More docs.

(This used to be commit c34b11221a9b50972662a179b1b61d3a1e4a1792)

3 files changed, 176 insertions, 1 deletions

diff --git a/docs/docbook/projdoc/AdvancedNetworkAdmin.sgml b/docs/docbook/projdoc/AdvancedNetworkAdmin.sgml
index 58bc9a444e..39fda9768d 100644
--- a/docs/docbook/projdoc/AdvancedNetworkAdmin.sgml
+++ b/docs/docbook/projdoc/AdvancedNetworkAdmin.sgml
@@ -163,5 +163,112 @@ This section needs work. Volunteer contributions most welcome. Please send your
 to <ulink url="mailto:jht@samba.org">John Terpstra</ulink>.
 </para>
 
+<para>
+There are several opportunities for creating a custom network startup configuration environment.
+</para>
+<
+<simplelist>
+	<member><para>No Logon Script</para></member>
+	<member><para>Simple universal Logon Script that applies to all users</para></member>
+	<member><para>Use of a conditional Logon Script that applies per user or per group attirbutes</para></member>
+	<member><para>Use of Samba's Preexec and Postexec functions on access to the NETLOGON share to create
+	a custom Logon Script and then execute it.</para></member>
+	<member><para>User of a tool such as KixStart</para></member>
+</simplelist>
+
+<para>
+The Samba source code tree includes two logon script generation/execution tools. See <filename>examples</filename> directory <filename>genlogon</filename> and <filename>ntlogon</filename> subdirectories.
+</para>
+
+<para>
+The following listings are from the genlogon directory.
+</para>
+
+<programlisting<para>
+This is the genlogon.pl file:
+
+	#!/usr/bin/perl
+	#
+	# genlogon.pl
+	#
+	# Perl script to generate user logon scripts on the fly, when users
+	# connect from a Windows client.  This script should be called from smb.conf
+	# with the %U, %G and %L parameters. I.e:
+	#
+	#       root preexec = genlogon.pl %U %G %L
+	#
+	# The script generated will perform
+	# the following:
+	#
+	# 1. Log the user connection to /var/log/samba/netlogon.log
+	# 2. Set the PC's time to the Linux server time (which is maintained
+	#    daily to the National Institute of Standard's Atomic clock on the
+	#    internet.
+	# 3. Connect the user's home drive to H: (H for Home).
+	# 4. Connect common drives that everyone uses.
+	# 5. Connect group-specific drives for certain user groups.
+	# 6. Connect user-specific drives for certain users.
+	# 7. Connect network printers.
+
+	# Log client connection
+	#($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
+	($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
+	open LOG, ">>/var/log/samba/netlogon.log";
+	print LOG "$mon/$mday/$year $hour:$min:$sec - User $ARGV[0] logged into $ARGV[1]\n";
+	close LOG;
+
+	# Start generating logon script
+	open LOGON, ">/shared/netlogon/$ARGV[0].bat";
+	print LOGON "\@ECHO OFF\r\n";
+
+	# Connect shares just use by Software Development group
+	if ($ARGV[1] eq "SOFTDEV" || $ARGV[0] eq "softdev")
+	{
+		print LOGON "NET USE M: \\\\$ARGV[2]\\SOURCE\r\n";
+	}
+
+	# Connect shares just use by Technical Support staff
+	if ($ARGV[1] eq "SUPPORT" || $ARGV[0] eq "support")
+	{
+		print LOGON "NET USE S: \\\\$ARGV[2]\\SUPPORT\r\n";
+	}
+
+	# Connect shares just used by Administration staff
+	If ($ARGV[1] eq "ADMIN" || $ARGV[0] eq "admin")
+	{
+		print LOGON "NET USE L: \\\\$ARGV[2]\\ADMIN\r\n";
+		print LOGON "NET USE K: \\\\$ARGV[2]\\MKTING\r\n";
+	}
+
+	# Now connect Printers.  We handle just two or three users a little
+	# differently, because they are the exceptions that have desktop
+	# printers on LPT1: - all other user's go to the LaserJet on the
+	# server.
+	if ($ARGV[0] eq 'jim'
+	    || $ARGV[0] eq 'yvonne')
+	{
+		print LOGON "NET USE LPT2: \\\\$ARGV[2]\\LJET3\r\n";
+		print LOGON "NET USE LPT3: \\\\$ARGV[2]\\FAXQ\r\n";
+	}
+	else
+	{
+		print LOGON "NET USE LPT1: \\\\$ARGV[2]\\LJET3\r\n";
+		print LOGON "NET USE LPT3: \\\\$ARGV[2]\\FAXQ\r\n";
+	}
+
+	# All done! Close the output file.
+	close LOGON;
+</para></programlisting>
+
+<para>
+Those wishing to use more elaborate or capable logon processing system should check out the following sites:
+</para>
+
+<simplelist>
+	<member><para>http://www.craigelachie.org/rhacer/ntlogon</para></member>
+	<member><para>http://www.kixtart.org</para></member>
+</simplelist>
+
+</sect1>
 </chapter>
 
