summaryrefslogtreecommitdiff
path: root/docs/htmldocs/profilemgmt.html
diff options
context:
space:
mode:
Diffstat (limited to 'docs/htmldocs/profilemgmt.html')
-rw-r--r--docs/htmldocs/profilemgmt.html1753
1 files changed, 1753 insertions, 0 deletions
diff --git a/docs/htmldocs/profilemgmt.html b/docs/htmldocs/profilemgmt.html
new file mode 100644
index 0000000000..8a101049e0
--- /dev/null
+++ b/docs/htmldocs/profilemgmt.html
@@ -0,0 +1,1753 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<HTML
+><HEAD
+><TITLE
+>Desktop Profile Management</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
+REL="HOME"
+TITLE="SAMBA Project Documentation"
+HREF="samba-howto-collection.html"><LINK
+REL="UP"
+TITLE="Advanced Configuration"
+HREF="optional.html"><LINK
+REL="PREVIOUS"
+TITLE="System and Account Policies"
+HREF="policymgmt.html"><LINK
+REL="NEXT"
+TITLE="Interdomain Trust Relationships"
+HREF="interdomaintrusts.html"></HEAD
+><BODY
+CLASS="CHAPTER"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="NAVHEADER"
+><TABLE
+SUMMARY="Header navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TH
+COLSPAN="3"
+ALIGN="center"
+>SAMBA Project Documentation</TH
+></TR
+><TR
+><TD
+WIDTH="10%"
+ALIGN="left"
+VALIGN="bottom"
+><A
+HREF="policymgmt.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="80%"
+ALIGN="center"
+VALIGN="bottom"
+></TD
+><TD
+WIDTH="10%"
+ALIGN="right"
+VALIGN="bottom"
+><A
+HREF="interdomaintrusts.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+></TABLE
+><HR
+ALIGN="LEFT"
+WIDTH="100%"></DIV
+><DIV
+CLASS="CHAPTER"
+><H1
+><A
+NAME="PROFILEMGMT"
+></A
+>Chapter 18. Desktop Profile Management</H1
+><DIV
+CLASS="TOC"
+><DL
+><DT
+><B
+>Table of Contents</B
+></DT
+><DT
+>18.1. <A
+HREF="profilemgmt.html#AEN3096"
+>Roaming Profiles</A
+></DT
+><DD
+><DL
+><DT
+>18.1.1. <A
+HREF="profilemgmt.html#AEN3103"
+>Samba Configuration for Profile Handling</A
+></DT
+><DD
+><DL
+><DT
+>18.1.1.1. <A
+HREF="profilemgmt.html#AEN3106"
+>NT4/200x User Profiles</A
+></DT
+><DT
+>18.1.1.2. <A
+HREF="profilemgmt.html#AEN3116"
+>Windows 9x / Me User Profiles</A
+></DT
+><DT
+>18.1.1.3. <A
+HREF="profilemgmt.html#AEN3131"
+>Mixed Windows 9x / Me and Windows NT4/200x User Profiles</A
+></DT
+></DL
+></DD
+><DT
+>18.1.2. <A
+HREF="profilemgmt.html#AEN3138"
+>Windows Client Profile Configuration Information</A
+></DT
+><DD
+><DL
+><DT
+>18.1.2.1. <A
+HREF="profilemgmt.html#AEN3140"
+>Windows 9x / Me Profile Setup</A
+></DT
+><DT
+>18.1.2.2. <A
+HREF="profilemgmt.html#AEN3176"
+>Windows NT4 Workstation</A
+></DT
+><DT
+>18.1.2.3. <A
+HREF="profilemgmt.html#AEN3185"
+>Windows 2000/XP Professional</A
+></DT
+></DL
+></DD
+><DT
+>18.1.3. <A
+HREF="profilemgmt.html#AEN3258"
+>Sharing Profiles between W9x/Me and NT4/200x/XP workstations</A
+></DT
+><DT
+>18.1.4. <A
+HREF="profilemgmt.html#AEN3265"
+>Profile Migration from Windows NT4/200x Server to Samba</A
+></DT
+><DD
+><DL
+><DT
+>18.1.4.1. <A
+HREF="profilemgmt.html#AEN3268"
+>Windows NT4 Profile Management Tools</A
+></DT
+><DT
+>18.1.4.2. <A
+HREF="profilemgmt.html#AEN3291"
+>Side bar Notes</A
+></DT
+><DT
+>18.1.4.3. <A
+HREF="profilemgmt.html#AEN3295"
+>moveuser.exe</A
+></DT
+><DT
+>18.1.4.4. <A
+HREF="profilemgmt.html#AEN3298"
+>Get SID</A
+></DT
+></DL
+></DD
+></DL
+></DD
+><DT
+>18.2. <A
+HREF="profilemgmt.html#AEN3303"
+>Mandatory profiles</A
+></DT
+><DT
+>18.3. <A
+HREF="profilemgmt.html#AEN3310"
+>Creating/Managing Group Profiles</A
+></DT
+><DT
+>18.4. <A
+HREF="profilemgmt.html#AEN3316"
+>Default Profile for Windows Users</A
+></DT
+><DD
+><DL
+><DT
+>18.4.1. <A
+HREF="profilemgmt.html#AEN3319"
+>MS Windows 9x/Me</A
+></DT
+><DT
+>18.4.2. <A
+HREF="profilemgmt.html#AEN3331"
+>MS Windows NT4 Workstation</A
+></DT
+><DT
+>18.4.3. <A
+HREF="profilemgmt.html#AEN3385"
+>MS Windows 200x/XP</A
+></DT
+></DL
+></DD
+></DL
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3096"
+>18.1. Roaming Profiles</A
+></H1
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif"
+HSPACE="5"
+ALT="Warning"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+>Roaming profiles support is different for Win9x / Me and Windows NT4/200x.</P
+></TD
+></TR
+></TABLE
+></DIV
+><P
+>Before discussing how to configure roaming profiles, it is useful to see how
+Windows 9x / Me and Windows NT4/200x clients implement these features.</P
+><P
+>Windows 9x / Me clients send a NetUserGetInfo request to the server to get the user's
+profiles location. However, the response does not have room for a separate
+profiles location field, only the user's home share. This means that Win9X/Me
+profiles are restricted to being stored in the user's home directory.</P
+><P
+>Windows NT4/200x clients send a NetSAMLogon RPC request, which contains many fields,
+including a separate field for the location of the user's profiles.</P
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN3103"
+>18.1.1. Samba Configuration for Profile Handling</A
+></H2
+><P
+>This section documents how to configure Samba for MS Windows client profile support.</P
+><DIV
+CLASS="SECT3"
+><H3
+CLASS="SECT3"
+><A
+NAME="AEN3106"
+>18.1.1.1. NT4/200x User Profiles</A
+></H3
+><P
+>To support Windowns NT4/200x clients, in the [global] section of smb.conf set the
+following (for example):</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+> logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath</PRE
+>
+
+ This is typically implemented like:
+
+<PRE
+CLASS="PROGRAMLISTING"
+> logon path = \\%L\Profiles\%u</PRE
+>
+where %L translates to the name of the Samba server and %u translates to the user name</P
+><P
+>The default for this option is \\%N\%U\profile, namely \\sambaserver\username\profile.
+The \\N%\%U service is created automatically by the [homes] service. If you are using
+a samba server for the profiles, you _must_ make the share specified in the logon path
+browseable. Please refer to the man page for smb.conf in respect of the different
+symantics of %L and %N, as well as %U and %u.</P
+><DIV
+CLASS="NOTE"
+><P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+>MS Windows NT/2K clients at times do not disconnect a connection to a server
+between logons. It is recommended to NOT use the <B
+CLASS="COMMAND"
+>homes</B
+>
+meta-service name as part of the profile share path.</P
+></TD
+></TR
+></TABLE
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H3
+CLASS="SECT3"
+><A
+NAME="AEN3116"
+>18.1.1.2. Windows 9x / Me User Profiles</A
+></H3
+><P
+>To support Windows 9x / Me clients, you must use the "logon home" parameter. Samba has
+now been fixed so that <KBD
+CLASS="USERINPUT"
+>net use /home</KBD
+> now works as well, and it, too, relies
+on the <B
+CLASS="COMMAND"
+>logon home</B
+> parameter.</P
+><P
+>By using the logon home parameter, you are restricted to putting Win9x / Me
+profiles in the user's home directory. But wait! There is a trick you
+can use. If you set the following in the <B
+CLASS="COMMAND"
+>[global]</B
+> section of your <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+> logon home = \\%L\%U\.profiles</PRE
+></P
+><P
+>then your Windows 9x / Me clients will dutifully put their clients in a subdirectory
+of your home directory called <TT
+CLASS="FILENAME"
+>.profiles</TT
+> (thus making them hidden).</P
+><P
+>Not only that, but <KBD
+CLASS="USERINPUT"
+>net use/home</KBD
+> will also work, because of a feature in
+Windows 9x / Me. It removes any directory stuff off the end of the home directory area
+and only uses the server and share portion. That is, it looks like you
+specified \\%L\%U for <B
+CLASS="COMMAND"
+>logon home</B
+>.</P
+></DIV
+><DIV
+CLASS="SECT3"
+><H3
+CLASS="SECT3"
+><A
+NAME="AEN3131"
+>18.1.1.3. Mixed Windows 9x / Me and Windows NT4/200x User Profiles</A
+></H3
+><P
+>You can support profiles for both Win9X and WinNT clients by setting both the
+<B
+CLASS="COMMAND"
+>logon home</B
+> and <B
+CLASS="COMMAND"
+>logon path</B
+> parameters. For example:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+> logon home = \\%L\%u\.profiles
+ logon path = \\%L\profiles\%u</PRE
+></P
+></DIV
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN3138"
+>18.1.2. Windows Client Profile Configuration Information</A
+></H2
+><DIV
+CLASS="SECT3"
+><H3
+CLASS="SECT3"
+><A
+NAME="AEN3140"
+>18.1.2.1. Windows 9x / Me Profile Setup</A
+></H3
+><P
+>When a user first logs in on Windows 9X, the file user.DAT is created,
+as are folders "Start Menu", "Desktop", "Programs" and "Nethood".
+These directories and their contents will be merged with the local
+versions stored in c:\windows\profiles\username on subsequent logins,
+taking the most recent from each. You will need to use the [global]
+options "preserve case = yes", "short preserve case = yes" and
+"case sensitive = no" in order to maintain capital letters in shortcuts
+in any of the profile folders.</P
+><P
+>The user.DAT file contains all the user's preferences. If you wish to
+enforce a set of preferences, rename their user.DAT file to user.MAN,
+and deny them write access to this file.</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+> On the Windows 9x / Me machine, go to Control Panel -&#62; Passwords and
+ select the User Profiles tab. Select the required level of
+ roaming preferences. Press OK, but do _not_ allow the computer
+ to reboot.
