Home Forums OS X Server and Client Discussion Questions and Answers Restricting XP privileges

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • July 12, 2007 at 11:04 am #369491
    zvordauk
    Participant

    Hi All,

    I am setting up a server in a mixed Mac and PC environment. I have a G5 server which I have just upgraded to 10.4.10
    I need to be able to restrict users to only see their roaming account on the server i.e. block them from accessing anything but their home folder and a group folder.
    I’m happy enough with this on the Mac side but the PC side is giving me trouble.
    So far I have the PC’s authenticating to the server and mounting their home dir at startup. the question is:

    Can I configure 10.4 Server so that when XP’s authenticate to it they are resticted to only using specified apps, cannot access the control panels or run menu and can only save to the home folder?

    I’ve been a Mac guy for 18 years and have done my best to avoid PC’s but….

    July 14, 2007 at 9:16 pm #369512
    zvordauk
    Participant

    Yes and yes.
    All running off one xServe: 10.4.10 acting as OD Master, file server, home dir server.

    July 17, 2007 at 11:06 pm #369531
    zvordauk
    Participant

    Thanks for the heads up 😥
    Any idea where I could find a tutorial to educate myself on Windows logon scripts???

    July 18, 2007 at 7:58 am #369539
    zvordauk
    Participant

    Thanks for all your help.
    One last question; Do quotas set by the server work on PC’s? I need to limit the users Home Folder size.

    Ger…

    October 23, 2007 at 11:10 pm #370275
    Zac
    Participant

    You can apply Group Policy settings to XP machines, the process is a bit convluted however.

    You will need to obtain poledit.exe from an windows 2000 or above server disk. This utility will allow you to use group policy templates to set options. Run poledit.exe on an XP machine logged in with a local account to a network account. Save the poledit.exe file as NTCONFIG.POL and place it in the /private/ect/netlogon directory of your OSX server. XP (NT & 2000 as well) automatically check the netlogon folder of their domain controller and look for a NTCONFIG.POL for a group policy setting. You are able to apply group policy’s by Machine, User Group, & User. I have been running this without incident for almost 2 years and it works great once you get it going.

    You may need to edit the group policy templates a bit so POLEDIT.EXE will run them but some googling should yeild some guidance. You will also need to make sure that everyone has read access to the netlogon directory.

    Good Luck

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.