# Samba PDC diffrent roaming profile settings.

## gentoo2013

Hi there i currently have a primary domain controller setup using samba. 

I am planning on setting up a small network fo around 50 clients which and I would like two kinds of profiles setup. 

What im looking to do is hide certain applications in the start menu , resttict users to saving in to only one directory and so on.  

I am able to do certain things using gpedit on windows and dispabling functions through there but this is a major pain as it needs to be done on every machine. 

Is it possible to load certain romaining profiles to one set of users and another for another set ? 

For instance create a default romaing profile for each office i have in the building ? 

Any help would be appricaterd I have searched the net but I am getting slighty confused. 

Thanks

----------

## gentoo2013

Ok I have progressed a bit more. 

I have to managed to export a profile from windows cut it down a restrict a few things but im still unsure how to use a certain profile for each office. 

As samba is using one global profile list. 

And I would really like to restrict the access to certain bits of information on the system still (my computer so on) 

The only way i can figure to do this is manually on every single machine using gpedit in windows. 

This is a major pain for me as I am disablling many things in the registry and through gpedit.

Surely there most be an easier way of doing this by simplying doing it once on windows and getting samba to load a file or something ? 

If anyone else is using Samba as a PDC I would ve very intrested in how you are restricting users to certain things. 

With futher research im guessing its easier to use samba 4 but this is not fully stable at the moment. 

For the time being i think i will have to do things manually which is extrmely painfull 

Thanks

----------

## kimmie

There are only two reasonable ways of applying policy that I've been able to find:

1. Roll your own NETLOGON scripting to apply the settings you want at the client machine. It's fairly easy to apply registry settings from a batch file, but it can get pretty hairy depending on what you want to do.

2. Nitrobit group policy  http://www.nitrobit.com/products.html

Also, be aware that many issues can crop up when using samba as a fileserver with windows clients. It can be made to work well, but it will take time if you haven't done it before. I've found the following settings really help with locking (particulary with office), allowing offline files to work, and supporting hidden files properly, but make sure you understand what they do and google for the problems they are solving:

kernel oplocks = no

level2 oplocks = yes

dos filemode = yes

store dos attributes = yes

I've never seen roaming profiles actually work. My advice to you is to steer well clear.

----------

