summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/docbook/projdoc/GroupProfiles.sgml240
1 files changed, 240 insertions, 0 deletions
diff --git a/docs/docbook/projdoc/GroupProfiles.sgml b/docs/docbook/projdoc/GroupProfiles.sgml
new file mode 100644
index 0000000000..3ef64a7bbd
--- /dev/null
+++ b/docs/docbook/projdoc/GroupProfiles.sgml
@@ -0,0 +1,240 @@
+<chapter id="GroupProfiles">
+<chapterinfo>
+ <author>
+ <firstname>John</firstname><surname>Terpstra</surname>
+ </author>
+ <author>
+ <firstname>Jelmer</firstname><surname>Vernooij</surname>
+ </author>
+ <author>
+ <firstname>John</firstname><surname>Russell</surname>
+ <affiliation>
+ <address><email>apca72@dsl.pipex.com</email></address>
+ </affiliation>
+ </author>
+</chapterinfo>
+
+<title>Creating Group Profiles</title>
+
+<sect1>
+<title>Windows '9x</title>
+<para>
+You need the Win98 Group Policy Editor to
+set Group Profiles up under Windows '9x. It can be found on the Original
+full product Win98 installation CD under
+<filename>tools/reskit/netadmin/poledit</filename>. You install this
+using the Add/Remove Programs facility and then click on the 'Have Disk'
+tab.
+</para>
+
+<para>
+Use the Group Policy Editor to create a policy file that specifies the
+location of user profiles and/or the <filename>My Documents</filename> etc.
+stuff. You then save these settings in a file called
+<filename>Config.POL</filename> that needs to be placed in
+the root of the [NETLOGON] share. If your Win98 is configured to log onto
+the Samba Domain, it will automatically read this file and update the
+Win98 registry of the machine that is logging on.
+</para>
+
+<para>
+All of this is covered in the Win98 Resource Kit documentation.
+</para>
+
+<para>
+If you do not do it this way, then every so often Win98 will check the
+integrity of the registry and will restore it's settings from the back-up
+copy of the registry it stores on each Win98 machine. Hence, you will notice
+things changing back to the original settings.
+</para>
+
+</sect1>
+
+<sect1>
+<title>Windows NT 4</title>
+
+<para>
+Unfortunately, the Resource Kit info is Win NT4/2K version specific.
+</para>
+
+<para>
+Here is a quick guide:
+</para>
+
+1. On your NT4 Domain Controller, right click on 'My Computer', then
+select the tab labelled 'User Profiles'.
+
+2. Select a user profile you want to migrate and click on it.
+
+<note>I am using the term "migrate" lossely. You can copy a profile to
+create a group profile. You can give the user 'Everyone' rights to the
+profile you copy this to. That is what you need to do, since your samba
+domain is not a member of a trust relationship with your NT4 PDC.</note>
+
+3. Click the 'Copy To' button.
+
+4. In the box labelled 'Copy Profile to' add your new path, eg:
+c:\temp\foobar
+
+5. Click on the button labelled 'Change' in the "Permitted to use" box.
+
+6. Click on the group 'Everyone' and then click OK. This closes the
+'chose user' box.
+
+7. Now click OK.
+
+<para>
+Follow the above for every profile you need to migrate.
+</para>
+
+<sect2>
+<title>Side bar Notes</title>
+
+<para>
+You should obtain the SID of your NT4 domain. You can use smbpasswd to do
+this. Read the man page.</para>
+
+<para>
+With Samba-3.0.0 alpha code you can import all you NT4 domain accounts
+using the net samsync method. This way you can retain your profile
+settings as well as all your users.
+</para>
+
+</sect2>
+
+<sect2>
+<title>Mandatory profiles</title>
+
+<para>
+The above method can be used to create mandatory profiles also. To convert
+a group profile into a mandatory profile simply locate the NTUser.DAT file
+in the copied profile and rename it to NTUser.MAN.
+</para>
+
+</sect2>
+
+<sect2>
+<title>moveuser.exe</title>
+
+<para>
+The W2K professional resource kit has moveuser.exe. moveuser.exe changes
+the security of a profile from one user to another. This allows the account
+domain to change, and/or the user name to change.
+</para>
+
+</sect2>
+
+<sect2>
+<title>Get SID</title>
+
+<para>
+You can identify the SID by using GetSID.exe from the Windows NT Server 4.0
+Resource Kit.
+</para>
+
+<para>
+Windows NT 4.0 stores the local profile information in the registry under
+the following key:
+HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
+</para>
+
+<para>
+Under the ProfileList key, there will be subkeys named with the SIDs of the
+users who have logged on to this computer. (To find the profile information
+for the user whose locally cached profile you want to move, find the SID for
+the user with the GetSID.exe utility.) Inside of the appropriate user's
+subkey, you will see a string value named ProfileImagePath.
+</para>
+
+</sect2>
+
+</sect1>
+
+<sect1>
+<title>Windows 2000/XP</title>
+
+<para>
+You must first convert the profile from a local profile to a domain
+profile on the MS Windows workstation as follows:
+</para>
+
+1. Log on as the LOCAL workstation administrator.
+
+2. Right click on the 'My Computer' Icon, select 'Properties'
+
+3. Click on the 'User Profiles' tab
+
+4. Select the profile you wish to convert (click on it once)
+
+5. Click on the button 'Copy To'
+
+6. In the "Permitted to use" box, click on the 'Change' button.
+
+7. Click on the 'Look in" area that lists the machine name, when you click
+here it will open up a selection box. Click on the domain to which the
+profile must be accessible.
+
+<note>You will need to log on if a logon box opens up. Eg: In the connect
+as: MIDEARTH\root, password: mypassword.</note>
+
+8. To make the profile capable of being used by anyone select 'Everyone'
+
+9. Click OK. The Selection box will close.
+
+10. Now click on the 'Ok' button to create the profile in the path you
+nominated.
+
+Done. You now have a profile that can be editted using the samba-3.0.0
+profiles tool.
+
+<note>
+Under NT/2K the use of mandotory profiles forces the use of MS Exchange
+storage of mail data. That keeps desktop profiles usable.
+</note>
+
+<note>
+This is a security check new to Windows XP (or maybe only
+Windows XP service pack 1). It can be disabled via a group policy in
+Active Directory. The policy is:
+
+"Computer Configuration\Administrative Templates\System\User
+Profiles\Do not check for user ownership of Roaming Profile Folders"
+
+...and it should be set to "Enabled".
+Does the new version of samba have an Active Directory analogue? If so,
+then you may be able to set the policy through this.
+
+If you cannot set group policies in samba, then you may be able to set
+the policy locally on each machine. If you want to try this, then do
+the following (N.B. I don't know for sure that this will work in the
+same way as a domain group policy):
+
+On the XP workstation log in with an Administrator account.
+
+Click: "Start", "Run"
+Type: "mmc"
+Click: "OK"
+
+A Microsoft Management Console should appear.
+Click: File, "Add/Remove Snap-in...", "Add"
+Double-Click: "Group Policy"
+Click: "Finish", "Close"
+Click: "OK"
+
+In the "Console Root" window:
+Expand: "Local Computer Policy", "Computer Configuration",
+"Administrative Templates", "System", "User Profiles"
+Double-Click: "Do not check for user ownership of Roaming Profile
+Folders"
+Select: "Enabled"
+Click: OK"
+
+Close the whole console. You do not need to save the settings (this
+refers to the console settings rather than the policies you have
+changed).
+
+Reboot.
+</note>
+
+</sect1>
+</chapter>