Implementing User & Computer Policies with Samba

Template Updated: 24 Oct 2005 - Mostly bugfixes and added remote desktop policy

System Policy Guides

Custom Template Files

  • Custom.adm - The main template file I maintain, most policies I create end up in this file.
  • Keyboard.adm - Policy I created for someone in Germany to set the default keyboard to be German. This should be easy to extend for other keyboard layouts once you know the keyboard code.
  • PointandPrint.adm - Policy created by Ivo van Geel to allow the possibility to disable the "Point and Print" Restrictions introduced with Windows XP SP1 - see MS KB Article 319939.

Policy Worksheets

Creating a NETLOGON Share using Samba

To create a NETLOGON Share on a Samba Domain Controller, simply create a directory on your server, such as /srv/samba/netlogon, change the permissions so that everyone has read-only rights (chmod o-wx or chmod o+r) then add the following to your shares section of your smb.conf file.

[netlogon]
comment = Network Logon Service
path = /srv/samba/netlogon
guest ok = Yes
browseable = No

Now just add the NTConfig.POL file to the share, and possibly a logon script. Also ensure that everyone has read access to the files you put in the share.


If you find any errors on these pages, or have found some interesting registry settings that would benefit this custom policy, you can email me at mpetersen71@gmail.com.