mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
gpo: Add GNOME Settings ADMX templates
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
parent
14383909d2
commit
1cd65280ab
90
libgpo/admx/GNOME Settings.admx
Normal file
90
libgpo/admx/GNOME Settings.admx
Normal file
@ -0,0 +1,90 @@
|
||||
<policyDefinitions revision="1.0" schemaVersion="1.0">
|
||||
<policyNamespaces>
|
||||
<target prefix="system" namespace="Samba.Policies.System" />
|
||||
<using prefix="windows" namespace="Microsoft.Policies.Windows" />
|
||||
</policyNamespaces>
|
||||
<resources minRequiredRevision="1.0" />
|
||||
<supportedOn>
|
||||
<definitions>
|
||||
<definition name="SUPPORTED_SAMBA_4_15" displayName="$(string.SUPPORTED_SAMBA_4_15)"/>
|
||||
</definitions>
|
||||
</supportedOn>
|
||||
<categories>
|
||||
<category name="CAT_351B0FDF_55F3_4904_AC71_D3A6CF8DB323" displayName="$(string.CAT_351B0FDF_55F3_4904_AC71_D3A6CF8DB323)">
|
||||
<parentCategory ref="windows:ControlPanel" />
|
||||
</category>
|
||||
<category name="CAT_7E067B4B_2FE1_4AAD_8D76_54209466A491" displayName="$(string.CAT_7E067B4B_2FE1_4AAD_8D76_54209466A491)">
|
||||
<parentCategory ref="CAT_351B0FDF_55F3_4904_AC71_D3A6CF8DB323" />
|
||||
</category>
|
||||
</categories>
|
||||
<policies>
|
||||
<policy name="POL_B00E46C8_3837_4FE2_91EF_3C13D50B0BDC" class="Machine" displayName="$(string.POL_B00E46C8_3837_4FE2_91EF_3C13D50B0BDC)" explainText="$(string.POL_B00E46C8_3837_4FE2_91EF_3C13D50B0BDC_Help)" presentation="$(presentation.POL_B00E46C8_3837_4FE2_91EF_3C13D50B0BDC)" key="GNOME Settings\Lock Down Settings" valueName="Whitelisted Online Accounts">
|
||||
<parentCategory ref="CAT_351B0FDF_55F3_4904_AC71_D3A6CF8DB323" />
|
||||
<supportedOn ref="SUPPORTED_SAMBA_4_15" />
|
||||
<elements>
|
||||
<list id="LST_B2FA2836_7FE0_4C2D_9D40_073E4BBDF0F3" key="GNOME Settings\Lock Down Settings\Whitelisted Online Accounts" />
|
||||
</elements>
|
||||
</policy>
|
||||
<policy name="POL_6307C5EA_766A_4D39_BBAE_B1F9A651F08C" class="Machine" displayName="$(string.POL_6307C5EA_766A_4D39_BBAE_B1F9A651F08C)" explainText="$(string.POL_6307C5EA_766A_4D39_BBAE_B1F9A651F08C_Help)" key="GNOME Settings\Lock Down Settings" valueName="Disable Command-Line Access">
|
||||
<parentCategory ref="CAT_351B0FDF_55F3_4904_AC71_D3A6CF8DB323" />
|
||||
<supportedOn ref="SUPPORTED_SAMBA_4_15" />
|
||||
</policy>
|
||||
<policy name="POL_373CCAD2_D0BC_49A3_A078_10CB073AA949" class="Machine" displayName="$(string.POL_373CCAD2_D0BC_49A3_A078_10CB073AA949)" explainText="$(string.POL_373CCAD2_D0BC_49A3_A078_10CB073AA949_Help)" key="GNOME Settings\Lock Down Settings" valueName="Disable File Saving">
|
||||
<parentCategory ref="CAT_351B0FDF_55F3_4904_AC71_D3A6CF8DB323" />
|
||||
<supportedOn ref="SUPPORTED_SAMBA_4_15" />
|
||||
</policy>
|
||||
<policy name="POL_2B71227C_C44B_4F77_B32A_FF92F312BCE2" class="Machine" displayName="$(string.POL_2B71227C_C44B_4F77_B32A_FF92F312BCE2)" explainText="$(string.POL_2B71227C_C44B_4F77_B32A_FF92F312BCE2_Help)" key="GNOME Settings\Lock Down Settings" valueName="Disable Printing">
|
||||
<parentCategory ref="CAT_351B0FDF_55F3_4904_AC71_D3A6CF8DB323" />
|
||||
<supportedOn ref="SUPPORTED_SAMBA_4_15" />
|
||||
</policy>
|
||||
<policy name="POL_F5785112_422C_4426_BF69_164FED2D6075" class="Machine" displayName="$(string.POL_F5785112_422C_4426_BF69_164FED2D6075)" explainText="$(string.POL_F5785112_422C_4426_BF69_164FED2D6075_Help)" key="GNOME Settings\Lock Down Settings" valueName="Disable Repartitioning">
|
||||
<parentCategory ref="CAT_351B0FDF_55F3_4904_AC71_D3A6CF8DB323" />
|
||||
<supportedOn ref="SUPPORTED_SAMBA_4_15" />
|
||||
</policy>
|
||||
<policy name="POL_DBD5262E_1014_4778_92C8_C3258C0D8EEE" class="Machine" displayName="$(string.POL_DBD5262E_1014_4778_92C8_C3258C0D8EEE)" explainText="$(string.POL_DBD5262E_1014_4778_92C8_C3258C0D8EEE_Help)" key="GNOME Settings\Lock Down Settings" valueName="Disable User Logout">
|
||||
<parentCategory ref="CAT_351B0FDF_55F3_4904_AC71_D3A6CF8DB323" />
|
||||
<supportedOn ref="SUPPORTED_SAMBA_4_15" />
|
||||
</policy>
|
||||
<policy name="POL_E5211A0E_F684_4E93_B62B_4F6B8BE5BBAD" class="Machine" displayName="$(string.POL_E5211A0E_F684_4E93_B62B_4F6B8BE5BBAD)" explainText="$(string.POL_E5211A0E_F684_4E93_B62B_4F6B8BE5BBAD_Help)" key="GNOME Settings\Lock Down Settings" valueName="Disable User Switching">
|
||||
<parentCategory ref="CAT_351B0FDF_55F3_4904_AC71_D3A6CF8DB323" />
|
||||
<supportedOn ref="SUPPORTED_SAMBA_4_15" />
|
||||
</policy>
|
||||
<policy name="POL_942D0D38_C946_4805_8339_92B661BE64E7" class="Machine" displayName="$(string.POL_942D0D38_C946_4805_8339_92B661BE64E7)" explainText="$(string.POL_942D0D38_C946_4805_8339_92B661BE64E7_Help)" key="GNOME Settings\Lock Down Settings" valueName="Disallow Login Using a Fingerprint">
|
||||
<parentCategory ref="CAT_351B0FDF_55F3_4904_AC71_D3A6CF8DB323" />
|
||||
<supportedOn ref="SUPPORTED_SAMBA_4_15" />
|
||||
</policy>
|
||||
<policy name="POL_0906773B_31CA_48E7_B173_A2A8435FA31C" class="Machine" displayName="$(string.POL_0906773B_31CA_48E7_B173_A2A8435FA31C)" explainText="$(string.POL_0906773B_31CA_48E7_B173_A2A8435FA31C_Help)" key="GNOME Settings\Lock Down Settings" valueName="Lock Down Enabled Extensions">
|
||||
<parentCategory ref="CAT_351B0FDF_55F3_4904_AC71_D3A6CF8DB323" />
|
||||
<supportedOn ref="SUPPORTED_SAMBA_4_15" />
|
||||
</policy>
|
||||
<policy name="POL_1DE280F7_3BE5_4DDD_BE10_5A31D6E7ED9B" class="Machine" displayName="$(string.POL_1DE280F7_3BE5_4DDD_BE10_5A31D6E7ED9B)" explainText="$(string.POL_1DE280F7_3BE5_4DDD_BE10_5A31D6E7ED9B_Help)" presentation="$(presentation.POL_1DE280F7_3BE5_4DDD_BE10_5A31D6E7ED9B)" key="GNOME Settings\Lock Down Settings" valueName="Lock Down Specific Settings">
|
||||
<parentCategory ref="CAT_351B0FDF_55F3_4904_AC71_D3A6CF8DB323" />
|
||||
<supportedOn ref="SUPPORTED_SAMBA_4_15" />
|
||||
<elements>
|
||||
<list id="LST_19198E2B_79A2_4263_B09E_CC40151A265B" key="GNOME Settings\Lock Down Settings\Lock Down Specific Settings" />
|
||||
</elements>
|
||||
</policy>
|
||||
<policy name="POL_1F00D0C9_3190_42E1_870F_33A0E560E873" class="Machine" displayName="$(string.POL_1F00D0C9_3190_42E1_870F_33A0E560E873)" explainText="$(string.POL_1F00D0C9_3190_42E1_870F_33A0E560E873_Help)" presentation="$(presentation.POL_1F00D0C9_3190_42E1_870F_33A0E560E873)" key="GNOME Settings\Lock Down Settings" valueName="Dim Screen when User is Idle">
|
||||
<parentCategory ref="CAT_7E067B4B_2FE1_4AAD_8D76_54209466A491" />
|
||||
<supportedOn ref="SUPPORTED_SAMBA_4_15" />
|
||||
<elements>
|
||||
<decimal id="DXT_B46B9503_767D_43E6_8844_8852AC9211C9" key="GNOME Settings\Lock Down Settings\Dim Screen when User is Idle" valueName="Delay" />
|
||||
<decimal id="DXT_C652079A_D03D_4DE0_A43A_F5AC3F416F4D" key="GNOME Settings\Lock Down Settings\Dim Screen when User is Idle" valueName="Dim Idle Brightness" />
|
||||
</elements>
|
||||
</policy>
|
||||
<policy name="POL_05BFA99F_C8C1_4486_AA35_CFB72EF94CAE" class="Machine" displayName="$(string.POL_05BFA99F_C8C1_4486_AA35_CFB72EF94CAE)" presentation="$(presentation.POL_05BFA99F_C8C1_4486_AA35_CFB72EF94CAE)" key="GNOME Settings\Lock Down Settings" valueName="Compose Key">
