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] group policies, domain policies and workstation policies without Active Directory??
On Sat, 06 Dec 2003 16:21:16 -0600 Andrew Gaffney wrote: > kyle wrote: > > > what hack are you talking about? (I'm really interested in doing this > > since I've posted several questions on this same list before). > > The hack I'm refering to involves turning off the 'Sign or Seal' option in > the registry of Windows XP because Samba 2.2.x didn't support this > feature. ops... I though you meant something realted to user policies (desktop lockdown) or something like that... as on the first email :-) -- Window$ Macht Frei! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] group policies, domain policies and workstation policies without Active Directory??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 kyle írta: | On Sat, 06 Dec 2003 15:47:32 -0600 | Andrew Gaffney wrote: | | |>[EMAIL PROTECTED] wrote: |> |>>I have the following situation: a network with 30 Windows NT Server on |>>different sites, 800 clients with Windows XP; I want to migrate to Samba |>>instead of Windows 2003 Server, but I have the effort to manage group |>>policies, domain policies and workstation policies on the XP Clients; | | |>Do you really want to apply the XP registry hack to 800 clients? Although, |>it may no longer be necessary if you're using 3.0. Does anyone know? | | | what hack are you talking about? (I'm really interested in doing this since | I've posted several questions on this same list before). | | My approach was like this : | | - Samba 3 server | - Windows XP client machines | - Roaming profiles stored on the server | - The client machines execute a script on logon that tries to load a | specially customized .reg file, but fails doing it because the user that | logs won't have priviledges enough to modify the registry (entries con | "hkey_current_user - HKU" or similar) | | this didn't work... any ideas? :-) | | | | | If you create with NT4 Servers, or Win2k servers poledit.exe a file named NTConfig.POL and place it to the netlogon share of your Samba 3 server, then you are ready to go, as for beeing member for a Samba 3 server controled domain doesn't require patching XP's registry anymore. The only problems are in clients don't recognizing some details of the policy file. E.g. Win2k/XP clients fail to remove the name of the last loged in user from the logon window. You should see if the aplicable enforcements would suffice your needs. About trying to apply reg files at logon, such tricks work for Win9x/Me because there the registry is world writable, but WinNT/2k/XP/2k3 has some security restrictions, and you can control a relatively small amount of settings this way. However if you know that some registry settings are working for you, you could try to write an .adm file for it, which you could use with poledit.exe Good Luck! Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/0loO/PxuIn+i1pIRAuyAAKCyRBZvCkAmBVV/WaYx45TpPJPvSwCgqhJN cJVjOf5NBJ+TIuWJ+H/oL7M= =5h3O -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] group policies, domain policies and workstation policies without Active Directory??
kyle wrote: On Sat, 06 Dec 2003 15:47:32 -0600 Andrew Gaffney wrote: [EMAIL PROTECTED] wrote: I have the following situation: a network with 30 Windows NT Server on different sites, 800 clients with Windows XP; I want to migrate to Samba instead of Windows 2003 Server, but I have the effort to manage group policies, domain policies and workstation policies on the XP Clients; Do you really want to apply the XP registry hack to 800 clients? Although, it may no longer be necessary if you're using 3.0. Does anyone know? what hack are you talking about? (I'm really interested in doing this since I've posted several questions on this same list before). My approach was like this : - Samba 3 server - Windows XP client machines - Roaming profiles stored on the server - The client machines execute a script on logon that tries to load a specially customized .reg file, but fails doing it because the user that logs won't have priviledges enough to modify the registry (entries con "hkey_current_user - HKU" or similar) this didn't work... any ideas? :-) The hack I'm refering to involves turning off the 'Sign or Seal' option in the registry of Windows XP because Samba 2.2.x didn't support this feature. -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] group policies, domain policies and workstation policies without Active Directory??
On Sat, 06 Dec 2003 15:47:32 -0600 Andrew Gaffney wrote: > [EMAIL PROTECTED] wrote: > > I have the following situation: a network with 30 Windows NT Server on > > different sites, 800 clients with Windows XP; I want to migrate to Samba > > instead of Windows 2003 Server, but I have the effort to manage group > > policies, domain policies and workstation policies on the XP Clients; > Do you really want to apply the XP registry hack to 800 clients? Although, > it may no longer be necessary if you're using 3.0. Does anyone know? what hack are you talking about? (I'm really interested in doing this since I've posted several questions on this same list before). My approach was like this : - Samba 3 server - Windows XP client machines - Roaming profiles stored on the server - The client machines execute a script on logon that tries to load a specially customized .reg file, but fails doing it because the user that logs won't have priviledges enough to modify the registry (entries con "hkey_current_user - HKU" or similar) this didn't work... any ideas? :-) -- Window$ Macht Frei! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] group policies, domain policies and workstation policies without Active Directory??
On Sat, 06 Dec 2003 21:46:03 +0100 Gémes Géza wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > [EMAIL PROTECTED] írta: > | I have the following situation: a network with 30 Windows NT Server on > | different sites, 800 clients with Windows XP; I want to migrate to Samba > | instead of Windows 2003 Server, but I have the effort to manage group > | policies, domain policies and workstation policies on the XP Clients; > > You can have NTConfig.POL based policies (we have had such a config here > from as early as samba 2.2.5), just like with NT4 Server, but no GPO > policies, which relies on Active Directory. are you *sure* on that? I keep reading on every doc that's not possible for win2k/xp client machines... Event the samba doc keeps saying that :-P -- Window$ Macht Frei! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] group policies, domain policies and workstation policies without Active Directory??
[EMAIL PROTECTED] wrote: I have the following situation: a network with 30 Windows NT Server on different sites, 800 clients with Windows XP; I want to migrate to Samba instead of Windows 2003 Server, but I have the effort to manage group policies, domain policies and workstation policies on the XP Clients; is there a way to solve this without Active Directory e.g. Samba with LDAP?? Do you really want to apply the XP registry hack to 800 clients? Although, it may no longer be necessary if you're using 3.0. Does anyone know? -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] group policies, domain policies and workstation policies without Active Directory??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] írta: | I have the following situation: a network with 30 Windows NT Server on | different sites, 800 clients with Windows XP; I want to migrate to Samba | instead of Windows 2003 Server, but I have the effort to manage group | policies, domain policies and workstation policies on the XP Clients; | | is there a way to solve this without Active Directory e.g. Samba with | LDAP?? | | Michael Ruzek | | | You can have NTConfig.POL based policies (we have had such a config here from as early as samba 2.2.5), just like with NT4 Server, but no GPO policies, which relies on Active Directory. Good Luck! Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/0kAL/PxuIn+i1pIRAnkmAKCKJXrSBm8WHvvmpTwwo605ziXVbgCfbG/T /IrBu2NlD8Le8VyhIyCg7VY= =hA8R -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] group policies, domain policies and workstation policies without Active Directory??
I have the following situation: a network with 30 Windows NT Server on different sites, 800 clients with Windows XP; I want to migrate to Samba instead of Windows 2003 Server, but I have the effort to manage group policies, domain policies and workstation policies on the XP Clients; is there a way to solve this without Active Directory e.g. Samba with LDAP?? Michael Ruzek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba