we are tring to replace with ADS with Fedora DS, In ADS the
following can do, when the client login into ADS domain.
1) Right click disable for clients
2) Block/Allow the specific software installation
3) Can override the users local setting by group policy eg) password
expire, if the local user set the password expire date to 5 days, the
ADS can override to 3 days.
4) Disable the client to change the internet options-> to modify the
proxy server name.
5) Do the software updates to clients from ADS, if the client not
6) Block/Allow the regedit from ADS.
now we are able to PDC with samba using FedoraDS, and each user can able
to login and their profile can create in either common storage or
localstorage of FedoraDS server.
Can any one suggest howto fullfill the above points.
> we are tring to replace with ADS with Fedora DS, In ADS the
> following can do, when the client login into ADS domain.
> 1) Right click disable for clients
> 2) Block/Allow the specific software installation
> 3) Can override the users local setting by group policy eg) password
> expire, if the local user set the password expire date to 5 days, the
> ADS can override to 3 days.
> 4) Disable the client to change the internet options-> to modify the
> proxy server name.
> 5) Do the software updates to clients from ADS, if the client not
> updated properly.
> 6) Block/Allow the regedit from ADS.
> now we are able to PDC with samba using FedoraDS, and each
> user can able
> to login and their profile can create in either common storage or
> localstorage of FedoraDS server.
> Can any one suggest howto fullfill the above points.
Stick with ADS... :)
Seriously, that's a lot of the reasons ppl like and use ADS, that you're
trying to re-engineer. As much as I hate to admit it and despite my best
efforts, I actually quite like ADS and the features it brings when managing
a fairly large Windows shop (used to do so in a previous life).
Anyhow on with the questions...
1) - Don't understand what you are asking here...
3,4,6) - All of this can be *managed* by either using a 3rd party product (a
few available, but not usually cheap) or with some clever use of original
NT4 style policies. Old-school NT4 poledit.exe had many of the *regular*
features that W2K based GPOs introduced, indeed GPO is just an evolutionary
step in this. The main difference was in how you could apply them. Ie
against a group and centrally using the AD. Some extra functionality was
introduced, both initially and in subsequent updates (SP's and now 2003).
2 & 5) Installing software with the GPO took quite a bit of initial care
anyway, but once working it does do its job (within its limited remit).
Again other apps can do this instead, however once again none are cheap.
Most are also targeted towards large installations. Updates and patch
management apps are everywhere now. MS have SUS (or is it WUS now) which is
free but has some limitations. Lots of software management options out
there. Options OTTOMH are MS SMS, ZenWorks, Altiris...
Google is your friend :)
Linux System Administrator
This email is for the intended addressee only.
If you have received it in error then you must not use, retain, disseminate or otherwise deal with it.
Please notify the sender by return email.
The views of the author may not necessarily constitute the views of Astrium Limited.
Nothing in this email shall bind Astrium Limited in any contract or obligation.
Astrium Limited, Registered in England and Wales No. 2449259
Registered Office: Gunnels Wood Road, Stevenage, Hertfordshire, SG1 2AS, England
As a rule of thumb, when users leave our company, via the admin
interface I set their accounts to be inactive; is there a way to query
the ldap to see what objects are inactive; I guess what I'm really
asking is, what attribute do I look for when querying the database.
The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.