+ </P
+></LI
+><LI
+><P
+> On the Windows 9x / Me machine, go to Control Panel -&#62; Network -&#62;
+ Client for Microsoft Networks -&#62; Preferences. Select 'Log on to
+ NT Domain'. Then, ensure that the Primary Logon is 'Client for
+ Microsoft Networks'. Press OK, and this time allow the computer
+ to reboot.
+ </P
+></LI
+></OL
+><P
+>Under Windows 9x / Me Profiles are downloaded from the Primary Logon.
+If you have the Primary Logon as 'Client for Novell Networks', then
+the profiles and logon script will be downloaded from your Novell
+Server. If you have the Primary Logon as 'Windows Logon', then the
+profiles will be loaded from the local machine - a bit against the
+concept of roaming profiles, it would seem!</P
+><P
+>You will now find that the Microsoft Networks Login box contains
+[user, password, domain] instead of just [user, password]. Type in
+the samba server's domain name (or any other domain known to exist,
+but bear in mind that the user will be authenticated against this
+domain and profiles downloaded from it, if that domain logon server
+supports it), user name and user's password.</P
+><P
+>Once the user has been successfully validated, the Windows 9x / Me machine
+will inform you that 'The user has not logged on before' and asks you
+if you wish to save the user's preferences? Select 'yes'.</P
+><P
+>Once the Windows 9x / Me client comes up with the desktop, you should be able
+to examine the contents of the directory specified in the "logon path"
+on the samba server and verify that the "Desktop", "Start Menu",
+"Programs" and "Nethood" folders have been created.</P
+><P
+>These folders will be cached locally on the client, and updated when
+the user logs off (if you haven't made them read-only by then).
+You will find that if the user creates further folders or short-cuts,
+that the client will merge the profile contents downloaded with the
+contents of the profile directory already on the local client, taking
+the newest folders and short-cuts from each set.</P
+><P
+>If you have made the folders / files read-only on the samba server,
+then you will get errors from the Windows 9x / Me machine on logon and logout, as
+it attempts to merge the local and the remote profile. Basically, if
+you have any errors reported by the Windows 9x / Me machine, check the Unix file
+permissions and ownership rights on the profile directory contents,
+on the samba server.</P
+><P
+>If you have problems creating user profiles, you can reset the user's
+local desktop cache, as shown below. When this user then next logs in,
+they will be told that they are logging in "for the first time".</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+> instead of logging in under the [user, password, domain] dialog,
+ press escape.
+ </P
+></LI
+><LI
+><P
+> run the regedit.exe program, and look in:
+ </P
+><P
+> HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList
+ </P
+><P
+> you will find an entry, for each user, of ProfilePath. Note the
+ contents of this key (likely to be c:\windows\profiles\username),
+ then delete the key ProfilePath for the required user.
+
+ [Exit the registry editor].
+
+ </P
+></LI
+><LI
+><P
+> <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>WARNING</I
+></SPAN
+> - before deleting the contents of the
+ directory listed in the ProfilePath (this is likely to be
+ <TT
+CLASS="FILENAME"
+>c:\windows\profiles\username)</TT
+>, ask them if they
+ have any important files stored on their desktop or in their start menu.
+ Delete the contents of the directory ProfilePath (making a backup if any
+ of the files are needed).
+ </P
+><P
+> This will have the effect of removing the local (read-only hidden
+ system file) user.DAT in their profile directory, as well as the
+ local "desktop", "nethood", "start menu" and "programs" folders.
+ </P
+></LI
+><LI
+><P
+> search for the user's .PWL password-caching file in the c:\windows
+ directory, and delete it.
+ </P
+></LI
+><LI
+><P
+> log off the windows 9x / Me client.
+ </P
+></LI
+><LI
+><P
+> check the contents of the profile path (see "logon path" described
+ above), and delete the user.DAT or user.MAN file for the user,
+ making a backup if required.
+ </P
+></LI
+></OL
+><P
+>If all else fails, increase samba's debug log levels to between 3 and 10,
+and / or run a packet trace program such as ethereal or netmon.exe, and
+look for error messages.</P
+><P
+>If you have access to an Windows NT4/200x server, then first set up roaming profiles
+and / or netlogons on the Windows NT4/200x server. Make a packet trace, or examine
+the example packet traces provided with Windows NT4/200x server, and see what the
+differences are with the equivalent samba trace.</P
+></DIV
+><DIV
+CLASS="SECT3"
+><H3
+CLASS="SECT3"
+><A
+NAME="AEN3176"
+>18.1.2.2. Windows NT4 Workstation</A
+></H3
+><P
+>When a user first logs in to a Windows NT Workstation, the profile
+NTuser.DAT is created. The profile location can be now specified
+through the "logon path" parameter.</P
+><P
+>There is a parameter that is now available for use with NT Profiles:
+"logon drive". This should be set to <TT
+CLASS="FILENAME"
+>H:</TT
+> or any other drive, and
+should be used in conjunction with the new "logon home" parameter.</P
+><P
+>The entry for the NT4 profile is a _directory_ not a file. The NT
+help on profiles mentions that a directory is also created with a .PDS
+extension. The user, while logging in, must have write permission to
+create the full profile path (and the folder with the .PDS extension
+for those situations where it might be created.)</P
+><P
+>In the profile directory, Windows NT4 creates more folders than Windows 9x / Me.
