From e0040e6960eec303c19d4bc45bc39bf7894840e4 Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Fri, 4 Apr 2003 05:16:47 +0000 Subject: Superceded file. (This used to be commit 035f050d65a732d442b7137b1eb7440769774dbc) --- docs/docbook/projdoc/GroupProfiles.sgml | 289 -------------------------------- 1 file changed, 289 deletions(-) delete mode 100644 docs/docbook/projdoc/GroupProfiles.sgml (limited to 'docs/docbook/projdoc') diff --git a/docs/docbook/projdoc/GroupProfiles.sgml b/docs/docbook/projdoc/GroupProfiles.sgml deleted file mode 100644 index 8bdf98059a..0000000000 --- a/docs/docbook/projdoc/GroupProfiles.sgml +++ /dev/null @@ -1,289 +0,0 @@ - - - - JohnTerpstra - - - JelmerVernooij - - - JohnRussell - -
apca72@dsl.pipex.com
- - - - -Creating Group Prolicy Files - - -Windows '9x - -You need the Win98 Group Policy Editor to -set Group Profiles up under Windows '9x. It can be found on the Original -full product Win98 installation CD under -tools/reskit/netadmin/poledit. You install this -using the Add/Remove Programs facility and then click on the 'Have Disk' -tab. - - - -Use the Group Policy Editor to create a policy file that specifies the -location of user profiles and/or the My Documents etc. -stuff. You then save these settings in a file called -Config.POL that needs to be placed in -the root of the [NETLOGON] share. If your Win98 is configured to log onto -the Samba Domain, it will automatically read this file and update the -Win9x/Me registry of the machine that is logging on. - - - -All of this is covered in the Win98 Resource Kit documentation. - - - -If you do not do it this way, then every so often Win9x/Me will check the -integrity of the registry and will restore it's settings from the back-up -copy of the registry it stores on each Win9x/Me machine. Hence, you will -occasionally notice things changing back to the original settings. - - - -The following all refers to Windows NT/200x profile migration - not to policies. -We need a separate section on policies (NTConfig.Pol) for NT4/200x. - - - - -Windows NT 4 - - -Unfortunately, the Resource Kit info is Win NT4 or 200x specific. - - - -Here is a quick guide: - - - - - -On your NT4 Domain Controller, right click on 'My Computer', then -select the tab labelled 'User Profiles'. - - - -Select a user profile you want to migrate and click on it. - - -I am using the term "migrate" lossely. You can copy a profile to -create a group profile. You can give the user 'Everyone' rights to the -profile you copy this to. That is what you need to do, since your samba -domain is not a member of a trust relationship with your NT4 PDC. - - -Click the 'Copy To' button. - -In the box labelled 'Copy Profile to' add your new path, eg: -c:\temp\foobar - -Click on the button labelled 'Change' in the "Permitted to use" box. - -Click on the group 'Everyone' and then click OK. This closes the -'chose user' box. - -Now click OK. - - - -Follow the above for every profile you need to migrate. - - - -Side bar Notes - - -You should obtain the SID of your NT4 domain. You can use smbpasswd to do -this. Read the man page. - - -With Samba-3.0.0 alpha code you can import all you NT4 domain accounts -using the net samsync method. This way you can retain your profile -settings as well as all your users. - - - - - -Mandatory profiles - - -The above method can be used to create mandatory profiles also. To convert -a group profile into a mandatory profile simply locate the NTUser.DAT file -in the copied profile and rename it to NTUser.MAN. - - - - - -moveuser.exe - - -The W2K professional resource kit has moveuser.exe. moveuser.exe changes -the security of a profile from one user to another. This allows the account -domain to change, and/or the user name to change. - - - - - -Get SID - - -You can identify the SID by using GetSID.exe from the Windows NT Server 4.0 -Resource Kit. - - - -Windows NT 4.0 stores the local profile information in the registry under -the following key: -HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList - - - -Under the ProfileList key, there will be subkeys named with the SIDs of the -users who have logged on to this computer. (To find the profile information -for the user whose locally cached profile you want to move, find the SID for -the user with the GetSID.exe utility.) Inside of the appropriate user's -subkey, you will see a string value named ProfileImagePath. - - - - - - - -Windows 2000/XP - - -You must first convert the profile from a local profile to a domain -profile on the MS Windows workstation as follows: - - - - -Log on as the LOCAL workstation administrator. - - - -Right click on the 'My Computer' Icon, select 'Properties' - - - -Click on the 'User Profiles' tab - - - -Select the profile you wish to convert (click on it once) - - - -Click on the button 'Copy To' - - - -In the "Permitted to use" box, click on the 'Change' button. - - - -Click on the 'Look in" area that lists the machine name, when you click -here it will open up a selection box. Click on the domain to which the -profile must be accessible. - - -You will need to log on if a logon box opens up. Eg: In the connect -as: MIDEARTH\root, password: mypassword. - - - -To make the profile capable of being used by anyone select 'Everyone' - - - -Click OK. The Selection box will close. - - - -Now click on the 'Ok' button to create the profile in the path you -nominated. - - - - -Done. You now have a profile that can be editted using the samba-3.0.0 -profiles tool. - - - - -Under NT/2K the use of mandotory profiles forces the use of MS Exchange -storage of mail data. That keeps desktop profiles usable. - - - - - - -This is a security check new to Windows XP (or maybe only -Windows XP service pack 1). It can be disabled via a group policy in -Active Directory. The policy is: - -"Computer Configuration\Administrative Templates\System\User -Profiles\Do not check for user ownership of Roaming Profile Folders" - -...and it should be set to "Enabled". -Does the new version of samba have an Active Directory analogue? If so, -then you may be able to set the policy through this. - - - -If you cannot set group policies in samba, then you may be able to set -the policy locally on each machine. If you want to try this, then do -the following (N.B. I don't know for sure that this will work in the -same way as a domain group policy): - - - - - -On the XP workstation log in with an Administrator account. - - -Click: "Start", "Run" -Type: "mmc" -Click: "OK" - -A Microsoft Management Console should appear. -Click: File, "Add/Remove Snap-in...", "Add" -Double-Click: "Group Policy" -Click: "Finish", "Close" -Click: "OK" - -In the "Console Root" window: -Expand: "Local Computer Policy", "Computer Configuration", -"Administrative Templates", "System", "User Profiles" -Double-Click: "Do not check for user ownership of Roaming Profile -Folders" -Select: "Enabled" -Click: OK" - -Close the whole console. You do not need to save the settings (this -refers to the console settings rather than the policies you have -changed). - -Reboot - - - - - -- cgit