[Lias] XP Pro Clients on Samba PDC
Phil Scarratt
lias at draxsen.com
Tue Nov 26 09:04:01 UTC 2002
Some information I found in the UNofficial Samba HowTo
(http://hr.uoregon.edu/davidrl/samba.html) on XP Pro clients.
Extract from there follows:
############## EXTRACT ##############
Windows XP Clients
To force Windows XP Professional clients to accept Samba as a PDC, use the
built-in XP Group Policy editor (gpedit.msc) and locate the Computer
Configuration\Windows Settings\Security Settings\Local Policies\Security Options
branch. Make sure to disable the following policies:
Domain Member: Digitally encrypt or sign secure channel data (always)
Domain Member: Digitally sign secure channel data (when possible)
Alternately, you can make the following change to the registry:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"requiresignorseal"=dword:00000000
"signsecurechannel"=dword:00000000
To disable annoying Event Viewer notifications about "Automatic certificate
enrollment for local system failed to contact the active directory" every eight
hours, locate the Computer Configuration\Windows Settings\Security
Settings\Public Key Policies branch and select "Do not enroll certificates
automatically" under Autoenrollment Settings. Note that this policy won't be
available until after the XP machine has joined the domain.
If you'd like to use Roaming Profiles with Windows XP clients that have Service
Pack 1 or later installed, use the built-in XP Group Policy editor (gpedit.msc)
and locate the Computer Configuration\Administrative Templates\System\User
Profiles branch. This is described in Microsoft's Technet Q327462. Make sure to
enable the following policy:
Do not check for user ownership of Roaming Profile Folders
Alternately, you can make the following change to the registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"CompatibleRUPSecurity"=dword:00000001
Alternately as well, you can make the following addition to your smb.conf file:
[profile]
profile acls = yes
Windows XP Home Edition does not support logging into a Primary Domain
Controller, so you'll have to use Windows XP Professional instead.
############## END EXTRACT ##############
--
Phil Scarratt
IT Consultant
0403 531 271
More information about the lias
mailing list