diff --git a/docs/docbook/projdoc/NT4Migration.sgml b/docs/docbook/projdoc/NT4Migration.sgml
index 2f1384d527..3ff2fa1e7e 100644
--- a/docs/docbook/projdoc/NT4Migration.sgml
+++ b/docs/docbook/projdoc/NT4Migration.sgml
@@ -32,10 +32,13 @@ This is not a definitive ste-by-step process yet - just a place holder so the in
 is not lost.
 
 1. You will have an NT4 PDC that has the users, groups, policies and profiles to be migrated
+
 2. Samba-3 set up as a DC with netlogon share, profile share, etc.
+
 3. Process:
 	a. Create a BDC account for the samba server using NT Server Manager
 		- Samba must NOT be running
+
 	b. rpcclient NT4PDC -U Administrator%passwd
 		lsaquery
 
diff --git a/docs/docbook/projdoc/PolicyMgmt.sgml b/docs/docbook/projdoc/PolicyMgmt.sgml
index 867f5740e7..35519d750c 100644
--- a/docs/docbook/projdoc/PolicyMgmt.sgml
+++ b/docs/docbook/projdoc/PolicyMgmt.sgml
@@ -51,7 +51,7 @@ be read and understood. Try searching on the Microsoft web site for "Group Polic
 </para>
 
 <para>
-What follows is a very discussion with some helpful notes. The information provided
+What follows is a very brief discussion with some helpful notes. The information provided
 here is incomplete - you are warned.
 </para>
 
@@ -314,4 +314,69 @@ man pages for these tools and become familiar with their use.
 
 </sect1>
 
+<sect1>
+<title>System Startup and Logon Processing Overview</title>
+
+<para>
+The following attempts to document the order of processing of system and user policies following a system
+reboot and as part of the user logon:
+</para>
+
+<orderedlist>
+	<listitem><para>
+	Network starts, then Remote Procedure Call System Service (RPCSS) and Multiple Universal Naming
+	Convention Provider (MUP) start
+	</para></listitem>
+
+	<listitem><para>
+	Where Active Directory is involved, an ordered list of Group Policy Objects (GPOs) is downloaded
+	and applied. The list may include GPOs that:
+<simplelist>
+	<member>Apply to the location of machines in a Directory</member>
+	<member>Apply only when settings have changed</member>
+	<member>Depend on configuration of scope of applicability: local, site, domain, organizational unit, etc.</member>
+</simplelist>
+	No desktop user interface is presented until the above have been processed.
+	</para></listitem>
+
+	<listitem><para>
+	Execution of start-up scripts (hidden and synchronous by defaut).
+	</para></listitem>
+
+	<listitem><para>
+	A keyboard action to affect start of logon (Ctrl-Alt-Del).
+	</para></listitem>
+
+	<listitem><para>
+	User credentials are validated, User profile is loaded (depends on policy settings).
+	</para></listitem>
+
+	<listitem><para>
+	An ordered list of User GPOs is obtained. The list contents depends on what is configured in respsect of:
+
+<simplelist>
+	<member>Is user a domain member, thus subject to particular policies</member>
+	<member>Loopback enablement, and the state of the loopback policy (Merge or Replace)</member>
+	<member>Location of the Active Directory itself</member>
+	<member>Has the list of GPOs changed. No processing is needed if not changed.</member>
+</simplelist>
+	</para></listitem>
+
+	<listitem><para>
+	User Policies are applied from Active Directory. Note: There are several types.
+	</para></listitem>
+
+	<listitem><para>
+	Logon scripts are run. New to Win2K and Active Directory, logon scripts may be obtained based on Group
+	Policy objects (hidden and executed synchronously). NT4 style logon scripts are then run in a normal
+	window.
+	</para></listitem>
+
+	<listitem><para>
+	The User Interface as determined from the GPOs is presented. Note: In a Samba domain (like and NT4
+	Domain) machine (system) policies are applied at start-up, User policies are applied at logon.
+	</para></listitem>
+</orderedlist>
+
+</sect1>
 </chapter>