1 files changed, 178 insertions, 0 deletions
diff --git a/docs/docbook/projdoc/AdvancedNetworkAdmin.sgml b/docs/docbook/projdoc/AdvancedNetworkAdmin.sgml
new file mode 100644
index 0000000000..fe0774810b
--- /dev/null
+++ b/docs/docbook/projdoc/AdvancedNetworkAdmin.sgml
@@ -0,0 +1,178 @@
+<chapter id="AdvancedNetworkManagement">
+<chapterinfo>
+        <author>
+                <firstname>John H</firstname><surname>Terpstra</surname>
+                <affiliation>
+                        <orgname>Samba Team</orgname>
+                        <address>
+                        <email>jht@samba.org</email>
+                        </address>
+                </affiliation>
+        </author>
+        <pubdate>April 3 2003</pubdate>
+</chapterinfo>
+
+<title>Advanced Network Manangement</title>
+
+<para>
+This section attempts to document peripheral issues that are of great importance to network
+administrators who want to improve network resource access control, to automate the user
+environment, and to make their lives a little easier.
+</para>
+
+<sect1>
+<title>Configuring Samba Share Access Controls</title>
+
+<para>
+This section deals with how to configure Samba per share access control restrictions.
+By default samba sets no restrictions on the share itself. Restrictions on the share itself
+can be set on MS Windows NT4/200x/XP shares. This can be a very effective way to limit who can
+connect to a share. In the absence of specific restrictions the default setting is to allow
+the global user <emphasis>Everyone</emphasis> Full Control (ie: Full control, Change and Read).
+</para>
+
+<para>
+At this time Samba does NOT provide a tool for configuring access control setting on the Share
+itself. Samba does have the capacity to store and act on access control settings, but  the only
+way to create those settings is to use either the NT4 Server Manager or the Windows 200x MMC for
+Computer Management.
+</para>
+
+<para>
+Samba stores the per share access control settings in a file called <filename>share_info.tdb</filename>.
+The location of this file on your system will depend on how samba was compiled. The default location
+for samba's tdb files is under <filename>/usr/local/samba/var</filename>. If the <filename>tdbdump</filename>
+utility has been compiled and installed on your system then you can examine the contents of this file
+by: <filename>tdbdump share_info.tdb</filename>.
+</para>
+
+<sect2>
+<title>Share Permissions Management</title>
+
+<para>
+The best tool for the task is platform dependant. Choose the best tool for your environmemt.
+</para>
+
+<sect3>
+<title>Windows NT4 Workstation/Server</title>
+<para>
+The tool you need to use to manage share permissions on a Samba server is the NT Server Manager.
+Server Manager is shipped with Windows NT4 Server products but not with Windows NT4 Workstation.
+You can obtain the NT Server Manager for MS Windows NT4 Workstation from Microsoft - see details below.
+</para>
+
+<para>
+Instructions:
+</para>
+
+	<para>
+	Launch the NT4 Server Manager, click on the Samba server you want to administer, then from the menu
+	select Computer, then click on the Shared Directories entry.
+	</para>
+
+	<para>
+	Now click on the share that you wish to manage, then click on the Properties tab, next click on
+	the Permissions tab. Now you can Add or change access control settings as you wish.
+	</para>
+
+</sect3>
+
+<sect3>
+<title>Windows 200x/XP</title>
+
+<para>
+On MS Windows NT4/200x/XP system access control lists on the share itself are set using native
+tools, usually from filemanager. For example, in Windows 200x: right click on the shared folder,
+then select 'Sharing', then click on 'Permissions'. The default Windows NT4/200x permission allows
+<emphasis>Everyone</emphasis> Full Control on the Share.
+</para>
+
+<para>
+MS Windows 200x and later all comes with a tool called the 'Computer Management' snap-in for the
+Microsoft Management Console (MMC). This tool is located by clicking on <filename>Control Panel ->
+Administrative Tools -> Computer Management</filename>.
+</para>
+
+<para>
+Instructions:
+</para>
+	<para>
+	After launching the MMC with the Computer Management snap-in, click on the menu item 'Action',
+	select 'Connect to another computer'. If you are not logged onto a domain you will be prompted
+	to enter a domain login user identifier and a password. This will authenticate you to the domain.
+	If you where already logged in with administrative privilidge this step is not offered.
+	</para>
+
+	<para>
+	If the Samba server is not shown in the Select Computer box, then type in the name of the target
+	Samba server in the field 'Name:'. Now click on the [+] next to 'System Tools', then on the [+]
+	next to 'Shared Folders' in the left panel.
+	</para>
+
+	<para>
+	Now in the right panel, double-click on the share you wish to set access control permissions on.
+	Then click on the tab 'Share Permissions'. It is now possible to add access control entities
+	to the shared folder. Do NOT forget to set what type of access (full control, change, read) you
+	wish to assign for each entry.
+	</para>
+
+	<note>
+	<para>
+	Be careful. If you take away all permissions from the Everyone user without removing this user
+	then effectively no user will be able to access the share. This is a result of what is known as
+	ACL precidence. ie: Everyone with NO ACCESS means that MaryK who is part of the group Everyone
+	will have no access even if this user is given explicit full control access.
+	</para>
+	</note>
+
+</sect3>
+</sect2>
+</sect1>
+
+<sect1>
+<title>Remote Server Administration</title>
+
+<para>
+<emphasis>How do I get 'User Manager' and 'Server Manager'?</emphasis>
+</para>
+
+<para>
+Since I don't need to buy an NT4 Server, how do I get the 'User Manager for Domains',
+the 'Server Manager'?
+</para>
+
+<para>
+Microsoft distributes a version of these tools called nexus for installation on Windows 9x / Me
+systems.  The tools set includes:
+</para>
+
+<itemizedlist>
+	<listitem><para>Server Manager</para></listitem> 
+	
+	<listitem><para>User Manager for Domains</para></listitem> 
+
+	<listitem><para>Event Viewer</para></listitem> 
+</itemizedlist>
+
+<para>
+Click here to download the archived file <ulink 
+url="ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE">ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE</ulink>
+</para>
+
+<para>
+The Windows NT 4.0 version of the 'User Manager for 
+Domains' and 'Server Manager' are available from Microsoft via ftp 
+from <ulink url="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE">ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE</ulink>
+</para>
+
+</sect1>
+<sect1>
+<title>Network Logon Script Magic</title>
+
+<para>
+This section needs work. Volunteer contributions most welcome. Please send your patches or updates
+to jht@samba.org.
+</para>
+
+</chapter>
+