+It creates "Application Data" and others, as well as "Desktop", "Nethood",
+"Start Menu" and "Programs". The profile itself is stored in a file
+NTuser.DAT. Nothing appears to be stored in the .PDS directory, and
+its purpose is currently unknown.</P
+><P
+>You can use the System Control Panel to copy a local profile onto
+a samba server (see NT Help on profiles: it is also capable of firing
+up the correct location in the System Control Panel for you). The
+NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN
+turns a profile into a mandatory one.</P
+><P
+>The case of the profile is significant. The file must be called
+NTuser.DAT or, for a mandatory profile, NTuser.MAN.</P
+></DIV
+><DIV
+CLASS="SECT3"
+><H3
+CLASS="SECT3"
+><A
+NAME="AEN3185"
+>18.1.2.3. Windows 2000/XP Professional</A
+></H3
+><P
+>You must first convert the profile from a local profile to a domain
+profile on the MS Windows workstation as follows:</P
+><P
+></P
+><UL
+><LI
+><P
+> Log on as the LOCAL workstation administrator.
+ </P
+></LI
+><LI
+><P
+> Right click on the 'My Computer' Icon, select 'Properties'
+ </P
+></LI
+><LI
+><P
+> Click on the 'User Profiles' tab
+ </P
+></LI
+><LI
+><P
+> Select the profile you wish to convert (click on it once)
+ </P
+></LI
+><LI
+><P
+> Click on the button 'Copy To'
+ </P
+></LI
+><LI
+><P
+> In the "Permitted to use" box, click on the 'Change' button.
+ </P
+></LI
+><LI
+><P
+> Click on the 'Look in" area that lists the machine name, when you click
+ here it will open up a selection box. Click on the domain to which the
+ profile must be accessible.
+ </P
+><DIV
+CLASS="NOTE"
+><P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="90%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+>You will need to log on if a logon box opens up. Eg: In the connect
+ as: MIDEARTH\root, password: mypassword.</P
+></TD
+></TR
+></TABLE
+></DIV
+></LI
+><LI
+><P
+> To make the profile capable of being used by anyone select 'Everyone'
+ </P
+></LI
+><LI
+><P
+> Click OK. The Selection box will close.
+ </P
+></LI
+><LI
+><P
+> Now click on the 'Ok' button to create the profile in the path you
+ nominated.
+ </P
+></LI
+></UL
+><P
+>Done. You now have a profile that can be editted using the samba-3.0.0
+<TT
+CLASS="FILENAME"
+>profiles</TT
+> tool.</P
+><DIV
+CLASS="NOTE"
+><P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+>Under NT/2K the use of mandotory profiles forces the use of MS Exchange
+storage of mail data. That keeps desktop profiles usable.</P
+></TD
+></TR
+></TABLE
+></DIV
+><DIV
+CLASS="NOTE"
+><P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+></P
+><UL
+><LI
+><P
+>This is a security check new to Windows XP (or maybe only
+Windows XP service pack 1). It can be disabled via a group policy in
+Active Directory. The policy is:</P
+><P
+>"Computer Configuration\Administrative Templates\System\User
+Profiles\Do not check for user ownership of Roaming Profile Folders"</P
+><P
+>...and it should be set to "Enabled".
+Does the new version of samba have an Active Directory analogue? If so,
+then you may be able to set the policy through this.</P
+><P
+>If you cannot set group policies in samba, then you may be able to set
+the policy locally on each machine. If you want to try this, then do
+the following (N.B. I don't know for sure that this will work in the
+same way as a domain group policy):</P
+></LI
+><LI
+><P
+>On the XP workstation log in with an Administrator account.</P
+></LI
+><LI
+><P
+>Click: "Start", "Run"</P
+></LI
+><LI
+><P
+>Type: "mmc"</P
+></LI
+><LI
+><P
+>Click: "OK"</P
+></LI
+><LI
+><P
+>A Microsoft Management Console should appear.</P
+></LI
+><LI
+><P
+>Click: File, "Add/Remove Snap-in...", "Add"</P
+></LI
+><LI
+><P
+>Double-Click: "Group Policy"</P
+></LI
+><LI
+><P
+>Click: "Finish", "Close"</P
+></LI
+><LI
+><P
+>Click: "OK"</P
+></LI
+><LI
+><P
+>In the "Console Root" window:</P
+></LI
+><LI
+><P
+>Expand: "Local Computer Policy", "Computer Configuration",</P
+></LI
+><LI
+><P
+>"Administrative Templates", "System", "User Profiles"</P
+></LI
+><LI
+><P
+>Double-Click: "Do not check for user ownership of Roaming Profile</P
+></LI
+><LI
+><P
+>Folders"</P
+></LI
+><LI
+><P
+>Select: "Enabled"</P
+></LI
+><LI
+><P
+>Click: OK"</P
+></LI
+><LI
+><P
+>Close the whole console. You do not need to save the settings (this
+ refers to the console settings rather than the policies you have
+ changed).</P
+></LI
+><LI
+><P
+>Reboot</P
+></LI
+></UL
+></TD
+></TR
+></TABLE
+></DIV
+></DIV
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN3258"
+>18.1.3. Sharing Profiles between W9x/Me and NT4/200x/XP workstations</A
+></H2
+><P
+>Sharing of desktop profiles between Windows versions is NOT recommended.
