Under NT/2K the use of mandotory profiles forces the use of MS Exchange
storage of mail data. That keeps desktop profiles usable.
+
+Note:
+-----
+ Date: Tue, 19 Nov 2002 08:32:17 -0000
+ From: John Russell <apca72@dsl.pipex.com>
+ Reply-To: John Russell <j.c.russell@sussex.ac.uk>
+ To: samba@lists.samba.org
+ Subject: Re: [Samba] Samba and Windows XP
+
+ [ The following text is in the "iso-8859-1" character set. ]
+ [ Your display is set for the "US-ASCII" character set. ]
+ [ Some characters may be displayed incorrectly. ]
+
+ this is a security check new to Windows XP (or maybe only
+ Windows XP service pack 1). It can be disabled via a group policy in
+ Active Directory. The policy is:
+
+ "Computer Configuration\Administrative Templates\System\User
+ Profiles\Do not check for user ownership of Roaming Profile Folders"
+
+ ...and it should be set to "Enabled".
+
+ Does the new version of samba have an Active Directory analogue? If so,
+ then you may be able to set the policy through this.
+
+ If you cannot set group policies in samba, then you may be able to set
+ the policy locally on each machine. If you want to try this, then do
+ the following (N.B. I don't know for sure that this will work in the
+ same way as a domain group policy):
+
+ On the XP workstation log in with an Administrator account.
+
+ Click: "Start", "Run"
+ Type: "mmc"
+ Click: "OK"
+
+ A Microsoft Management Console should appear.
+ Click: File, "Add/Remove Snap-in...", "Add"
+ Double-Click: "Group Policy"
+ Click: "Finish", "Close"
+ Click: "OK"
+
+ In the "Console Root" window:
+ Expand: "Local Computer Policy", "Computer Configuration",
+ "Administrative Templates", "System", "User Profiles"
+ Double-Click: "Do not check for user ownership of Roaming Profile
+ Folders"
+ Select: "Enabled"
+ Click: OK"
+
+ Close the whole console. You do not need to save the settings (this
+ refers to the console settings rather than the policies you have
+ changed).
+
+ Reboot.
+
+
--- /dev/null
+Unfortunately, the Resource Kit info is Win NT4/2K version specific.
+
+Here is a quick guide:
+
+1. On your NT4 Domain Controller, right click on 'My Computer', then
+select the tab labelled 'User Profiles'.
+
+2. Select a user profile you want to migrate and click on it.
+
+Note: I am using the term "migrate" lossely. You can copy a profile to
+create a group profile. You can give the user 'Everyone' rights to the
+profile you copy this to. That is what you need to do, since your samba
+domain is not a member of a trust relationship with your NT4 PDC.
+
+3. Click the 'Copy To' button.
+
+4. In the box labelled 'Copy Profile to' add your new path, eg:
+c:\temp\foobar
+
+5. Click on the button labelled 'Change' in the "Permitted to use" box.
+
+6. Click on the group 'Everyone' and then click OK. This closes the
+'chose user' box.
+
+7. Now click OK.
+
+Follow the above for every profile you need to migrate.
+
+
+Side bar Notes:
+---------------
+You should obtain the SID of your NT4 domain. You can use smbpasswd to do
+this. Read the man page.
+
+With Samba-3.0.0 alpha code you can import all you NT4 domain accounts
+using the net samsync method. This way you can retain your profile
+settings as well as all your users.
+
+Also Note:
+----------
+The above method can be used to create mandatory profiles also. To convert
+a group profile into a mandatory profile simply locate the NTUser.DAT file
+in the copied profile and rename it to NTUser.MAN.
+
+
+Next Note:
+----------
+The W2K professional resource kit has moveuser.exe:
+
+Description:
+
+ moveuser.exe changes the security of a profile from one user to another.
+ This allows the account domain to change, and/or the user name to change.
+
+
+Next Note:
+----------
+You can identify the SID by using GetSID.exe from the Windows NT Server 4.0
+Resource Kit.
+
+Windows NT 4.0 stores the local profile information in the registry under
+the following key:
+HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
+
+Under the ProfileList key, there will be subkeys named with the SIDs of the
+users who have logged on to this computer. (To find the profile information
+for the user whose locally cached profile you want to move, find the SID for
+the user with the GetSID.exe utility.) Inside of the appropriate user's
+subkey, you will see a string value named ProfileImagePath.
+
+
git.samba.org / kai / samba.git / commitdiff