Just make sure that "profile acls = yes" is set in your smb.conf and all
the other smb.conf settings for roaming profiles are correct.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
*Jason Baker
*/IT Coordinator/
*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE- Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h---
r+++ y+++
------END GEEK CODE BLOCK------
Consider the following scenario: user Fred Flintstone has a local
account FRED on the Windows XP Professional worstation FREDSCOMPUTER.
You have already joined FREDSCOMPUTER to the BEDROCK domain, and Fred
has been given an account in the BEDROCK domain called FFLINTSTONE
(note, I'm using caps so it's easy to read in my example).
1. Log into FREDSCOMPUTER with admin rights, but not as FRED. Use
NTBACKUP (the built-in backup utility), make a backup of
"Documents and Settings\Fred" (or wherever his local-account
profile happens to be stored). This is for bone-headed admins like
me who will probably screw something up. NTBACKUP is suggested
because it's fairly easy to used (read: quick) and will preserve
permissions.
2. Assign permissions (recursively) to "Documents and Settings\Fred"
that allow BEDROCK\FFLINTSTONE full access.
3. Load the registry hive "Documents and Settings\Fred\NTUSER.DAT"
and assign permissions similarly. (I typically use REGEDIT, or
REGEDT32 on Windows 2000 and earlier.)
4. Unload the reigstry hive or reboot the computer.
5. Log in as BEDROCK\FFLINTSTONE. This will create a new profile for
Fred; make a note of the path where the profile is stored. This
profile folder will be deleted shortly, but this step is necessary
to create a registry key. Log out, and log back in as a local admin.
6. Open the registry key HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList. Under here you will see numerous
keys named by the SIDs of users who have logged in. One of these
will correspond with the BEDROCK\FFLINTSTONE account. Since you
are using Samba, you can (rather conveniently, I might add) use
pdbedit -L -v fflintstone to find out the SID. Otherwise, you can
look thru until you find the one for which the ProfileImagePath
value corresponds with the path noted in step 5, above. Modify the
value for ProfileImagePath to correspond to the path to FRED's
profile that you backed up in step 1.
7. Delete the profile folder noted in step 5. You won't be needing it
anymore.
8. Log in as BEDROCK\FFLINTSTONE and you should be logged into the
domain, but still using FRED's old profile.
Now here's how I would handle it if the domain profile was a roaming
profile: temporarily disable the roaming profile configuration for
BEDROCK\FFLINTSTONE before doing the above. After doing the above steps,
convert the "domain local" profile to a "domain roaming" profile.
-Jonathan Johnson
Sutinen Consulting, Inc.
www.sutinen.com
I've done exactly that many times...
The critical step is to make sure that you assign the correct user
permission to use the profile under 'Permitted to use'.
Works like a charm, but not a good option for migrating a lot of users,
obviously.
--
Best regards,
Charles
Just fyi - there is a simpler way, much less error prone...
Jonathan Johnson wrote:
> OK, I haven't done this with ROAMING profiles, but I've done it so many
> times with locally-stored profiles I think I can do it in my sleep. (The
> following is not written for the novice user.)
>
> Consider the following scenario: user Fred Flintstone has a local
> account FRED on the Windows XP Professional worstation FREDSCOMPUTER.
> You have already joined FREDSCOMPUTER to the BEDROCK domain, and Fred
> has been given an account in the BEDROCK domain called FFLINTSTONE
> (note, I'm using caps so it's easy to read in my example).
>
> 1. Log into FREDSCOMPUTER with admin rights, but not as FRED.
2. Right-click on 'My Computer' - click the 'Advanced' Tab.
3. Click the 'Settings' button under 'User Profiles'.
4. Select the profile you want to move, click on 'Copy To'.
5. Click the 'Browse' button, navigate to the profile directory where
the profile is to be stored.
6. Click the 'Change' button under 'Permitted to use' - assign the
domain user the rights to this profile.
7. Click 'OK'.
8. Log off the local computer.
9. Done.
Assuming the domain user is already defined as a roaming profile, and
the directory where you just copied the profile is the correct
directory, then the next time FFLINTSTONE logs in, he will automatically
use the new profile.
Caveat: If the profile will only be a local profile, then you will need
to log in once as FFLINTSTONE first, to create the profile directory
that the old profile will be copied to. You can create it manually, but
to make sure the perms get set correctly, it is best to let the system
do it for you.
--
Best regards,
Charles