+Desktop profiles are an evolving phenomenon and profiles for later versions
+of MS Windows clients add features that may interfere with earlier versions
+of MS Windows clients. Probably the more salient reason to NOT mix profiles
+is that when logging off an earlier version of MS Windows the older format
+of profile contents may overwrite information that belongs to the newer
+version resulting in loss of profile information content when that user logs
+on again with the newer version of MS Windows.</P
+><P
+>If you then want to share the same Start Menu / Desktop with W9x/Me, you will
+need to specify a common location for the profiles. The smb.conf parameters
+that need to be common are <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>logon path</I
+></SPAN
+> and
+<SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>logon home</I
+></SPAN
+>.</P
+><P
+>If you have this set up correctly, you will find separate user.DAT and
+NTuser.DAT files in the same profile directory.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN3265"
+>18.1.4. Profile Migration from Windows NT4/200x Server to Samba</A
+></H2
+><P
+>There is nothing to stop you specifying any path that you like for the
+location of users' profiles. Therefore, you could specify that the
+profile be stored on a samba server, or any other SMB server, as long as
+that SMB server supports encrypted passwords.</P
+><DIV
+CLASS="SECT3"
+><H3
+CLASS="SECT3"
+><A
+NAME="AEN3268"
+>18.1.4.1. Windows NT4 Profile Management Tools</A
+></H3
+><P
+>Unfortunately, the Resource Kit information is specific to the version of MS Windows
+NT4/200x. The correct resource kit is required for each platform.</P
+><P
+>Here is a quick guide:</P
+><P
+></P
+><UL
+><LI
+><P
+>On your NT4 Domain Controller, right click on 'My Computer', then
+select the tab labelled 'User Profiles'.</P
+></LI
+><LI
+><P
+>Select a user profile you want to migrate and click on it.</P
+><DIV
+CLASS="NOTE"
+><P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="90%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+>I am using the term "migrate" lossely. You can copy a profile to
+create a group profile. You can give the user 'Everyone' rights to the
+profile you copy this to. That is what you need to do, since your samba
+domain is not a member of a trust relationship with your NT4 PDC.</P
+></TD
+></TR
+></TABLE
+></DIV
+></LI
+><LI
+><P
+>Click the 'Copy To' button.</P
+></LI
+><LI
+><P
+>In the box labelled 'Copy Profile to' add your new path, eg:
+ <TT
+CLASS="FILENAME"
+>c:\temp\foobar</TT
+></P
+></LI
+><LI
+><P
+>Click on the button labelled 'Change' in the "Permitted to use" box.</P
+></LI
+><LI
+><P
+>Click on the group 'Everyone' and then click OK. This closes the
+ 'chose user' box.</P
+></LI
+><LI
+><P
+>Now click OK.</P
+></LI
+></UL
+><P
+>Follow the above for every profile you need to migrate.</P
+></DIV
+><DIV
+CLASS="SECT3"
+><H3
+CLASS="SECT3"
+><A
+NAME="AEN3291"
+>18.1.4.2. Side bar Notes</A
+></H3
+><P
+>You should obtain the SID of your NT4 domain. You can use smbpasswd to do
+this. Read the man page.</P
+><P
+>With Samba-3.0.0 alpha code you can import all you NT4 domain accounts
+using the net samsync method. This way you can retain your profile
+settings as well as all your users.</P
+></DIV
+><DIV
+CLASS="SECT3"
+><H3
+CLASS="SECT3"
+><A
+NAME="AEN3295"
+>18.1.4.3. moveuser.exe</A
+></H3
+><P
+>The W2K professional resource kit has moveuser.exe. moveuser.exe changes
+the security of a profile from one user to another. This allows the account
+domain to change, and/or the user name to change.</P
+></DIV
+><DIV
+CLASS="SECT3"
+><H3
+CLASS="SECT3"
+><A
+NAME="AEN3298"
+>18.1.4.4. Get SID</A
+></H3
+><P
+>You can identify the SID by using GetSID.exe from the Windows NT Server 4.0
+Resource Kit.</P
+><P
+>Windows NT 4.0 stores the local profile information in the registry under
+the following key:
+HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList</P
+><P
+>Under the ProfileList key, there will be subkeys named with the SIDs of the
+users who have logged on to this computer. (To find the profile information
+for the user whose locally cached profile you want to move, find the SID for
+the user with the GetSID.exe utility.) Inside of the appropriate user's
+subkey, you will see a string value named ProfileImagePath.</P
+></DIV
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3303"
+>18.2. Mandatory profiles</A
+></H1
+><P
+>A Mandatory Profile is a profile that the user does NOT have the ability to overwrite.
+During the user's session it may be possible to change the desktop environment, but
+as the user logs out all changes made will be lost. If it is desired to NOT allow the
+user any ability to change the desktop environment then this must be done through
+policy settings. See previous chapter.</P
+><DIV
+CLASS="NOTE"
+><P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+>Under NO circumstances should the profile directory (or it's contents) be made read-only
+as this may render the profile un-usable.</P
+></TD
+></TR
+></TABLE
+></DIV
+><P
+>For MS Windows NT4/200x/XP the above method can be used to create mandatory profiles
+also. To convert a group profile into a mandatory profile simply locate the NTUser.DAT
+file in the copied profile and rename it to NTUser.MAN.</P
+><P
+>For MS Windows 9x / Me it is the User.DAT file that must be renamed to User.MAN to
+affect a mandatory profile.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3310"
+>18.3. Creating/Managing Group Profiles</A
+></H1
+><P
+>Most organisations are arranged into departments. There is a nice benenfit in
+this fact since usually most users in a department will require the same desktop
+applications and the same desktop layout. MS Windows NT4/200x/XP will allow the
+use of Group Profiles. A Group Profile is a profile that is created firstly using
+a template (example) user. Then using the profile migration tool (see above) the
+profile is assigned access rights for the user group that needs to be given access
+to the group profile.</P
+><P
+>The next step is rather important. PLEASE NOTE: Instead of assigning a group profile
+to users (ie: Using User Manager) on a "per user" basis, the group itself is assigned
+the now modified profile.</P
+><DIV
+CLASS="NOTE"
+><P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+> Be careful with group profiles, if the user who is a member of a group also
+ has a personal profile, then the result will be a fusion (merge) of the two.
+ </P
+></TD
+></TR
+></TABLE
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3316"
+>18.4. Default Profile for Windows Users</A
+></H1
+><P
+>MS Windows 9x / Me and NT4/200x/XP will use a default profile for any user for whom
+a profile does not already exist. Armed with a knowledge of where the default profile
+is located on the Windows workstation, and knowing which registry keys affect the path
+from which the default profile is created, it is possible to modify the default profile
+to one that has been optimised for the site. This has significant administrative
+advantages.</P
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN3319"
+>18.4.1. MS Windows 9x/Me</A
+></H2
+><P
+>To enable default per use profiles in Windows 9x / Me you can either use the Windows 98 System
+Policy Editor or change the registry directly.</P
+><P
+>To enable default per user profiles in Windows 9x / Me, launch the System Policy Editor, then
+select File -&#62; Open Registry, then click on the Local Computer icon, click on Windows 98 System,
+select User Profiles, click on the enable box. Do not forget to save the registry changes.</P
+><P
+>To modify the registry directly, launch the Registry Editor (regedit.exe), select the hive
+<TT
+CLASS="FILENAME"
+>HKEY_LOCAL_MACHINE\Network\Logon</TT
+>. Now add a DWORD type key with the name
+"User Profiles", to enable user profiles set the value to 1, to disable user profiles set it to 0.</P
+><DIV
+CLASS="SECT3"
+><H3
+CLASS="SECT3"
+><A
+NAME="AEN3325"
+>18.4.1.1. How User Profiles Are Handled in Windows 9x / Me?</A
+></H3
+><P
+>When a user logs on to a Windows 9x / Me machine, the local profile path,
+<TT
+CLASS="FILENAME"
+>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ProfileList</TT
+>, is checked
+for an existing entry for that user:</P
+><P
+>If the user has an entry in this registry location, Windows 9x / Me checks for a locally cached
+version of the user profile. Windows 9x / Me also checks the user's home directory (or other
+specified directory if the location has been modified) on the server for the User Profile.
+If a profile exists in both locations, the newer of the two is used. If the User Profile exists
+on the server, but does not exist on the local machine, the profile on the server is downloaded
+and used. If the User Profile only exists on the local machine, that copy is used.</P
+><P
+>If a User Profile is not found in either location, the Default User Profile from the Windows 9x / Me
+machine is used and is copied to a newly created folder for the logged on user. At log off, any
+changes that the user made are written to the user's local profile. If the user has a roaming
+profile, the changes are written to the user's profile on the server.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN3331"
+>18.4.2. MS Windows NT4 Workstation</A
+></H2
+><P
+>On MS Windows NT4 the default user profile is obtained from the location
+<TT
+CLASS="FILENAME"
+>%SystemRoot%\Profiles</TT
+> which in a default installation will translate to
+<TT
+CLASS="FILENAME"
+>C:\WinNT\Profiles</TT
+>. Under this directory on a clean install there will be
+three (3) directories: <TT
+CLASS="FILENAME"
+>Administrator, All Users, Default User</TT
+>.</P
+><P
+>The <TT
+CLASS="FILENAME"
+>All Users</TT
+> directory contains menu settings that are common across all
+system users. The <TT
+CLASS="FILENAME"
+>Default User</TT
+> directory contains menu entries that are
+customisable per user depending on the profile settings chosen/created.</P
+><P
+>When a new user first logs onto an MS Windows NT4 machine a new profile is created from:</P
+><P
+></P
+><TABLE
+BORDER="0"
+><TBODY
+><TR
+><TD
+>All Users settings</TD
+></TR
+><TR
+><TD
+>Default User settings (contains the default NTUser.DAT file)</TD
+></TR
+></TBODY
+></TABLE
+><P
+></P
+><P
+>When a user logs onto an MS Windows NT4 machine that is a member of a Microsoft security domain
+the following steps are followed in respect of profile handling:</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+> The users' account information which is obtained during the logon process contains
+ the location of the users' desktop profile. The profile path may be local to the
+ machine or it may be located on a network share. If there exists a profile at the location
+ of the path from the user account, then this profile is copied to the location
+ <TT
+CLASS="FILENAME"
+>%SystemRoot%\Profiles\%USERNAME%</TT
+>. This profile then inherits the
+ settings in the <TT
+CLASS="FILENAME"
+>All Users</TT
+> profile in the <TT
+CLASS="FILENAME"
+>%SystemRoot%\Profiles</TT
+>
+ location.
+ </P
+></LI
+><LI
+><P
+> If the user account has a profile path, but at it's location a profile does not exist,
+ then a new profile is created in the <TT
+CLASS="FILENAME"
+>%SystemRoot%\Profiles\%USERNAME%</TT
+>
+ directory from reading the <TT
+CLASS="FILENAME"
+>Default User</TT
+> profile.
+ </P
+></LI
+><LI
+><P
+> If the NETLOGON share on the authenticating server (logon server) contains a policy file
+ (<TT
+CLASS="FILENAME"
+>NTConfig.POL</TT
+>) then it's contents are applied to the <TT
+CLASS="FILENAME"
+>NTUser.DAT</TT
+>
+ which is applied to the <TT
+CLASS="FILENAME"
+>HKEY_CURRENT_USER</TT
+> part of the registry.
+ </P
+></LI
+><LI
+><P
+> When the user logs out, if the profile is set to be a roaming profile it will be written
+ out to the location of the profile. The <TT
+CLASS="FILENAME"
+>NTuser.DAT</TT
+> file is then
+ re-created from the contents of the <TT
+CLASS="FILENAME"
+>HKEY_CURRENT_USER</TT
+> contents.
+ Thus, should there not exist in the NETLOGON share an <TT
+CLASS="FILENAME"
+>NTConfig.POL</TT
+> at the
+ next logon, the effect of the provious <TT
+CLASS="FILENAME"
+>NTConfig.POL</TT
+> will still be held
+ in the profile. The effect of this is known as <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>tatooing</I
+></SPAN
+>.
+ </P
+></LI
+></OL
+><P
+>MS Windows NT4 profiles may be <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>Local</I
+></SPAN
+> or <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>Roaming</I
+></SPAN
+>. A Local profile
+will stored in the <TT
+CLASS="FILENAME"
+>%SystemRoot%\Profiles\%USERNAME%</TT
+> location. A roaming profile will
+also remain stored in the same way, unless the following registry key is created:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+> HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\Windows NT\CurrentVersion\winlogon\
+ "DeleteRoamingCache"=dword:00000001</PRE
+>
+
+In which case, the local copy (in <TT
+CLASS="FILENAME"
+>%SystemRoot%\Profiles\%USERNAME%</TT
+>) will be
+deleted on logout.</P
+><P
+>Under MS Windows NT4 default locations for common resources (like <TT
+CLASS="FILENAME"
+>My Documents</TT
+>
+may be redirected to a network share by modifying the following registry keys. These changes may be affected
+via use of the System Policy Editor (to do so may require that you create your owns template extension
+for the policy editor to allow this to be done through the GUI. Another way to do this is by way of first
+creating a default user profile, then while logged in as that user, run regedt32 to edit the key settings.</P
+><P
+>The Registry Hive key that affects the behaviour of folders that are part of the default user profile
+are controlled by entries on Windows NT4 is:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+> HKEY_CURRENT_USER
+ \Software
+ \Microsoft
+ \Windows
+ \CurrentVersion
+ \Explorer
+ \User Shell Folders\</PRE
+></P
+><P
+>The above hive key contains a list of automatically managed folders. The default entries are:</P
+><P
+> <PRE
+CLASS="PROGRAMLISTING"
+> Name Default Value
+ -------------- -----------------------------------------
+ AppData %USERPROFILE%\Application Data
+ Desktop %USERPROFILE%\Desktop
+ Favorites %USERPROFILE%\Favorites
+ NetHood %USERPROFILE%\NetHood
+ PrintHood %USERPROFILE%\PrintHood
+ Programs %USERPROFILE%\Start Menu\Programs
+ Recent %USERPROFILE%\Recent
+ SendTo %USERPROFILE%\SendTo
+ Start Menu %USERPROFILE%\Start Menu
+ Startup %USERPROFILE%\Start Menu\Programs\Startup
+ </PRE
+>
+ </P
+><P
+>The registry key that contains the location of the default profile settings is:
+
+<PRE
+CLASS="PROGRAMLISTING"
+> HKEY_LOCAL_MACHINE
+ \SOFTWARE
+ \Microsoft
+ \Windows
+ \CurrentVersion
+ \Explorer
+ \User Shell Folders</PRE
+>
+
+The default entries are:
+
+<PRE
+CLASS="PROGRAMLISTING"
+> Common Desktop %SystemRoot%\Profiles\All Users\Desktop
+ Common Programs %SystemRoot%\Profiles\All Users\Programs
+ Common Start Menu %SystemRoot%\Profiles\All Users\Start Menu
+ Common Startu p %SystemRoot%\Profiles\All Users\Start Menu\Progams\Startup</PRE
+></P
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN3385"
+>18.4.3. MS Windows 200x/XP</A
+></H2
+><DIV
+CLASS="NOTE"
+><P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+> MS Windows XP Home Edition does use default per user profiles, but can not participate
+ in domain security, can not log onto an NT/ADS style domain, and thus can obtain the profile
+ only from itself. While there are benefits in doing this the beauty of those MS Windows
+ clients that CAN participate in domain logon processes allows the administrator to create
+ a global default profile and to enforce it through the use of Group Policy Objects (GPOs).
+ </P
+></TD
+></TR
+></TABLE
+></DIV
+><P
+>When a new user first logs onto MS Windows 200x/XP machine the default profile is obtained from
+<TT
+CLASS="FILENAME"
+>C:\Documents and Settings\Default User</TT
+>. The administrator can modify (or change
+the contents of this location and MS Windows 200x/XP will gladly user it. This is far from the optimum
+arrangement since it will involve copying a new default profile to every MS Windows 200x/XP client
+workstation. </P
+><P
+>When MS Windows 200x/XP participate in a domain security context, and if the default user
+profile is not found, then the client will search for a default profile in the NETLOGON share
+of the authenticating server. ie: In MS Windows parlance:
+<TT
+CLASS="FILENAME"
+>%LOGONSERVER%\NETLOGON\Default User</TT
+> and if one exits there it will copy this
+to the workstation to the <TT
+CLASS="FILENAME"
+>C:\Documents and Settings\</TT
+> under the Windows
+login name of the user.</P
+><DIV
+CLASS="NOTE"
+><P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+> This path translates, in Samba parlance, to the smb.conf [NETLOGON] share. The directory
+ should be created at the root of this share and msut be called <TT
+CLASS="FILENAME"
+>Default Profile</TT
+>.
