[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Disabling samba password changes

Posted on 2009-02-19
7
Medium Priority
?
356 Views
Last Modified: 2013-12-06
I have a RedHat linux 9 install with the original Samba 2.2.7 (With latest security updates). We use a regular smbpasswd file to store the samba user accounts. their accounts are assigneed a specific password and should not be changed because a supervisor needs to regularly login as each person and check what documents are in the users home directory. Usually, when we deploy the Windows XP machines to thie users, we disable the change password functionality on the Ctrl-alt-delete screen to prevent them from doing just that. However, we have just noticed that I forgot to do that on out latest deployment (about 300 xp computers). Some of the users are changing their password without us knowing about it. I have to enable unix password sync in order for computers to be able to join the domain. Is there any way I can prevent the users from changing thier passwords?

I am already in the process of creating a new image with the correct config values but I would like to have a temporary solution in the meantime before everyone starts changing their password. I thought about using a windows nt .pol file but I have not found any utility that can create pol files but still use the windows xp sp2 adm templates.
0
Comment
Question by:jpwallen
  • 4
  • 3
7 Comments
 
LVL 66

Expert Comment

by:johnb6767
ID: 23689078
Disable the Change Password Button (Windows NT/2000)
http://www.pctools.com/guides/registry/detail/265/

Can deploy it using PSEXEC......

PsExec
http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
0
 
LVL 1

Author Comment

by:jpwallen
ID: 23692282
Unfortunately, Windows will only accept that registry on a per user profile basis. I would have no way of mounting each users individual profile and making the change to the registry from there.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 23692982
Should work for HKLM as well, in which case it will work in this deployment method....

If your situation must use HKCU, then you could still use psexec to deploy a script to each machine with a single command, and copy the .reg commands to each pc's local startup.....
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:jpwallen
ID: 23693543
I tried that but it does not work because startup scripts only run when the machine is first started. When the machine is started you don't have access to a users registry hive because now one has logged in yet.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 23695630
Put in thier startup folder. Each user has FULL CONTROL over thier CU hive.....
0
 
LVL 1

Accepted Solution

by:
jpwallen earned 0 total points
ID: 23712161
WOW, I would sure hope they don't have control over the policies key. If a user has control over their HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System registry entry then they can essentially disable any group policies that are in it. Check this for yourself in a user (not an administrator) account, you should see that you have read only permissions to that part of the key.

I was able to create a Ntconfig.pol file and have the machines load that as an old-style NT policy implementation. Seems to work good, but later I will re-image the machines with the correct registry information.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 23712758
You know what? I stand corrected. Default image has pretty much full contorl over HKCU EXCEPT for the 2 main policy keys. That was a way off assumption on my part from previous experience.  Guess everytime I have done this in the past successfully, something was definately not default...

Thanks for clarifying that for me. Guess you learn something new everyday....
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article was originally published on Monitis Blog, you can check it here . Today it’s fairly well known that high-performing websites and applications bring in more visitors, higher SEO, and ultimately more sales. By the same token, downtime…
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question