Re: [Samba] policy files
Hi Adam, Thanks for your reply. A couple a questions inline: On 5/31/07, Adam Tauno Williams [EMAIL PROTECTED] wrote: This is a Windows issue, not a Samba issue. All the information I've been able to find references windows tools - the part I'm missing is where the windows tools stop and Samba takes over. I hope you don't mind me clarifying a couple of things below. Is there a simple howto that I've missed on this? Thanks in advance for any tips. Yes, the Windows documentation. O'Reilly has a title: Windows NT User Administration you need a book like that. Most of the HOWTOs and what not on the Internet are confusing garbage, or at best only half complete, my advise is to skip them entirely. Thanks for the tip - I think half my problem is I'm not exactly sure what I'm looking for. I have Samba happily running as a Domain Controller and have the computers on the network in the domain. However, I don't have any windows servers, and hence don't have a Windows Active Directory on my network. All my searching for information regarding policies and so on aren't turning up much because they all seem to refer to AD. Can I ask if you (or anyone else) know if what I'm trying to do is possible using Samba on its own (and the GPO approach)? I'm assuming that I need to learn and understand firstly how to create my policy (thanks for the help on this) and how to distribute it. I'm hoping that the distribution is simply a matter of putting the appropriate file on a Samba share (once I know which share it is). Re the book, thanks - I've ordred a copy on amazon, unfortunately its not available on Safari. The *OFFICIAL* Samba documentation does cover this to some extend, beyond that get a book. http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/PolicyMgmt.html I had read that, and thought I was doing the right thing (although missing the link between POL and ADM files). Not sure how I'm going to get my hands on poledit.exe which I figure is my next step. Thanks again for your help. cheers, dim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] policy files
Hi Dimitri, I think I have two questions - one which is samba and one which is windows policy files. I'll try to limit this question to the samba side but will give the full picture for completeness. I'm trying to implement a simple policy to redirect a few simple folders (for starters). I have a policy file called NTConfig.POL that is available on my share \\wilson\netlogon (wilson is the name of the server running samba). I'll append its contents at the end of this email in case that's where my problem lies (although that's a windows question, so I don't expect an answer here). folder redirection can be performed quite easily with a .reg file loaded throught the logon script (like explained in http://isg.ee.ethz.ch/tools/realmen/det/skel.en.html) a reg file like below should do it ��Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] Desktop=U:\.desktop Personal=U: My Pictures=U: My Music=U: My Video=U: Actually you can do quite a lot of things in logon script, as long as they can be launch with plain user rights. I advise you to use .vbs scripts, they are much more powerful than .bat scripts. cheers, Denis I don't have anything that mentions the policy file in my samba config, but according to http://www.pcc-services.com/custom_poledit.html I don't need to (other than having NTConfig.POL readable at \\wilson\netlogon\NTPolicy.POL, which it is). I've seen lots of stuff that suggests I need special windows programs (that seem to only be available on NT or 2003) to edit these files, and then other pages (such as the link above) that say they are just text files. Is there a simple howto that I've missed on this? Thanks in advance for any tips. cheers dim CLASS USER CATEGORY Custom Folder Redirection KEYNAME Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders POLICY Custom Internet Cookies Folder PART Path to User's Internet Cookies Folder EDITTEXTREQUIREDEXPANDABLETEXT DEFAULT Z:\Cookies VALUENAME Cookies END PART END POLICY POLICY Custom Internet Favorites Folder PART Path to User's Internet Favorites Folder EDITTEXTREQUIREDEXPANDABLETEXT DEFAULT Z:\Favorites VALUENAME Favorites END PART END POLICY POLICY Custom Internet History Folder PART Path to User's Internet History Folder EDITTEXTREQUIREDEXPANDABLETEXT DEFAULT Z:\History VALUENAME History END PART END POLICY POLICY Custom My Documents Folder PART Path to User's My Documents Folder EDITTEXTREQUIREDEXPANDABLETEXT DEFAULT Z:\Documents VALUENAME Personal END PART END POLICY END CATEGORY ;Custom Folder Redirection -- Denis Cardon Tranquil IT Systems 10 rue du Docteur Bouchard 49400 Saumur tel : +33 (0) 2.41.67.56.99 http://www.tranquil-it-systems.fr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] policy files
All the information I've been able to find references windows tools
Of course.
- the
part I'm missing is where the windows tools stop and Samba takes over
It doesn't, at all. NT4 domain policies require no action from the PDC
at all. It is just a file loaded by the client from a specific place
and applied as a mask to the registry. Samba does nothing and knows
nothing.
Thanks for the tip - I think half my problem is I'm not exactly sure what
I'm looking for.
ADM files and POLEDIT.EXE
I have Samba happily running as a Domain Controller and
have the computers on the network in the domain. However, I don't have any
windows servers, and hence don't have a Windows Active Directory on my
network.
It has nothing to do with AD.
All my searching for information regarding policies and so on
aren't turning up much because they all seem to refer to AD.
You are seeing documentation on GPOs / Group Policies. You want NT4
Domain Policies. You need to look at *OLD* Windows documentation. If
it doesn't mention NT4, or it mentions AD, ignore it.
you (or anyone else) know if what I'm trying to do is possible using Samba
on its own (and the GPO approach)?
No, Samba 3.x cannot use GPOs.
I'm assuming that I need to learn and
understand firstly how to create my policy (thanks for the help on this) and
how to distribute it.
Putting in \\{server}\netlogon distributes is.
I'm hoping that the distribution is simply a matter
of putting the appropriate file on a Samba share (once I know which share it
is).
Yep.
Re the book, thanks - I've ordred a copy on amazon, unfortunately its not
available on Safari.
The *OFFICIAL* Samba documentation does cover this to some extend,
beyond that get a book.
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/PolicyMgmt.html
I had read that, and thought I was doing the right thing (although missing
the link between POL and ADM files). Not sure how I'm going to get my hands
on poledit.exe which I figure is my next step.
You have to find a copy of POLEDIT.EXE, or dig a copy of an older
Windows CD.
--
Adam Tauno Williams, Network Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] policy files
Hi again, On 6/1/07, Adam Tauno Williams [EMAIL PROTECTED] wrote: You are seeing documentation on GPOs / Group Policies. You want NT4 Domain Policies. You need to look at *OLD* Windows documentation. If it doesn't mention NT4, or it mentions AD, ignore it. A... now that, makes sense. Thanks a heap. you (or anyone else) know if what I'm trying to do is possible using Samba on its own (and the GPO approach)? No, Samba 3.x cannot use GPOs. Right so that's why asking my windows mates for help has done nothing but confuse me! Thanks again - that makes a heap of sense, I feel like I have a much better idea of what I'm after now. cheers, dim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] policy files
Hi again, I've now got this all working, and thought I'd outline what I did for others: On 6/1/07, Adam Tauno Williams [EMAIL PROTECTED] wrote: Thanks for the tip - I think half my problem is I'm not exactly sure what I'm looking for. ADM files and POLEDIT.EXE With that piece of information I found http://www.zisman.ca/poledit/ where I downloaded poledit from. When you run it on an XP machine it complains that it cant find files in c:\windows\inf - this makes perfect sense as they don't exist. Ignore those errors and in the Options menu select Policy template. From there remove the missing policy files, and open the one you want (I used custom.adm from http://www.pcc-services.com/custom_poledit.html. From there its simply a matter of File - New Policy. Double-click on Default User and modify the policy as you want. Then File - Save as \\sambaserver\netlogon\ntconfig.pol and it will be used when you logon. I hope this is useful for someone else as well. Thanks a heap to Adam for pointing out where I was going wrong, and for putting up with my windows questions on the samba list. cheers, dim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] policy files
Hi, I think I have two questions - one which is samba and one which is windows policy files. I'll try to limit this question to the samba side but will give the full picture for completeness. I'm trying to implement a simple policy to redirect a few simple folders (for starters). I have a policy file called NTConfig.POL that is available on my share \\wilson\netlogon (wilson is the name of the server running samba). I'll append its contents at the end of this email in case that's where my problem lies (although that's a windows question, so I don't expect an answer here). I don't have anything that mentions the policy file in my samba config, but according to http://www.pcc-services.com/custom_poledit.html I don't need to (other than having NTConfig.POL readable at \\wilson\netlogon\NTPolicy.POL, which it is). I've seen lots of stuff that suggests I need special windows programs (that seem to only be available on NT or 2003) to edit these files, and then other pages (such as the link above) that say they are just text files. Is there a simple howto that I've missed on this? Thanks in advance for any tips. cheers dim CLASS USER CATEGORY Custom Folder Redirection KEYNAME Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders POLICY Custom Internet Cookies Folder PART Path to User's Internet Cookies Folder EDITTEXTREQUIREDEXPANDABLETEXT DEFAULT Z:\Cookies VALUENAME Cookies END PART END POLICY POLICY Custom Internet Favorites Folder PART Path to User's Internet Favorites Folder EDITTEXTREQUIREDEXPANDABLETEXT DEFAULT Z:\Favorites VALUENAME Favorites END PART END POLICY POLICY Custom Internet History Folder PART Path to User's Internet History Folder EDITTEXTREQUIREDEXPANDABLETEXT DEFAULT Z:\History VALUENAME History END PART END POLICY POLICY Custom My Documents Folder PART Path to User's My Documents Folder EDITTEXTREQUIREDEXPANDABLETEXT DEFAULT Z:\Documents VALUENAME Personal END PART END POLICY END CATEGORY ;Custom Folder Redirection -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] policy files
This is a Windows issue, not a Samba issue. I don't have anything that mentions the policy file in my samba config, but according to http://www.pcc-services.com/custom_poledit.html I don't need to (other than having NTConfig.POL readable at \\wilson\netlogon\NTPolicy.POL, which it is). I've seen lots of stuff that suggests I need special windows programs (that seem to only be available on NT or 2003) to edit these files, and then other pages (such as the link above) that say they are just text files. No, the ADM template files are text files. The policy file is not. You must have POLEDIT.EXE to edit the policy. It reads the ADM files, presents a UI, and produces the binary POL file. Is there a simple howto that I've missed on this? Thanks in advance for any tips. Yes, the Windows documentation. O'Reilly has a title: Windows NT User Administration you need a book like that. Most of the HOWTOs and what not on the Internet are confusing garbage, or at best only half complete, my advise is to skip them entirely. The *OFFICIAL* Samba documentation does cover this to some extend, beyond that get a book. http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/PolicyMgmt.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