+ </P
+></TD
+></TR
+></TABLE
+></DIV
+><P
+>If a default profile does not exist in this location then MS Windows 200x/XP will use the local
+default profile.</P
+><P
+>On loging out, the users' desktop profile will be stored to the location specified in the registry
+settings that pertain to the user. If no specific policies have been created, or passed to the client
+during the login process (as Samba does automatically), then the user's profile will be written to
+the local machine only under the path <TT
+CLASS="FILENAME"
+>C:\Documents and Settings\%USERNAME%</TT
+>.</P
+><P
+>Those wishing to modify the default behaviour can do so through up to three methods:</P
+><P
+></P
+><UL
+><LI
+><P
+> Modify the registry keys on the local machine manually and place the new default profile in the
+ NETLOGON share root - NOT recommended as it is maintenance intensive.
+ </P
+></LI
+><LI
+><P
+> Create an NT4 style NTConfig.POL file that specified this behaviour and locate this file
+ in the root of the NETLOGON share along with the new default profile.
+ </P
+></LI
+><LI
+><P
+> Create a GPO that enforces this through Active Directory, and place the new default profile
+ in the NETLOGON share.
+ </P
+></LI
+></UL
+><P
+>The Registry Hive key that affects the behaviour of folders that are part of the default user profile
+are controlled by entries on Windows 200x/XP is:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+> HKEY_CURRENT_USER
+ \Software
+ \Microsoft
+ \Windows
+ \CurrentVersion
+ \Explorer
+ \User Shell Folders\</PRE
+></P
+><P
+>The above hive key contains a list of automatically managed folders. The default entries are:</P
+><P
+> <PRE
+CLASS="PROGRAMLISTING"
+> Name Default Value
+ -------------- -----------------------------------------
+ AppData %USERPROFILE%\Application Data
+ Cache %USERPROFILE%\Local Settings\Temporary Internet Files
+ Cookies %USERPROFILE%\Cookies
+ Desktop %USERPROFILE%\Desktop
+ Favorites %USERPROFILE%\Favorites
+ History %USERPROFILE%\Local Settings\History
+ Local AppData %USERPROFILE%\Local Settings\Application Data
+ Local Settings %USERPROFILE%\Local Settings
+ My Pictures %USERPROFILE%\My Documents\My Pictures
+ NetHood %USERPROFILE%\NetHood
+ Personal %USERPROFILE%\My Documents
+ PrintHood %USERPROFILE%\PrintHood
+ Programs %USERPROFILE%\Start Menu\Programs
+ Recent %USERPROFILE%\Recent
+ SendTo %USERPROFILE%\SendTo
+ Start Menu %USERPROFILE%\Start Menu
+ Startup %USERPROFILE%\Start Menu\Programs\Startup
+ Templates %USERPROFILE%\Templates
+ </PRE
+>
+ </P
+><P
+>There is also an entry called "Default" that has no value set. The default entry is of type REG_SZ, all
+the others are of type REG_EXPAND_SZ.</P
+><P
+>It makes a huge difference to the speed of handling roaming user profiles if all the folders are
+stored on a dedicated location on a network server. This means that it will NOT be necessary to
+write Outlook PST file over the network for every login and logout.</P
+><P
+>To set this to a network location you could use the following examples:
+
+<PRE
+CLASS="PROGRAMLISTING"
+> %LOGONSERVER%\%USERNAME%\Default Folders</PRE
+>
+
+This would store the folders in the user's home directory under a directory called "Default Folders"
+
+You could also use:
+
+<PRE
+CLASS="PROGRAMLISTING"
+> \\SambaServer\FolderShare\%USERNAME%</PRE
+>
+
+in which case the default folders will be stored in the server named <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>SambaServer</I
+></SPAN
+>
+in the share called <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>FolderShare</I
+></SPAN
+> under a directory that has the name of the MS Windows
+user as seen by the Linux/Unix file system.</P
+><P
+>Please note that once you have created a default profile share, you MUST migrate a user's profile
+(default or custom) to it.</P
+><P
+>MS Windows 200x/XP profiles may be <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>Local</I
+></SPAN
+> or <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>Roaming</I
+></SPAN
+>.
+A roaming profile will be cached locally unless the following registry key is created:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+> HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\Windows NT\CurrentVersion\winlogon\
+ "DeleteRoamingCache"=dword:00000001</PRE
+>
+
+In which case, the local cache copy will be deleted on logout.</P
+></DIV
+></DIV
+></DIV
+><DIV
+CLASS="NAVFOOTER"
+><HR
+ALIGN="LEFT"
+WIDTH="100%"><TABLE
+SUMMARY="Footer navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+><A
+HREF="policymgmt.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+><A
+HREF="samba-howto-collection.html"
+ACCESSKEY="H"
+>Home</A
+></TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+><A
+HREF="interdomaintrusts.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+>System and Account Policies</TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+><A
+HREF="optional.html"
+ACCESSKEY="U"
+>Up</A
+></TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+>Interdomain Trust Relationships</TD
+></TR
+></TABLE
+></DIV
+></BODY
+></HTML
+> \ No newline at end of file
generated by cgit (git 2.34.1) at 2024-11-08 10:36:04 +0000