[Samba] policy files - Samba

This is a discussion on [Samba] policy files - Samba ; Hi, I think I have two questions - one which is samba and one which is windows policy files. I'll try to limit this question to the samba side but will give the full picture for completeness. I'm trying to ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: [Samba] policy files

  1. [Samba] policy files

    Hi,

    I think I have two questions - one which is samba and one which is windows
    policy files. I'll try to limit this question to the samba side but will
    give the full picture for completeness.

    I'm trying to implement a simple policy to redirect a few simple folders
    (for starters). I have a policy file called NTConfig.POL that is available
    on my share \\wilson\netlogon (wilson is the name of the server running
    samba). I'll append its contents at the end of this email in case that's
    where my problem lies (although that's a windows question, so I don't expect
    an answer here).

    I don't have anything that mentions the policy file in my samba config, but
    according to http://www.pcc-services.com/custom_poledit.html I don't need to
    (other than having NTConfig.POL readable at \\wilson\netlogon\NTPolicy.POL,
    which it is). I've seen lots of stuff that suggests I need special windows
    programs (that seem to only be available on NT or 2003) to edit these files,
    and then other pages (such as the link above) that say they are just text
    files.

    Is there a simple howto that I've missed on this? Thanks in advance for any
    tips.

    cheers
    dim



    CLASS USER

    CATEGORY "Custom Folder Redirection"
    KEYNAME "Software\Microsoft\Windows\CurrentVersion\Explorer \User
    Shell Folders"

    POLICY "Custom Internet Cookies Folder"
    PART "Path to User's Internet Cookies Folder"
    EDITTEXT REQUIRED EXPANDABLETEXT
    DEFAULT "Z:\Cookies"
    VALUENAME "Cookies"
    END PART
    END POLICY

    POLICY "Custom Internet Favorites Folder"
    PART "Path to User's Internet Favorites Folder"
    EDITTEXT REQUIRED EXPANDABLETEXT
    DEFAULT "Z:\Favorites"
    VALUENAME "Favorites"
    END PART
    END POLICY

    POLICY "Custom Internet History Folder"
    PART "Path to User's Internet History Folder"
    EDITTEXT REQUIRED EXPANDABLETEXT
    DEFAULT "Z:\History"
    VALUENAME "History"
    END PART
    END POLICY

    POLICY "Custom My Documents Folder"
    PART "Path to User's My Documents Folder"
    EDITTEXT REQUIRED EXPANDABLETEXT
    DEFAULT "Z:\Documents"
    VALUENAME "Personal"
    END PART
    END POLICY


    END CATEGORY ;Custom Folder Redirection
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] policy files

    This is a Windows issue, not a Samba issue.

    > I don't have anything that mentions the policy file in my samba config, but
    > according to http://www.pcc-services.com/custom_poledit.html I don't need to
    > (other than having NTConfig.POL readable at \\wilson\netlogon\NTPolicy.POL,
    > which it is). I've seen lots of stuff that suggests I need special windows
    > programs (that seem to only be available on NT or 2003) to edit these files,
    > and then other pages (such as the link above) that say they are just text
    > files.


    No, the ADM template files are text files. The policy file is not. You
    must have POLEDIT.EXE to edit the policy. It reads the ADM files,
    presents a UI, and produces the binary POL file.

    > Is there a simple howto that I've missed on this? Thanks in advance for any
    > tips.


    Yes, the Windows documentation. O'Reilly has a title: "Windows NT User
    Administration" you need a book like that. Most of the HOWTOs and what
    not on the Internet are confusing garbage, or at best only half
    complete, my advise is to skip them entirely.

    The *OFFICIAL* Samba documentation does cover this to some extend,
    beyond that get a book.

    http://us1.samba.org/samba/docs/man/...olicyMgmt.html

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  3. Re: [Samba] policy files

    Hi Adam,

    Thanks for your reply. A couple a questions inline:

    On 5/31/07, Adam Tauno Williams wrote:
    >
    > This is a Windows issue, not a Samba issue.



    All the information I've been able to find references windows tools - the
    part I'm missing is where the windows tools stop and Samba takes over. I
    hope you don't mind me clarifying a couple of things below.


    > > Is there a simple howto that I've missed on this? Thanks in advance for

    > any
    > > tips.

    >
    > Yes, the Windows documentation. O'Reilly has a title: "Windows NT User
    > Administration" you need a book like that. Most of the HOWTOs and what
    > not on the Internet are confusing garbage, or at best only half
    > complete, my advise is to skip them entirely.



