Sorry for this email that are really a bit OT but i hope not so much to create harm. ;) I was working on settings this entry: http://support.microsoft.com/?scid=kb%3Ben-us%3B310461&x=17&y=14 to prevent certificates enrollment error with my samba 3 domain (that does not support it). After some google and some manual registry editing, i've found that if i edit/add the key [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\AutoEnrollment] "AEPolicy"=dword:00008000 nothing changed, i still need to use local policy editor to apply settings. After some amount of googling, and after reading: http://lists.samba.org/archive/samba/2003-March/063865.html http://www.css.taylor.edu/~nehresma/samba.html i've found: http://support.microsoft.com/default.aspx?scid=kb;EN-US;274478 so seems that i can set local GPO (LGPO) on one machine, and simply copy them around, an easy task with WPKG. This could be a far better way of handling some windows setting that use NT4-policy that are largely unsupported, expecially on system-side, and suffer of 'tattoo effect'. Clearly for the 'user' side is a 'all or nothing' approach, but for some things acceptable. But reading further i've found a tool called 'secedit.exe': http://support.microsoft.com/?scid=kb%3Ben-us%3B313203&x=9&y=12 http://www.tutorials-win.com/XPSetup/local-group/ and here my windows knowledge stop me. Really i don't understood if i can define administrative templates for LGPO, if i can create a different LGPO apart the 'default one', if there's an easy/textual way to 'dump' LGPO, edit by hand and apply to a set of boxes via WPKG, ... Someone have played a bit with these stuffs and have some knowledge/links to share? Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797 |