Keith Lynn wrote:
What are the implications of locking the ntuser.dat file on the user's server profile? That is, if I make the ntuser.dat file read-only, what affects will that have on the client?
The follwoing is worth what you paid for it. Maybe.
The client machine will fuss when the user logs out, and complain that it cannot copy the profle back. Sometimes this means that other stuff in the profile directory won't get copied back too.
If you don't want the users to mess with the profile, then rename it from .dat to .man. This creates a mandatory profile. I think win clients know that this is not changeable and don't try. Users can make changes in the local copy, but they don't stick. This is usually more hassle than it's worth, as some programs use the registry to save state. (E.g. Nikon View saves the last open folder, and brings you back to that point on the next invocation.
A third way to do it is to let the users have their individual profiles initially, then run a script that copies a standard profile over the user profile every night. This has to be a profile usable by everyone, or has to be that user's profile from previously.
A fourth way to this is to make user that your netlogon share has the profile you want users to use, then just delete the ntuser.dat files every night. The client saves the file without a problem, but the next day, it's not there so the default user profile is loaded instead.
The best way, I think would be to script the editing of the user's ntuser.dat file to reset the keys that you want set. Probably can be done with policies too. I'm just learning about policies.
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