    Thanks for the tip - I think half my problem is I'm not exactly sure what
    I'm looking for. I have Samba happily running as a Domain Controller and
    have the computers on the network in the domain. However, I don't have any
    windows servers, and hence don't have a Windows Active Directory on my
    network. All my searching for information regarding policies and so on
    aren't turning up much because they all seem to refer to AD. Can I ask if
    you (or anyone else) know if what I'm trying to do is possible using Samba
    on its own (and the GPO approach)? I'm assuming that I need to learn and
    understand firstly how to create my policy (thanks for the help on this) and
    how to distribute it. I'm hoping that the distribution is simply a matter
    of putting the appropriate file on a Samba share (once I know which share it
    is).

    Re the book, thanks - I've ordred a copy on amazon, unfortunately its not
    available on Safari.


    > The *OFFICIAL* Samba documentation does cover this to some extend,
    > beyond that get a book.
    >
    > http://us1.samba.org/samba/docs/man/...olicyMgmt.html



    I had read that, and thought I was doing the right thing (although missing
    the link between POL and ADM files). Not sure how I'm going to get my hands
    on poledit.exe which I figure is my next step.

    Thanks again for your help.

    cheers,
    dim
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  4. Re: [Samba] policy files

    Hi Dimitri,

    > I think I have two questions - one which is samba and one which is windows
    > policy files. I'll try to limit this question to the samba side but will
    > give the full picture for completeness.
    >
    > I'm trying to implement a simple policy to redirect a few simple folders
    > (for starters). I have a policy file called NTConfig.POL that is available
    > on my share \\wilson\netlogon (wilson is the name of the server running
    > samba). I'll append its contents at the end of this email in case that's
    > where my problem lies (although that's a windows question, so I don't
    > expect
    > an answer here).


    folder redirection can be performed quite easily with a .reg file loaded
    throught the logon script (like explained in
    http://isg.ee.ethz.ch/tools/realmen/det/skel.en.html)

    a reg file like below should do it

    ========
    ��Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\User
    Shell
    Folders]
    "Desktop"="U:\.desktop"
    "Personal"="U:"
    "My Pictures"="U:"
    "My Music"="U:"
    "My Video"="U:"
    ========

    Actually you can do quite a lot of things in logon script, as long as
    they can be launch with plain user rights. I advise you to use .vbs
    scripts, they are much more powerful than .bat scripts.

    cheers,

    Denis


    >
    > I don't have anything that mentions the policy file in my samba config, but
    > according to http://www.pcc-services.com/custom_poledit.html I don't
    > need to
    > (other than having NTConfig.POL readable at \\wilson\netlogon\NTPolicy.POL,
    > which it is). I've seen lots of stuff that suggests I need special windows
    > programs (that seem to only be available on NT or 2003) to edit these
    > files,
    > and then other pages (such as the link above) that say they are just text
    > files.
    >
    > Is there a simple howto that I've missed on this? Thanks in advance for
    > any
    > tips.
    >
    > cheers
    > dim
    >
    >
    >
    > CLASS USER
    >
    > CATEGORY "Custom Folder Redirection"
    > KEYNAME "Software\Microsoft\Windows\CurrentVersion\Explorer \User
    > Shell Folders"
    >
    > POLICY "Custom Internet Cookies Folder"
    > PART "Path to User's Internet Cookies Folder"
    > EDITTEXT REQUIRED EXPANDABLETEXT
    > DEFAULT "Z:\Cookies"
    > VALUENAME "Cookies"
    > END PART
    > END POLICY
    >
    > POLICY "Custom Internet Favorites Folder"
    > PART "Path to User's Internet Favorites Folder"
    > EDITTEXT REQUIRED EXPANDABLETEXT
    > DEFAULT "Z:\Favorites"
    > VALUENAME "Favorites"
    > END PART
    > END POLICY
    >
    > POLICY "Custom Internet History Folder"
    > PART "Path to User's Internet History Folder"
    > EDITTEXT REQUIRED EXPANDABLETEXT
    > DEFAULT "Z:\History"
    > VALUENAME "History"
    > END PART
    > END POLICY
    >
    > POLICY "Custom My Documents Folder"
    > PART "Path to User's My Documents Folder"
    > EDITTEXT REQUIRED EXPANDABLETEXT
    > DEFAULT "Z:\Documents"
    > VALUENAME "Personal"
    > END PART
    > END POLICY
    >
    >
    > END CATEGORY ;Custom Folder Redirection



    --
    Denis Cardon
    Tranquil IT Systems
    10 rue du Docteur Bouchard
    49400 Saumur
    tel : +33 (0) 2.41.67.56.99
    http://www.tranquil-it-systems.fr

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  5. Re: [Samba] policy files

    > All the information I've been able to find references windows tools

    Of course.

