summaryrefslogtreecommitdiff
path: root/docs/htmldocs/groupprofiles.html
diff options
context:
space:
mode:
Diffstat (limited to 'docs/htmldocs/groupprofiles.html')
-rw-r--r--docs/htmldocs/groupprofiles.html565
1 files changed, 565 insertions, 0 deletions
diff --git a/docs/htmldocs/groupprofiles.html b/docs/htmldocs/groupprofiles.html
new file mode 100644
index 0000000000..c9184032aa
--- /dev/null
+++ b/docs/htmldocs/groupprofiles.html
@@ -0,0 +1,565 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<HTML
+><HEAD
+><TITLE
+>Creating Group Profiles</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
+REL="HOME"
+TITLE="SAMBA Project Documentation"
+HREF="samba-howto-collection.html"><LINK
+REL="UP"
+TITLE="Optional configuration"
+HREF="optional.html"><LINK
+REL="PREVIOUS"
+TITLE="Samba performance issues"
+HREF="speed.html"><LINK
+REL="NEXT"
+TITLE="Appendixes"
+HREF="appendixes.html"></HEAD
+><BODY
+CLASS="CHAPTER"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="NAVHEADER"
+><TABLE
+SUMMARY="Header navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TH
+COLSPAN="3"
+ALIGN="center"
+>SAMBA Project Documentation</TH
+></TR
+><TR
+><TD
+WIDTH="10%"
+ALIGN="left"
+VALIGN="bottom"
+><A
+HREF="speed.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="80%"
+ALIGN="center"
+VALIGN="bottom"
+></TD
+><TD
+WIDTH="10%"
+ALIGN="right"
+VALIGN="bottom"
+><A
+HREF="appendixes.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+></TABLE
+><HR
+ALIGN="LEFT"
+WIDTH="100%"></DIV
+><DIV
+CLASS="CHAPTER"
+><H1
+><A
+NAME="GROUPPROFILES"
+></A
+>Chapter 20. Creating Group Profiles</H1
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3123"
+></A
+>20.1. Windows '9x</H1
+><P
+>You need the Win98 Group Policy Editor to
+set Group Profiles up under Windows '9x. It can be found on the Original
+full product Win98 installation CD under
+<TT
+CLASS="FILENAME"
+>tools/reskit/netadmin/poledit</TT
+>. You install this
+using the Add/Remove Programs facility and then click on the 'Have Disk'
+tab.</P
+><P
+>Use the Group Policy Editor to create a policy file that specifies the
+location of user profiles and/or the <TT
+CLASS="FILENAME"
+>My Documents</TT
+> etc.
+stuff. You then save these settings in a file called
+<TT
+CLASS="FILENAME"
+>Config.POL</TT
+> that needs to be placed in
+the root of the [NETLOGON] share. If your Win98 is configured to log onto
+the Samba Domain, it will automatically read this file and update the
+Win98 registry of the machine that is logging on.</P
+><P
+>All of this is covered in the Win98 Resource Kit documentation.</P
+><P
+>If you do not do it this way, then every so often Win98 will check the
+integrity of the registry and will restore it's settings from the back-up
+copy of the registry it stores on each Win98 machine. Hence, you will notice
+things changing back to the original settings.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3132"
+></A
+>20.2. Windows NT 4</H1
+><P
+>Unfortunately, the Resource Kit info is Win NT4/2K version specific.</P
+><P
+>Here is a quick guide:</P
+><P
+></P
+><UL
+><LI
+><P
+>On your NT4 Domain Controller, right click on 'My Computer', then
+select the tab labelled 'User Profiles'.</P
+></LI
+><LI
+><P
+>Select a user profile you want to migrate and click on it.</P
+><DIV
+CLASS="NOTE"
+><P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="90%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+>I am using the term &quot;migrate&quot; lossely. You can copy a profile to
+create a group profile. You can give the user 'Everyone' rights to the
+profile you copy this to. That is what you need to do, since your samba
+domain is not a member of a trust relationship with your NT4 PDC.</P
+></TD
+></TR
+></TABLE
+></DIV
+></LI
+><LI
+><P
+>Click the 'Copy To' button.</P
+></LI
+><LI
+><P
+>In the box labelled 'Copy Profile to' add your new path, eg:
+<TT
+CLASS="FILENAME"
+>c:\temp\foobar</TT
+></P
+></LI
+><LI
+><P
+>Click on the button labelled 'Change' in the "Permitted to use" box.</P
+></LI
+><LI
+><P
+>Click on the group 'Everyone' and then click OK. This closes the
+'chose user' box.</P
+></LI
+><LI
+><P
+>Now click OK.</P
+></LI
+></UL
+><P
+>Follow the above for every profile you need to migrate.</P
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN3155"
+></A
+>20.2.1. Side bar Notes</H2
+><P
+>You should obtain the SID of your NT4 domain. You can use smbpasswd to do
+this. Read the man page.</P
+><P
+>With Samba-3.0.0 alpha code you can import all you NT4 domain accounts
+using the net samsync method. This way you can retain your profile
+settings as well as all your users.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN3159"
+></A
+>20.2.2. Mandatory profiles</H2
+><P
+>The above method can be used to create mandatory profiles also. To convert
+a group profile into a mandatory profile simply locate the NTUser.DAT file
+in the copied profile and rename it to NTUser.MAN.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN3162"
+></A
+>20.2.3. moveuser.exe</H2
+><P
+>The W2K professional resource kit has moveuser.exe. moveuser.exe changes
+the security of a profile from one user to another. This allows the account
