Disabling samba password changes
I have a RedHat linux 9 install with the original Samba 2.2.7 (With latest security updates). We use a regular smbpasswd file to store the samba user accounts. their accounts are assigneed a specific password and should not be changed because a supervisor needs to regularly login as each person and check what documents are in the users home directory. Usually, when we deploy the Windows XP machines to thie users, we disable the change password functionality on the Ctrl-alt-delete screen to prevent them from doing just that. However, we have just noticed that I forgot to do that on out latest deployment (about 300 xp computers). Some of the users are changing their password without us knowing about it. I have to enable unix password sync in order for computers to be able to join the domain. Is there any way I can prevent the users from changing thier passwords?
I am already in the process of creating a new image with the correct config values but I would like to have a temporary solution in the meantime before everyone starts changing their password. I thought about using a windows nt .pol file but I have not found any utility that can create pol files but still use the windows xp sp2 adm templates.
I am already in the process of creating a new image with the correct config values but I would like to have a temporary solution in the meantime before everyone starts changing their password. I thought about using a windows nt .pol file but I have not found any utility that can create pol files but still use the windows xp sp2 adm templates.
ASKER
Unfortunately, Windows will only accept that registry on a per user profile basis. I would have no way of mounting each users individual profile and making the change to the registry from there.
Should work for HKLM as well, in which case it will work in this deployment method....
If your situation must use HKCU, then you could still use psexec to deploy a script to each machine with a single command, and copy the .reg commands to each pc's local startup.....
If your situation must use HKCU, then you could still use psexec to deploy a script to each machine with a single command, and copy the .reg commands to each pc's local startup.....
ASKER
I tried that but it does not work because startup scripts only run when the machine is first started. When the machine is started you don't have access to a users registry hive because now one has logged in yet.
Put in thier startup folder. Each user has FULL CONTROL over thier CU hive.....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You know what? I stand corrected. Default image has pretty much full contorl over HKCU EXCEPT for the 2 main policy keys. That was a way off assumption on my part from previous experience. Guess everytime I have done this in the past successfully, something was definately not default...
Thanks for clarifying that for me. Guess you learn something new everyday....
Thanks for clarifying that for me. Guess you learn something new everyday....
http://www.pctools.com/guides/registry/detail/265/
Can deploy it using PSEXEC......
PsExec
http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx