From 0d0886aac4c9577152ad213d17ca1b673bb2e66b Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Thu, 16 Jan 2003 05:35:11 +0000 Subject: Added NT4 Profile Modification Docs, updated Win2K version. NOTE: These documents are place holders for a REAL document. (This used to be commit 393c4a37f3a1729ff92c42becfd066c76deefcda) --- docs/textdocs/CreatingGroupProfiles-Win2K.txt | 57 +++++++++++++++++++++ docs/textdocs/CreatingGroupProfilesInNT4.txt | 71 +++++++++++++++++++++++++++ 2 files changed, 128 insertions(+) create mode 100644 docs/textdocs/CreatingGroupProfilesInNT4.txt (limited to 'docs') diff --git a/docs/textdocs/CreatingGroupProfiles-Win2K.txt b/docs/textdocs/CreatingGroupProfiles-Win2K.txt index 3960fd1c14..11a326bafb 100644 --- a/docs/textdocs/CreatingGroupProfiles-Win2K.txt +++ b/docs/textdocs/CreatingGroupProfiles-Win2K.txt @@ -53,3 +53,60 @@ Note: Under NT/2K the use of mandotory profiles forces the use of MS Exchange storage of mail data. That keeps desktop profiles usable. + +Note: +----- + Date: Tue, 19 Nov 2002 08:32:17 -0000 + From: John Russell + Reply-To: John Russell + To: samba@lists.samba.org + Subject: Re: [Samba] Samba and Windows XP + + [ The following text is in the "iso-8859-1" character set. ] + [ Your display is set for the "US-ASCII" character set. ] + [ Some characters may be displayed incorrectly. ] + + this is a security check new to Windows XP (or maybe only + Windows XP service pack 1). It can be disabled via a group policy in + Active Directory. The policy is: + + "Computer Configuration\Administrative Templates\System\User + Profiles\Do not check for user ownership of Roaming Profile Folders" + + ...and it should be set to "Enabled". + + Does the new version of samba have an Active Directory analogue? If so, + then you may be able to set the policy through this. + + If you cannot set group policies in samba, then you may be able to set + the policy locally on each machine. If you want to try this, then do + the following (N.B. I don't know for sure that this will work in the + same way as a domain group policy): + + On the XP workstation log in with an Administrator account. + + Click: "Start", "Run" + Type: "mmc" + Click: "OK" + + A Microsoft Management Console should appear. + Click: File, "Add/Remove Snap-in...", "Add" + Double-Click: "Group Policy" + Click: "Finish", "Close" + Click: "OK" + + In the "Console Root" window: + Expand: "Local Computer Policy", "Computer Configuration", + "Administrative Templates", "System", "User Profiles" + Double-Click: "Do not check for user ownership of Roaming Profile + Folders" + Select: "Enabled" + Click: OK" + + Close the whole console. You do not need to save the settings (this + refers to the console settings rather than the policies you have + changed). + + Reboot. + + diff --git a/docs/textdocs/CreatingGroupProfilesInNT4.txt b/docs/textdocs/CreatingGroupProfilesInNT4.txt new file mode 100644 index 0000000000..666788643e --- /dev/null +++ b/docs/textdocs/CreatingGroupProfilesInNT4.txt @@ -0,0 +1,71 @@ +Unfortunately, the Resource Kit info is Win NT4/2K version specific. + +Here is a quick guide: + +1. On your NT4 Domain Controller, right click on 'My Computer', then +select the tab labelled 'User Profiles'. + +2. Select a user profile you want to migrate and click on it. + +Note: I am using the term "migrate" lossely. You can copy a profile to +create a group profile. You can give the user 'Everyone' rights to the +profile you copy this to. That is what you need to do, since your samba +domain is not a member of a trust relationship with your NT4 PDC. + +3. Click the 'Copy To' button. + +4. In the box labelled 'Copy Profile to' add your new path, eg: +c:\temp\foobar + +5. Click on the button labelled 'Change' in the "Permitted to use" box. + +6. Click on the group 'Everyone' and then click OK. This closes the +'chose user' box. + +7. Now click OK. + +Follow the above for every profile you need to migrate. + + +Side bar Notes: +--------------- +You should obtain the SID of your NT4 domain. You can use smbpasswd to do +this. Read the man page. + +With Samba-3.0.0 alpha code you can import all you NT4 domain accounts +using the net samsync method. This way you can retain your profile +settings as well as all your users. + +Also Note: +---------- +The above method can be used to create mandatory profiles also. To convert +a group profile into a mandatory profile simply locate the NTUser.DAT file +in the copied profile and rename it to NTUser.MAN. + + +Next Note: +---------- +The W2K professional resource kit has moveuser.exe: + +Description: + + moveuser.exe changes the security of a profile from one user to another. + This allows the account domain to change, and/or the user name to change. + + +Next Note: +---------- +You can identify the SID by using GetSID.exe from the Windows NT Server 4.0 +Resource Kit. + +Windows NT 4.0 stores the local profile information in the registry under +the following key: +HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList + +Under the ProfileList key, there will be subkeys named with the SIDs of the +users who have logged on to this computer. (To find the profile information +for the user whose locally cached profile you want to move, find the SID for +the user with the GetSID.exe utility.) Inside of the appropriate user's +subkey, you will see a string value named ProfileImagePath. + + -- cgit