On Tue, Feb 20, 2007 at 04:02:21PM +0000, Dave Ewart wrote: > This is what I *don't* have figured out. I basically need to find out > whether any of this is possible and, if so, whether it is possible using > my existing toolset: > > - Updating and managing settings that I originally set via > gpedit.msc on the reference PC: this is (2) above. I cannot > change these settings once I've deployed the PC live, whereas for > settings in (1) above, I can do this via the appropriate System > Policy change. (Basically, if I understand the Windows-terminology > correctly, I have instituted Local Group Policy rather than 'real' > Group Policy?)
If you're up for some lower level methods and roll-your-own type solutions, you may find the following helpful. I use this method to supplement the usual Active Directory Group Policies for cases where Group Policies don't work for one reason or another. For example, it can be used to apply user policies based on the machine that is logged into which can't normally be done. With a few exceptions, all Group Policies actually do are make specific, documented changes to the registry in either the HKEY_LOCAL_MACHINE (for computer/machine policies) or HKEY_CURRENT_USER (for user policies) registry hives. The documentation for all of the Group Policies is found in the C:\Windows\inf\*.adm files. Once you familiarize yourself with the file format you can find out exactly what registry values are set to enable certain Group Policies. After you determine what registry values need to be set you can deploy those changes using various methods: * Create a script (JavaScript, VBScript, Python if you have it installed on the PCs, etc.) that sets the appropriate values in the registry. When done in a script you have the flexibility to conditionally apply changes. * Create a REG file with the changes and then create a script that imports the registry file using reg.exe. For computer/machine policies, set the script to run when the computer boots up. For user policies, run the script during the login script so that it runs as the logged in user. It's not a point and click method like Active Directory Group Policies but it can be used to accomplish the same thing. Ed Plese -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba