Samba 3 and Windows Vista Clients
- Overview of Windows Vista's Changes
- Working with User Profiles & Folder Redirection
- Working Around the Lack of System Policies
- Making Vista not Suck (as a Workstation)
- An Example Samba-Vista Deployment
Working Around the Lack of System Policies
One of the biggest "shocks" that many Samba Administrators ran into when implementing Vista Workstations is the fact that Vista no longer applies any System Policies created using the System Policy Editor. Using older versions of Windows (XP and before), it is relatively simple to force various settings across your network workstations using System Policies (this is very useful in fixing the idiotic default settings imposed on the User by Microsoft).
Since Samba version 3.x cannot implement Group Policies (version 4 will), a huge tool in maintaining your networked computers (System Policy Editor) is no longer available. We Samba Administrators must look into using something else to force the various Policies (which are basically Registry Keys) that are necessary for your enviornment.
Local Group Policies
System Policy Editor's replacement is Microsoft Group Policy Editor and all Windows Vista Business Workstations has the ability to edit it's local Group Policy Settings. To open the local Group Policy Editor on Vista Machines, simply open a command prompt and execute "gpedit".
Later in this guide I cover quite a few Policies that may be beneficial to you, I won't go into how to use this tool, but there is a few things you should know.
* You cannot implement different "Groups" using Local Group Policies, it is an all or nothing setting in regards to the User. This means that more than likely you won't be able to "restrcit" certain aspects of Vista because it would be applied to every User who logs into the machine.
* Local Group Policies are stored in "not so simple" text files within the C:\Windows\System32\GroupPolicy folder. You can re-implement the same policies onto other workstations by copying these files to the new workstaion. However, there are various permissions that these files need, so I highly recommend that you simply "zip" the C:\Windows\System32\GroupPolicy folder, then unzip it onto other workstations.
Note: The C:\Windows\System32\GroupPolicy folder is a hidden system folder, you must adjust some preferences within Explorer to see it.
Implementing Scripts
Since System & Group Policies are simply Registry Settings, many may be wondering if you can attain the same functionality with advanced logon scripts. There are a few problems with this:
* To adjust/add policy keys within the registry you must be a local Administrator. Computer policies must be written to the HKLM tree, User policies are usually within a "Policy" subkey which is not writable by normal users.
* You cannot apply any "User" policy keys using another username. These Policy Keys are under HKEY Current User, which changes when another User logs in.
So, unless every user on your network is an Administrator (not a good idea), you cannot realistically only utilize Logon Scripts to adjust most settings.
A Possible Solution
What I have done to address this problem on my networks is to utilize a variety of different solutions, each with it's own purpose. However, I may be getting ahead of myself. First we must look at what probably needs to be changed to Vista in order for it to work within your enviornment.
