summaryrefslogtreecommitdiff
path: root/docs/textdocs
diff options
context:
space:
mode:
Diffstat (limited to 'docs/textdocs')
-rw-r--r--docs/textdocs/CreatingGroupProfiles-Win2K.txt112
-rw-r--r--docs/textdocs/CreatingGroupProfiles-Win9X.txt58
-rw-r--r--docs/textdocs/CreatingGroupProfilesInNT4.txt71
-rw-r--r--docs/textdocs/RoutedNetworks.txt63
4 files changed, 304 insertions, 0 deletions
diff --git a/docs/textdocs/CreatingGroupProfiles-Win2K.txt b/docs/textdocs/CreatingGroupProfiles-Win2K.txt
new file mode 100644
index 0000000000..11a326bafb
--- /dev/null
+++ b/docs/textdocs/CreatingGroupProfiles-Win2K.txt
@@ -0,0 +1,112 @@
+You must first convert the profile from a local profile to a domain
+profile on the MS Windows workstation as follows:
+
+1. Log on as the LOCAL workstation administrator.
+
+2. Right click on the 'My Computer' Icon, select 'Properties'
+
+3. Click on the 'User Profiles' tab
+
+4. Select the profile you wish to convert (click on it once)
+
+5. Click on the button 'Copy To'
+
+6. In the "Permitted to use" box, click on the 'Change' button.
+
+7. Click on the 'Look in" area that lists the machine name, when you click
+here it will open up a selection box. Click on the domain to which the
+profile must be accessible.
+
+Note: You will need to log on if a logon box opens up. Eg: In the connect
+as: MIDEARTH\root, password: mypassword.
+
+8. To make the profile capable of being used by anyone select 'Everyone'
+
+9. Click OK. The Selection box will close.
+
+10. Now click on the 'Ok' button to create the profile in the path you
+nominated.
+
+Done. You now have a profile that can be editted using the samba-3.0.0
+profiles tool.
+
+
+
+> Keep profiles clean and small by making them mandatory.
+> See the Win2K/WinXP resource kits for details how to create a mandatory profile.
+>
+> Can you do this when using Samba as a PDC? I thought you could only do
+> policies if you had a Win2K server?
+
+No difference. Samba handles the profile ACLs the same way Win2K does.
+But understand that it is the Win2K client that does all the processing
+of the SIDs on the ACLs in the profile NTUser.DAT file.
+
+
+Note:
+-----
+> Unless your users are using Outlook (or virtually any E-mail client for
+> that matter) I have a few users with .PST files that are over 1Gig in
+> size. This is due to the regular amount of data files that we are sent. I
+> have discussed with them the need to trim those files down.
+
+Under NT/2K the use of mandotory profiles forces the use of MS Exchange
+storage of mail data. That keeps desktop profiles usable.
+
+
+Note:
+-----
+ Date: Tue, 19 Nov 2002 08:32:17 -0000
+ From: John Russell <apca72@dsl.pipex.com>
+ Reply-To: John Russell <j.c.russell@sussex.ac.uk>
+ To: samba@lists.samba.org
+ Subject: Re: [Samba] Samba and Windows XP
+
+ [ The following text is in the "iso-8859-1" character set. ]
+ [ Your display is set for the "US-ASCII" character set. ]
+ [ Some characters may be displayed incorrectly. ]
+
+ this is a security check new to Windows XP (or maybe only
+ Windows XP service pack 1). It can be disabled via a group policy in
+ Active Directory. The policy is:
+
+ "Computer Configuration\Administrative Templates\System\User
+ Profiles\Do not check for user ownership of Roaming Profile Folders"
+
+ ...and it should be set to "Enabled".
+
+ Does the new version of samba have an Active Directory analogue? If so,
+ then you may be able to set the policy through this.
+
+ If you cannot set group policies in samba, then you may be able to set
+ the policy locally on each machine. If you want to try this, then do
+ the following (N.B. I don't know for sure that this will work in the
+ same way as a domain group policy):
+
+ On the XP workstation log in with an Administrator account.
+
+ Click: "Start", "Run"
+ Type: "mmc"
+ Click: "OK"
+
+ A Microsoft Management Console should appear.
+ Click: File, "Add/Remove Snap-in...", "Add"
+ Double-Click: "Group Policy"
+ Click: "Finish", "Close"
+ Click: "OK"
+
+ In the "Console Root" window:
+ Expand: "Local Computer Policy", "Computer Configuration",
+ "Administrative Templates", "System", "User Profiles"
+ Double-Click: "Do not check for user ownership of Roaming Profile
+ Folders"
+ Select: "Enabled"
+ Click: OK"
+
+ Close the whole console. You do not need to save the settings (this
+ refers to the console settings rather than the policies you have
+ changed).
+
+ Reboot.
+
+
diff --git a/docs/textdocs/CreatingGroupProfiles-Win9X.txt b/docs/textdocs/CreatingGroupProfiles-Win9X.txt
new file mode 100644
index 0000000000..3d9c239a61
--- /dev/null
+++ b/docs/textdocs/CreatingGroupProfiles-Win9X.txt
@@ -0,0 +1,58 @@
+To : "C.Lee Taylor" <leet@leenx.co.za>
+Cc : Bart <bartro@go.ro>,
+ samba@lists.samba.org
+Attchmnt:
+Subject : Re: [Samba] Profiles ...
+----- Message Text -----
+On Fri, 17 Jan 2003, C.Lee Taylor wrote:
+
+> John H Terpstra wrote:
+> > On Thu, 16 Jan 2003, C.Lee Taylor wrote:
+> >
+> >
+> >>Bart wrote:
+> >>
+> >>>Or ju put the documents on the home drive and change the target of the
+> >>>'my documents' folder to this home drive.
+> >>>
+> >>>that way you have security & all the docs on a mounted drive.
+> >>
+> >> We did that with Win98SE, and found that some times it would change
+> >>back or to something that should cause problems ... that is why I was
+> >>hoping, there was away around this ... but then it seems not.
+> >
+> >
+> > Did you check the Win98 Resource Kit for how to configure this?
+> No, just searched the registery for the set strings, changed them and
+> tested. Also used support.microsoft.com for other info ... Don't have
+> access to the Resource kits, unless they have not put them up on the net
+> and it's legal for us to use them wihtout paying?
+
+That method does not work well. You need the Win98 Group Policy Editor to
+set this up. It can be found on the Original full product Win98
+installation CD under tools/reskit/netadmin/poledit. You install this
+using the Add/Remove Programs facility and then click on the 'Have Disk'
+tab.
+
+Use the Group Policy Editor to create a policy file that specifies the
+location of user profiles and/or the 'My Documents' etc. stuff. You then
+save these settings in a file called Config.POL that needs to be placed in
+the root of the [NETLOGON] share. If your Win98 is configured to log onto
+the Samba Domain, it will automatically read this file and update the
+Win98 registry of the machine that is logging on.
+
+All of this is covered in the Win98 Resource Kit documentation.
+
+If you do not do it this way, then every so often Win98 will check the
+integrity of the registry and will restore it's settings from the back-up
+copy of the registry it stores on each Win98 machine. Hence, your symptoms
+of things changing back to original settings.
+
+Hope this helps. I have omitted quite a lot of detail you will need to
+figure out. Yell if you need more help.
+
+- John T.
+--
+John H Terpstra
+Email: jht@samba.org
+
diff --git a/docs/textdocs/CreatingGroupProfilesInNT4.txt b/docs/textdocs/CreatingGroupProfilesInNT4.txt
new file mode 100644
index 0000000000..666788643e
--- /dev/null
+++ b/docs/textdocs/CreatingGroupProfilesInNT4.txt
@@ -0,0 +1,71 @@
+Unfortunately, the Resource Kit info is Win NT4/2K version specific.
+
+Here is a quick guide:
+
+1. On your NT4 Domain Controller, right click on 'My Computer', then
+select the tab labelled 'User Profiles'.
+
+2. Select a user profile you want to migrate and click on it.
+
+Note: I am using the term "migrate" lossely. You can copy a profile to
+create a group profile. You can give the user 'Everyone' rights to the
+profile you copy this to. That is what you need to do, since your samba
+domain is not a member of a trust relationship with your NT4 PDC.
+
+3. Click the 'Copy To' button.
+
+4. In the box labelled 'Copy Profile to' add your new path, eg:
+c:\temp\foobar
+
+5. Click on the button labelled 'Change' in the "Permitted to use" box.
