From: John H Terpstra on
On 03/30/2010 08:54 AM, M. D. wrote:
> My goal is to have a business with multiple locations, all have the same
> desktop for a certain user group. The quick Launch programs, Start Menu
> and Desktop icons should all be the same, and be 'read only' -- meaning
> they can't change them.
> I'm using ClearOS for the PDC, and I have it working already as the PDC,
> but I'm not quite sure how to setup the remote profiles and lock it so
> end users cannot modify it, and how to have some users be able to log
> into that profile and do the changes that are needed.
> This is my first time working with a domain controller, so probably
> that's my shortcoming. I don't know exactly how/what a domain
> controller can do.
> Any help will be greatly appreciated.
> Regards,
> MD

Samba3 is fully capable of meeting your needs here but this is not in
principal a Samba issue. What is needed is a clear understanding of how
desktop profiles are used by MS Windows clients. It also requries an
understanding of how to use default network logon profiles, roaming
profiles, and how to make use of the NT4 policy editor.

Samba3 can emulate many ADS Group Policy effects, but it has to be
engineered through creative use of the network default login profile and
dynamic mapping inside Samba so that the user will obtain the right
group profile.

As for the mandatory aspect, that is done by renaming the NTUser.DAT
file in the profile to NTUser.MAN.

I have responded off-line to the poster with further information. Some
of the magic here is covered in chapter 5 of my book, Samba3-ByExample -

John T.
To unsubscribe from this list go to the following URL and read the