Implementing User & Computer Policies with Samba
Template Updated: 24 Oct 2005 - Mostly bugfixes and added remote desktop policy
System Policy Guides
- Implementing System Policies - Basically a step by step guide to creating and properly implementing System Policies.
- Creating Custom Templates - Shows you how you can extend System Policy Editor by creating your own Templates.
Custom Template Files
- Custom.adm - The main template file I maintain, most policies I create end up in this file.
- Keyboard.adm - Policy I created for someone in Germany to set the default keyboard to be German. This should be easy to extend for other keyboard layouts once you know the keyboard code.
- PointandPrint.adm - Policy created by Ivo van Geel to allow the possibility to disable the "Point and Print" Restrictions introduced with Windows XP SP1 - see MS KB Article 319939.
Policy Worksheets
- Microsoft's Default CPU Policy Worksheet - Use this to document any Computer Policies included with the default SPE templates.
- Microsoft's Default USER Policy Worksheet - Use this to document any User Policies included with the default SPE templates.
- My Custom.adm CPU Policy Worksheet - Use this to document any Computer Policies you implement using my Custom.adm Template.
- My Custom.adm USER Poliy Worksheet - Use this to document any User Policies you implement using my Custom.adm Template.
Creating a NETLOGON Share using Samba
To create a NETLOGON Share on a Samba Domain Controller, simply create a directory on your server, such as /srv/samba/netlogon, change the permissions so that everyone has read-only rights (chmod o-wx or chmod o+r) then add the following to your shares section of your smb.conf file.
[netlogon] comment = Network Logon Service path = /srv/samba/netlogon guest ok = Yes browseable = No
Now just add the NTConfig.POL file to the share, and possibly a logon script. Also ensure that everyone has read access to the files you put in the share.
If you find any errors on these pages, or have found some interesting registry settings that would benefit this custom policy, you can email me at mgpeter@pcc-services.com.