+
+6. Click on the group 'Everyone' and then click OK. This closes the
+'chose user' box.
+
+7. Now click OK.
+
+Follow the above for every profile you need to migrate.
+
+
+Side bar Notes:
+---------------
+You should obtain the SID of your NT4 domain. You can use smbpasswd to do
+this. Read the man page.
+
+With Samba-3.0.0 alpha code you can import all you NT4 domain accounts
+using the net samsync method. This way you can retain your profile
+settings as well as all your users.
+
+Also Note:
+----------
+The above method can be used to create mandatory profiles also. To convert
+a group profile into a mandatory profile simply locate the NTUser.DAT file
+in the copied profile and rename it to NTUser.MAN.
+
+
+Next Note:
+----------
+The W2K professional resource kit has moveuser.exe:
+
+Description:
+
+ moveuser.exe changes the security of a profile from one user to another.
+ This allows the account domain to change, and/or the user name to change.
+
+
+Next Note:
+----------
+You can identify the SID by using GetSID.exe from the Windows NT Server 4.0
+Resource Kit.
+
+Windows NT 4.0 stores the local profile information in the registry under
+the following key:
+HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
+
+Under the ProfileList key, there will be subkeys named with the SIDs of the
+users who have logged on to this computer. (To find the profile information
+for the user whose locally cached profile you want to move, find the SID for
+the user with the GetSID.exe utility.) Inside of the appropriate user's
+subkey, you will see a string value named ProfileImagePath.
+
+
diff --git a/docs/textdocs/RoutedNetworks.txt b/docs/textdocs/RoutedNetworks.txt
new file mode 100644
index 0000000000..fb55f9f9bf
--- /dev/null
+++ b/docs/textdocs/RoutedNetworks.txt
@@ -0,0 +1,63 @@
+#NOFNR Flag in LMHosts to Communicate Across Routers
+
+ Last reviewed: May 5, 1997
+ Article ID: Q103765
+ The information in this article applies to:
+
+ Microsoft Windows NT operating system version 3.1
+ Microsoft Windows NT Advanced Server version 3.1
+
+ SUMMARY
+
+ Some of the LAN Manager for UNIX and Pathworks servers may have
+problems in communicating across routers with
+ Windows NT workstations. The use of #NOFNR flag in the LMHosts
+file solves the problem.
+
+ MORE INFORMATION
+
+ When you are communicating with a server across a router in a IP
+routed environment, the LMHosts file is used to
+ resolve Workstation name-to-IP address mapping. The LMHosts
+entry for a remote machine name provides the IP
+ address for the remote machine. In Lan Manager 2.x, providing
+the LMHosts entry eliminates the need to do a Name
+ Query broadcast to the local domain and instead a TCP session is
+established with the remote machine. Windows NT
+ performs the same function in a different way.
+
+ When an LMHosts entry exists for a remote server, Windows NT
+will not send a Name Query broadcast to the local
+ subnet and instead send a directed Name Query to the remote
+server. If the remote server does not respond to the Name
+ Query, further communications (TCP SYN, and so on) will not take
+place. This was done to eliminate the performance
+ issues when trying to connect to a remote machine when it was
+not available (down).
+
+ Some of the older LAN Manager for UNIX and DEC Pathworks servers
+do not respond to directed Name Queries sent
+ by Windows NT. In that case, the users will see an error 53
+(Path not found), even though they have specified the
+ LMHosts entries correctly. A new LMHosts flag #NOFNR was added
+to solve this problem. By specifying the
+ #NOFNR flag on the same line where the name resolution
+information for the server is provided, the directed Name
+ Query can be avoided. For example:
+
+ 130.20.1.1 mylmxserver #PRE #NOFNR
+
+
+ Note that this will only apply to mylmxserver and not to any
+other entries in the LMHosts file. To set
+ a global flag, an entry could be added in the registry. To
+completely remove any directed Name
+ Queries sent from a Windows NT machine, create the following
+value in
+
+HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nbt\Parameters:
+
+ NoDirectedFNR REG_DWORD 1
+
+
+ This will cause the directed Name Queries to not go out for any
generated by cgit (git 2.34.1) at 2025-01-12 23:00:21 +0000