diff options
Diffstat (limited to 'docs/htmldocs/groupprofiles.html')
| -rw-r--r-- | docs/htmldocs/groupprofiles.html | 565 |
1 files changed, 565 insertions, 0 deletions
diff --git a/docs/htmldocs/groupprofiles.html b/docs/htmldocs/groupprofiles.html new file mode 100644 index 0000000000..c9184032aa --- /dev/null +++ b/docs/htmldocs/groupprofiles.html @@ -0,0 +1,565 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML +><HEAD +><TITLE +>Creating Group Profiles</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK +REL="HOME" +TITLE="SAMBA Project Documentation" +HREF="samba-howto-collection.html"><LINK +REL="UP" +TITLE="Optional configuration" +HREF="optional.html"><LINK +REL="PREVIOUS" +TITLE="Samba performance issues" +HREF="speed.html"><LINK +REL="NEXT" +TITLE="Appendixes" +HREF="appendixes.html"></HEAD +><BODY +CLASS="CHAPTER" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><DIV +CLASS="NAVHEADER" +><TABLE +SUMMARY="Header navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TH +COLSPAN="3" +ALIGN="center" +>SAMBA Project Documentation</TH +></TR +><TR +><TD +WIDTH="10%" +ALIGN="left" +VALIGN="bottom" +><A +HREF="speed.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="80%" +ALIGN="center" +VALIGN="bottom" +></TD +><TD +WIDTH="10%" +ALIGN="right" +VALIGN="bottom" +><A +HREF="appendixes.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +></TABLE +><HR +ALIGN="LEFT" +WIDTH="100%"></DIV +><DIV +CLASS="CHAPTER" +><H1 +><A +NAME="GROUPPROFILES" +></A +>Chapter 20. Creating Group Profiles</H1 +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN3123" +></A +>20.1. Windows '9x</H1 +><P +>You need the Win98 Group Policy Editor to +set Group Profiles up under Windows '9x. It can be found on the Original +full product Win98 installation CD under +<TT +CLASS="FILENAME" +>tools/reskit/netadmin/poledit</TT +>. You install this +using the Add/Remove Programs facility and then click on the 'Have Disk' +tab.</P +><P +>Use the Group Policy Editor to create a policy file that specifies the +location of user profiles and/or the <TT +CLASS="FILENAME" +>My Documents</TT +> etc. +stuff. You then save these settings in a file called +<TT +CLASS="FILENAME" +>Config.POL</TT +> that needs to be placed in +the root of the [NETLOGON] share. If your Win98 is configured to log onto +the Samba Domain, it will automatically read this file and update the +Win98 registry of the machine that is logging on.</P +><P +>All of this is covered in the Win98 Resource Kit documentation.</P +><P +>If you do not do it this way, then every so often Win98 will check the +integrity of the registry and will restore it's settings from the back-up +copy of the registry it stores on each Win98 machine. Hence, you will notice +things changing back to the original settings.</P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN3132" +></A +>20.2. Windows NT 4</H1 +><P +>Unfortunately, the Resource Kit info is Win NT4/2K version specific.</P +><P +>Here is a quick guide:</P +><P +></P +><UL +><LI +><P +>On your NT4 Domain Controller, right click on 'My Computer', then +select the tab labelled 'User Profiles'.</P +></LI +><LI +><P +>Select a user profile you want to migrate and click on it.</P +><DIV +CLASS="NOTE" +><P +></P +><TABLE +CLASS="NOTE" +WIDTH="90%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +>I am using the term "migrate" lossely. You can copy a profile to +create a group profile. You can give the user 'Everyone' rights to the +profile you copy this to. That is what you need to do, since your samba +domain is not a member of a trust relationship with your NT4 PDC.</P +></TD +></TR +></TABLE +></DIV +></LI +><LI +><P +>Click the 'Copy To' button.</P +></LI +><LI +><P +>In the box labelled 'Copy Profile to' add your new path, eg: +<TT +CLASS="FILENAME" +>c:\temp\foobar</TT +></P +></LI +><LI +><P +>Click on the button labelled 'Change' in the "Permitted to use" box.</P +></LI +><LI +><P +>Click on the group 'Everyone' and then click OK. This closes the +'chose user' box.</P +></LI +><LI +><P +>Now click OK.</P +></LI +></UL +><P +>Follow the above for every profile you need to migrate.</P +><DIV +CLASS="SECT2" +><H2 +CLASS="SECT2" +><A +NAME="AEN3155" +></A +>20.2.1. Side bar Notes</H2 +><P +>You should obtain the SID of your NT4 domain. You can use smbpasswd to do +this. Read the man page.</P +><P +>With Samba-3.0.0 alpha code you can import all you NT4 domain accounts +using the net samsync method. This way you can retain your profile +settings as well as all your users.</P +></DIV +><DIV +CLASS="SECT2" +><H2 +CLASS="SECT2" +><A +NAME="AEN3159" +></A +>20.2.2. Mandatory profiles</H2 +><P +>The above method can be used to create mandatory profiles also. To convert +a group profile into a mandatory profile simply locate the NTUser.DAT file +in the copied profile and rename it to NTUser.MAN.</P +></DIV +><DIV +CLASS="SECT2" +><H2 +CLASS="SECT2" +><A +NAME="AEN3162" +></A +>20.2.3. moveuser.exe</H2 +><P +>The W2K professional resource kit has moveuser.exe. moveuser.exe changes +the security of a profile from one user to another. This allows the account +domain to change, and/or the user name to change.</P +></DIV +><DIV +CLASS="SECT2" +><H2 +CLASS="SECT2" +><A +NAME="AEN3165" +></A +>20.2.4. Get SID</H2 +><P +>You can identify the SID by using GetSID.exe from the Windows NT Server 4.0 +Resource Kit.</P +><P +>Windows NT 4.0 stores the local profile information in the registry under +the following key: +HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList</P +><P +>Under the ProfileList key, there will be subkeys named with the SIDs of the +users who have logged on to this computer. (To find the profile information +for the user whose locally cached profile you want to move, find the SID for +the user with the GetSID.exe utility.) Inside of the appropriate user's +subkey, you will see a string value named ProfileImagePath.</P +></DIV +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN3170" +></A +>20.3. Windows 2000/XP</H1 +><P +>You must first convert the profile from a local profile to a domain +profile on the MS Windows workstation as follows:</P +><P +></P +><UL +><LI +><P +>Log on as the LOCAL workstation administrator.</P +></LI +><LI +><P +>Right click on the 'My Computer' Icon, select 'Properties'</P +></LI +><LI +><P +>Click on the 'User Profiles' tab</P +></LI +><LI +><P +>Select the profile you wish to convert (click on it once)</P +></LI +><LI +><P +>Click on the button 'Copy To'</P +></LI +><LI +><P +>In the "Permitted to use" box, click on the 'Change' button.</P +></LI +><LI +><P +>Click on the 'Look in" area that lists the machine name, when you click +here it will open up a selection box. Click on the domain to which the +profile must be accessible.</P +><DIV +CLASS="NOTE" +><P +></P +><TABLE +CLASS="NOTE" +WIDTH="90%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +>You will need to log on if a logon box opens up. Eg: In the connect +as: MIDEARTH\root, password: mypassword.</P +></TD +></TR +></TABLE +></DIV +></LI +><LI +><P +>To make the profile capable of being used by anyone select 'Everyone'</P +></LI +><LI +><P +>Click OK. The Selection box will close.</P +></LI +><LI +><P +>Now click on the 'Ok' button to create the profile in the path you +nominated.</P +></LI +></UL +><P +>Done. You now have a profile that can be editted using the samba-3.0.0 +profiles tool.</P +><DIV +CLASS="NOTE" +><P +></P +><TABLE +CLASS="NOTE" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +>Under NT/2K the use of mandotory profiles forces the use of MS Exchange +storage of mail data. That keeps desktop profiles usable.</P +></TD +></TR +></TABLE +></DIV +><DIV +CLASS="NOTE" +><P +></P +><TABLE +CLASS="NOTE" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +></P +><UL +><LI +><P +>This is a security check new to Windows XP (or maybe only +Windows XP service pack 1). It can be disabled via a group policy in +Active Directory. The policy is:</P +><P +>"Computer Configuration\Administrative Templates\System\User +Profiles\Do not check for user ownership of Roaming Profile Folders"</P +><P +>...and it should be set to "Enabled". +Does the new version of samba have an Active Directory analogue? If so, +then you may be able to set the policy through this.</P +><P +>If you cannot set group policies in samba, then you may be able to set +the policy locally on each machine. If you want to try this, then do +the following (N.B. I don't know for sure that this will work in the +same way as a domain group policy):</P +></LI +><LI +><P +>On the XP workstation log in with an Administrator account.</P +></LI +><LI +><P +>Click: "Start", "Run"</P +></LI +><LI +><P +>Type: "mmc"</P +></LI +><LI +><P +>Click: "OK"</P +></LI +><LI +><P +>A Microsoft Management Console should appear.</P +></LI +><LI +><P +>Click: File, "Add/Remove Snap-in...", "Add"</P +></LI +><LI +><P +>Double-Click: "Group Policy"</P +></LI +><LI +><P +>Click: "Finish", "Close"</P +></LI +><LI +><P +>Click: "OK"</P +></LI +><LI +><P +>In the "Console Root" window:</P +></LI +><LI +><P +>Expand: "Local Computer Policy", "Computer Configuration",</P +></LI +><LI +><P +>"Administrative Templates", "System", "User Profiles"</P +></LI +><LI +><P +>Double-Click: "Do not check for user ownership of Roaming Profile</P +></LI +><LI +><P +>Folders"</P +></LI +><LI +><P +>Select: "Enabled"</P +></LI +><LI +><P +>Click: OK"</P +></LI +><LI +><P +>Close the whole console. You do not need to save the settings (this +refers to the console settings rather than the policies you have +changed).</P +></LI +><LI +><P +>Reboot</P +></LI +></UL +></TD +></TR +></TABLE +></DIV +></DIV +></DIV +><DIV +CLASS="NAVFOOTER" +><HR +ALIGN="LEFT" +WIDTH="100%"><TABLE +SUMMARY="Footer navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +><A +HREF="speed.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="samba-howto-collection.html" +ACCESSKEY="H" +>Home</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +><A +HREF="appendixes.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +>Samba performance issues</TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="optional.html" +ACCESSKEY="U" +>Up</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +>Appendixes</TD +></TR +></TABLE +></DIV +></BODY +></HTML +>
\ No newline at end of file |