I have a RedHat linux 9 install with the original Samba 2.2.7 (With latest security updates). We use a regular smbpasswd file to store the samba user accounts. their accounts are assigneed a specific password and should not be changed because a supervisor needs to regularly login as each person and check what documents are in the users home directory. Usually, when we deploy the Windows XP machines to thie users, we disable the change password functionality on the Ctrl-alt-delete screen to prevent them from doing just that. However, we have just noticed that I forgot to do that on out latest deployment (about 300 xp computers). Some of the users are changing their password without us knowing about it. I have to enable unix password sync in order for computers to be able to join the domain. Is there any way I can prevent the users from changing thier passwords?
I am already in the process of creating a new image with the correct config values but I would like to have a temporary solution in the meantime before everyone starts changing their password. I thought about using a windows nt .pol file but I have not found any utility that can create pol files but still use the windows xp sp2 adm templates.