    > - the
    > part I'm missing is where the windows tools stop and Samba takes over



    It doesn't, at all. NT4 domain policies require no action from the PDC
    at all. It is just a file loaded by the client from a specific place
    and applied as a mask to the registry. Samba does nothing and knows
    nothing.

    > Thanks for the tip - I think half my problem is I'm not exactly sure what
    > I'm looking for.


    ADM files and POLEDIT.EXE

    > I have Samba happily running as a Domain Controller and
    > have the computers on the network in the domain. However, I don't have any
    > windows servers, and hence don't have a Windows Active Directory on my
    > network.


    It has nothing to do with AD.

    > All my searching for information regarding policies and so on
    > aren't turning up much because they all seem to refer to AD.


    You are seeing documentation on GPOs / Group Policies. You want NT4
    Domain Policies. You need to look at *OLD* Windows documentation. If
    it doesn't mention NT4, or it mentions AD, ignore it.

    > you (or anyone else) know if what I'm trying to do is possible using Samba
    > on its own (and the GPO approach)?


    No, Samba 3.x cannot use GPOs.

    > I'm assuming that I need to learn and
    > understand firstly how to create my policy (thanks for the help on this) and
    > how to distribute it.


    Putting in \\{server}\netlogon distributes is.

    > I'm hoping that the distribution is simply a matter
    > of putting the appropriate file on a Samba share (once I know which share it
    > is).


    Yep.

    > Re the book, thanks - I've ordred a copy on amazon, unfortunately its not
    > available on Safari.
    > > The *OFFICIAL* Samba documentation does cover this to some extend,
    > > beyond that get a book.
    > > http://us1.samba.org/samba/docs/man/...olicyMgmt.html

    > I had read that, and thought I was doing the right thing (although missing
    > the link between POL and ADM files). Not sure how I'm going to get my hands
    > on poledit.exe which I figure is my next step.


    You have to find a copy of POLEDIT.EXE, or dig a copy of an older
    Windows CD.

    --
    Adam Tauno Williams, Network & Systems Administrator
    Consultant - http://www.whitemiceconsulting.com
    Developer - http://www.opengroupware.org

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  6. Re: [Samba] policy files

    Hi again,

    On 6/1/07, Adam Tauno Williams wrote:
    >
    > You are seeing documentation on GPOs / Group Policies. You want NT4
    > Domain Policies. You need to look at *OLD* Windows documentation. If
    > it doesn't mention NT4, or it mentions AD, ignore it.



    Ahhhh... now that, makes sense. Thanks a heap.

    > you (or anyone else) know if what I'm trying to do is possible using Samba
    > > on its own (and the GPO approach)?

    >
    > No, Samba 3.x cannot use GPOs.



    Right.... so that's why asking my windows mates for help has done nothing
    but confuse me!

    Thanks again - that makes a heap of sense, I feel like I have a much better
    idea of what I'm after now.

    cheers,
    dim
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  7. Re: [Samba] policy files

    Hi again,

    I've now got this all working, and thought I'd outline what I did for
    others:

    On 6/1/07, Adam Tauno Williams wrote:
    >
    > > Thanks for the tip - I think half my problem is I'm not exactly sure

    > what
    > > I'm looking for.

    >
    > ADM files and POLEDIT.EXE



    With that piece of information I found http://www.zisman.ca/poledit/ where I
    downloaded poledit from. When you run it on an XP machine it complains that
    it cant find files in c:\windows\inf - this makes perfect sense as they
    don't exist. Ignore those errors and in the Options menu select Policy
    template. From there remove the missing policy files, and open the one you
    want (I used custom.adm from http://www.pcc-services.com/custom_poledit.html.
    >From there its simply a matter of File -> New Policy. Double-click on

    Default User and modify the policy as you want. Then File -> Save as
    \\sambaserver\netlogon\ntconfig.pol and it will be used when you logon.

    I hope this is useful for someone else as well. Thanks a heap to Adam for
    pointing out where I was going wrong, and for putting up with my windows
    questions on the samba list.

    cheers,
    dim
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread