If there are images in this attachment, they will not be displayed.  Download the original attachment
Page 1
HOWTO: Samba PDC + Roaming My
Documents/Desktop
Alexander H Deriziotis
How to configure a large-scale Samba PDC while redirecting only the client machines' My
Documents and Desktop at the server using logon scripts. Additionally, configuring user's
printers through logon scripts.
1. Introduction
One thing I've found during my adventures as a network administrator, is that roaming profiles
are a good idea, but aren't actually that great an implementation. They're very cool if you've
got the money to buy identical machines, with identically cloned software and install identical
images of their hard-drives from the very start and if you've got the money to get some
advanced Microsoft Business Server to roll-out software upgrades automagically. But it's an
expensive solution, a very expensive solution, where most of the money goes to the software
companies rather than the little people offering support. Born out of the need to configure
networks for small businesses and charities with very little funding, I've realized that the best
solution is to forget the roaming profiles, and roam only the My Documents and Desktop
folders.
This essentially means, that a user's applications don't follow them around when they log on to
machines on the network, but any files stored on the Desktop or in their My Documents do.
This is useful because whenever I'm there, I can upgrade existing software on any machine I
feel like, depending on how much time I've got. I can replace certain machines on the network
without having to worry about inconsistent start menus and desktop settings. Each user logs on
to that machine and uses the resources of that machine, but can easily find their files (which
are incidentally being backed up consistently since they're stored on the server), even the
most un-savvy users can find their files if they're under My Documents!
However, one major workaround I've had to come up with while configuring Linux-based
Windows' PDCs is needed because Windows' Server group policy options and security policies
and all those GUI options that I don't really get are missing. In turn, anything you want done on
particular machines logging on to your PDC, must be done through logon scripts. This
document will explain how to configure the PDC and the user's logon scripts to redirect the
Desktop and My Documents folders and the scripts to connect the right machines to the right
printers.
2. Software
Server: Red Hat Fedora Core 4 + Samba 3.0.14
Clients: Windows 2000/XP
3. Samba
Step 1:
Set up a regular Samba PDC. This involves mostly setting domain logons = yes in the smb.conf.
Step 2:
Set
profile path =
in order to disable roaming profiles.

Page 2
4. Logon Scripts
4.1. Roaming 'My Documents'
Step 1:
Configure the logon scripts.
To do this, uncomment the [netlogon] share, and put all scripts into the netlogon path.
logon script = logon.bat
Note. The logon script path is in relation to the netlogon path. So the actual script resides in
/home/netlogon/logon.bat.
logon.bat
# Create the My Documents folder if it doesn't exist
cd Z:
IF NOT EXIST "Z:\My Documents\." MD "Z:\My Documents"
# Update the registry to redirect the user's My Documents to the server
regedit /s \\pandora\netlogon\redirect.reg
regedit /s \\pandora\netlogon\redirect.reg
redirect.reg
(Exported registry key for)
HKCU,Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Personal = “Z:\My Documents”
I need to come up with a better script for this, something which is smaller and can be
copy/pasted in to a file from this page.
4.2. Connecting to the right printers
Add the following lines to the logon.bat to have it auto-connect to the desired printer.
rem Set printer for all machines in basement
IF %COMPUTERNAME% == CAVE100 rundll32 printui.dll,PrintUIEntry /y /in /n
\\cave98\Epson740
/y means set it as default..
5. The client machines
LogonScriptSync
For each machine connected to the PDC, change the machine's registry setting to enable
running logon script synchronously (http://www.winguides.com/registry/display.php/141/).
System Key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon]
Value Name: RunLogonScriptSync
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disabled, 1 = enabled)

Page 3
Value must be 1 for logon script to change the registry before loading the My Documents
folder.
Offline files
Log in as administrator on the local machine. Go to Tools, Folder Options. Click on Offline files
and disable.