there is no use doing policy that the user can override.
if the user can set it (even though via script) he can also remove it.
sure, it talked about active-directory as that's the cutting edge of samba PDC
if your samba runs as NT PDC, things should be quite much simpler.
what questions you weren't answered with that document?
_________________________
!download
KiXnet
