From a2e3ba6e1281a7d3693173679ec7fb28898df319 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 12 Aug 2003 17:36:25 +0000 Subject: Merge over book changes into 3_0 CVS (This used to be commit d8fe4a81fb0d4972b2331b3d5fc4890244b44c33) --- docs/docbook/projdoc/PolicyMgmt.xml | 59 +++++++++++++++++++++---------------- 1 file changed, 33 insertions(+), 26 deletions(-) (limited to 'docs/docbook/projdoc/PolicyMgmt.xml') diff --git a/docs/docbook/projdoc/PolicyMgmt.xml b/docs/docbook/projdoc/PolicyMgmt.xml index 12289df7c3..b17fb136a0 100644 --- a/docs/docbook/projdoc/PolicyMgmt.xml +++ b/docs/docbook/projdoc/PolicyMgmt.xml @@ -42,7 +42,7 @@ network client workstations. -A tool new to Samba-3 may become an important part of the future Samba Administrators' +A tool new to Samba may become an important part of the future Samba Administrators' arsenal. The editreg tool is described in this document. @@ -88,7 +88,7 @@ be a step forward, but improved functionality comes at a great price. Before embarking on the configuration of network and system policies it is highly advisable to read the documentation available from Microsoft's web site regarding -Implementing Profiles and Policies in Windows NT 4.0 from http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp available from Microsoft. +Implementing Profiles and Policies in Windows NT 4.0 available from Microsoft. There are a large number of documents in addition to this old one that should also be read and understood. Try searching on the Microsoft web site for "Group Policies". @@ -112,7 +112,7 @@ here is incomplete - you are warned. Use the Group Policy Editor to create a policy file that specifies the location of user profiles and/or the My Documents etc. Then save these settings in a file called Config.POL that needs to be placed in the - root of the [NETLOGON] share. If Win98 is configured to log onto + root of the [NETLOGON] share. If Win98 is configured to log onto the Samba Domain, it will automatically read this file and update the Win9x/Me registry of the machine as it logs on. @@ -293,7 +293,7 @@ here is incomplete - you are warned. Policies can define a specific user's settings or the settings for a group of users. The resulting policy file contains the registry settings for all users, groups, and computers that will be using -the policy file. Separate policy files for each user, group, or computer are not not necessary. +the policy file. Separate policy files for each user, group, or computer are not necessary. @@ -326,20 +326,27 @@ Common restrictions that are frequently used includes: - - Logon Hours - Password Aging - Permitted Logon from certain machines only - Account type (Local or Global) - User Rights - + + Logon Hours + Password Aging + Permitted Logon from certain machines only + Account type (Local or Global) + User Rights + Samba Editreg Toolset - Describe in detail the benefits of editreg and how to use it. + A new tool called editreg is under development. This tool can be used + to edit registry files (called NTUser.DAT) that are stored in user and group profiles. + NTConfig.POL files have the same structure as the NTUser.DAT file and can be editted using + this tool. editreg is being built with the intent to enable NTConfig.POL + files to be saved in text format and to permit the building of new NTConfig.POL files with + extended capabilities. It is proving difficult to realise this capability, so do not be surprised + if this feature does not materialise. Formal capabilities will be announced at the time that + this tool is released for production use. @@ -385,11 +392,11 @@ reboot and as part of the user logon: Where Active Directory is involved, an ordered list of Group Policy Objects (GPOs) is downloaded and applied. The list may include GPOs that: - - Apply to the location of machines in a Directory - Apply only when settings have changed - Depend on configuration of scope of applicability: local, site, domain, organizational unit, etc. - + + Apply to the location of machines in a Directory + Apply only when settings have changed + Depend on configuration of scope of applicability: local, site, domain, organizational unit, etc. + No desktop user interface is presented until the above have been processed. @@ -408,12 +415,12 @@ reboot and as part of the user logon: An ordered list of User GPOs is obtained. The list contents depends on what is configured in respect of: - - Is user a domain member, thus subject to particular policies - Loopback enablement, and the state of the loopback policy (Merge or Replace) - Location of the Active Directory itself - Has the list of GPOs changed. No processing is needed if not changed. - + + Is user a domain member, thus subject to particular policies + Loopback enablement, and the state of the loopback policy (Merge or Replace) + Location of the Active Directory itself + Has the list of GPOs changed. No processing is needed if not changed. + @@ -446,13 +453,13 @@ collection demonstrates only basic issues. Policy Does Not Work -Question: We have created the config.pol file and put it in the NETLOGON share. + We have created the config.pol file and put it in the NETLOGON share. It has made no difference to our Win XP Pro machines, they just don't see it. IT worked fine with Win 98 but does not -work any longer since we upgraded to Win XP Pro. Any hints? +work any longer since we upgraded to Win XP Pro. Any hints? -ANSWER: Policy files are NOT portable between Windows 9x / Me and MS Windows NT4 / 200x / XP based +Policy files are NOT portable between Windows 9x / Me and MS Windows NT4 / 200x / XP based platforms. You need to use the NT4 Group Policy Editor to create a file called NTConfig.POL so that it is in the correct format for your MS Windows XP Pro clients. -- cgit