+domain to change, and/or the user name to change.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN3165"
+></A
+>20.2.4. Get SID</H2
+><P
+>You can identify the SID by using GetSID.exe from the Windows NT Server 4.0
+Resource Kit.</P
+><P
+>Windows NT 4.0 stores the local profile information in the registry under
+the following key:
+HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList</P
+><P
+>Under the ProfileList key, there will be subkeys named with the SIDs of the
+users who have logged on to this computer. (To find the profile information
+for the user whose locally cached profile you want to move, find the SID for
+the user with the GetSID.exe utility.) Inside of the appropriate user's
+subkey, you will see a string value named ProfileImagePath.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3170"
+></A
+>20.3. Windows 2000/XP</H1
+><P
+>You must first convert the profile from a local profile to a domain
+profile on the MS Windows workstation as follows:</P
+><P
+></P
+><UL
+><LI
+><P
+>Log on as the LOCAL workstation administrator.</P
+></LI
+><LI
+><P
+>Right click on the 'My Computer' Icon, select 'Properties'</P
+></LI
+><LI
+><P
+>Click on the 'User Profiles' tab</P
+></LI
+><LI
+><P
+>Select the profile you wish to convert (click on it once)</P
+></LI
+><LI
+><P
+>Click on the button 'Copy To'</P
+></LI
+><LI
+><P
+>In the "Permitted to use" box, click on the 'Change' button.</P
+></LI
+><LI
+><P
+>Click on the 'Look in" area that lists the machine name, when you click
+here it will open up a selection box. Click on the domain to which the
+profile must be accessible.</P
+><DIV
+CLASS="NOTE"
+><P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="90%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+>You will need to log on if a logon box opens up. Eg: In the connect
+as: MIDEARTH\root, password: mypassword.</P
+></TD
+></TR
+></TABLE
+></DIV
+></LI
+><LI
+><P
+>To make the profile capable of being used by anyone select 'Everyone'</P
+></LI
+><LI
+><P
+>Click OK. The Selection box will close.</P
+></LI
+><LI
+><P
+>Now click on the 'Ok' button to create the profile in the path you
+nominated.</P
+></LI
+></UL
+><P
+>Done. You now have a profile that can be editted using the samba-3.0.0
+profiles tool.</P
+><DIV
+CLASS="NOTE"
+><P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+>Under NT/2K the use of mandotory profiles forces the use of MS Exchange
+storage of mail data. That keeps desktop profiles usable.</P
+></TD
+></TR
+></TABLE
+></DIV
+><DIV
+CLASS="NOTE"
+><P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+></P
+><UL
+><LI
+><P
+>This is a security check new to Windows XP (or maybe only
+Windows XP service pack 1). It can be disabled via a group policy in
+Active Directory. The policy is:</P
+><P
+>"Computer Configuration\Administrative Templates\System\User
+Profiles\Do not check for user ownership of Roaming Profile Folders"</P
+><P
+>...and it should be set to "Enabled".
+Does the new version of samba have an Active Directory analogue? If so,
+then you may be able to set the policy through this.</P
+><P
+>If you cannot set group policies in samba, then you may be able to set
+the policy locally on each machine. If you want to try this, then do
+the following (N.B. I don't know for sure that this will work in the
+same way as a domain group policy):</P
+></LI
+><LI
+><P
+>On the XP workstation log in with an Administrator account.</P
+></LI
+><LI
+><P
+>Click: "Start", "Run"</P
+></LI
+><LI
+><P
+>Type: "mmc"</P
+></LI
+><LI
+><P
+>Click: "OK"</P
+></LI
+><LI
+><P
+>A Microsoft Management Console should appear.</P
+></LI
+><LI
+><P
+>Click: File, "Add/Remove Snap-in...", "Add"</P
+></LI
+><LI
+><P
+>Double-Click: "Group Policy"</P
+></LI
+><LI
+><P
+>Click: "Finish", "Close"</P
+></LI
+><LI
+><P
+>Click: "OK"</P
+></LI
+><LI
+><P
+>In the "Console Root" window:</P
+></LI
+><LI
+><P
+>Expand: "Local Computer Policy", "Computer Configuration",</P
+></LI
+><LI
+><P
+>"Administrative Templates", "System", "User Profiles"</P
+></LI
+><LI
+><P
+>Double-Click: "Do not check for user ownership of Roaming Profile</P
+></LI
+><LI
+><P
+>Folders"</P
+></LI
+><LI
+><P
+>Select: "Enabled"</P
+></LI
+><LI
+><P
+>Click: OK"</P
+></LI
+><LI
+><P
+>Close the whole console. You do not need to save the settings (this
+refers to the console settings rather than the policies you have
+changed).</P
+></LI
+><LI
+><P
+>Reboot</P
+></LI
+></UL
+></TD
+></TR
+></TABLE
+></DIV
+></DIV
+></DIV
+><DIV
+CLASS="NAVFOOTER"
+><HR
+ALIGN="LEFT"
+WIDTH="100%"><TABLE
+SUMMARY="Footer navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+><A
+HREF="speed.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+><A
+HREF="samba-howto-collection.html"
+ACCESSKEY="H"
+>Home</A
+></TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+><A
+HREF="appendixes.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+>Samba performance issues</TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+><A
+HREF="optional.html"
+ACCESSKEY="U"
+>Up</A
+></TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+>Appendixes</TD
+></TR
+></TABLE
+></DIV
+></BODY
+></HTML
+> \ No newline at end of file