|
||||
<parentCategory ref="CAT_7E067B4B_2FE1_4AAD_8D76_54209466A491" />
|
||||
<supportedOn ref="SUPPORTED_SAMBA_4_15" />
|
||||
<elements>
|
||||
<text id="CMB_F3CCB880_E12B_4068_8B8A_66DE04211F69" key="GNOME Settings\Lock Down Settings\Compose Key" valueName="Key Name" required="true" />
|
||||
</elements>
|
||||
</policy>
|
||||
<policy name="POL_93280789_E7BA_4EB8_924B_61BA1EEB0437" class="Machine" displayName="$(string.POL_93280789_E7BA_4EB8_924B_61BA1EEB0437)" explainText="$(string.POL_93280789_E7BA_4EB8_924B_61BA1EEB0437_Help)" presentation="$(presentation.POL_93280789_E7BA_4EB8_924B_61BA1EEB0437)" key="GNOME Settings\Lock Down Settings" valueName="Enabled Extensions">
|
||||
<parentCategory ref="CAT_351B0FDF_55F3_4904_AC71_D3A6CF8DB323" />
|
||||
<supportedOn ref="SUPPORTED_SAMBA_4_15" />
|
||||
<elements>
|
||||
<list id="LST_FAD2DD29_CDD9_45BC_99CA_1C47084D09A8" key="GNOME Settings\Lock Down Settings\Enabled Extensions" />
|
||||
</elements>
|
||||
</policy>
|
||||
</policies>
|
||||
</policyDefinitions>
|
110
libgpo/admx/en-US/GNOME Settings.adml
Normal file
110
libgpo/admx/en-US/GNOME Settings.adml
Normal file
@ -0,0 +1,110 @@
|
||||
<policyDefinitionResources revision="1.0" schemaVersion="1.0">
|
||||
<displayName>
|
||||
</displayName>
|
||||
<description>
|
||||
</description>
|
||||
<resources>
|
||||
<stringTable>
|
||||
<string id="SUPPORTED_SAMBA_4_15">Samba 4.15</string>
|
||||
<string id="CAT_351B0FDF_55F3_4904_AC71_D3A6CF8DB323">GNOME Settings</string>
|
||||
<string id="POL_541A888A_A96D_4A21_9A8F_1021EF6D2F25">Allow Online Accounts</string>
|
||||
<string id="POL_B00E46C8_3837_4FE2_91EF_3C13D50B0BDC">Whitelisted Online Accounts</string>
|
||||
<string id="POL_B00E46C8_3837_4FE2_91EF_3C13D50B0BDC_Help">The GNOME Online Accounts (GOA) are used for integrating personal network accounts with the GNOME Desktop and applications. The user can add their online accounts, such as Google, Facebook, Flickr, ownCloud, and others using the Online Accounts application.
|
||||
As a system administrator, you can:
|
||||
selectively enable a few online accounts.</string>
|
||||
<string id="POL_541A888A_A96D_4A21_9A8F_1021EF6D2F25_Help">The GNOME Online Accounts (GOA) are used for integrating personal network accounts with the GNOME Desktop and applications. The user can add their online accounts, such as Google, Facebook, Flickr, ownCloud, and others using the Online Accounts application.
|
||||
As a system administrator, you can:
|
||||
enable all online accounts;
|
||||
disable all online accounts.</string>
|
||||
<string id="POL_6307C5EA_766A_4D39_BBAE_B1F9A651F08C">Disable Command-Line Access</string>
|
||||
<string id="POL_6307C5EA_766A_4D39_BBAE_B1F9A651F08C_Help">To disable command-line access for your desktop user, you need to make configuration changes in a number of different contexts. Bear in mind that the following steps do not remove the desktop user's permissions to access a command line, but rather remove the ways that the desktop user could access the command line.
|
||||
|
||||
Set the org.gnome.desktop.lockdown.disable-command-line GSettings key, which prevents the user from accessing the terminal or specifying a command line to be executed (the Alt+F2 command prompt).
|
||||
|
||||
Prevent users from accessing the Alt+F2 command prompt.
|
||||
|
||||
Disable switching to virtual terminals (VTs) with the Ctrl+Alt+function key shortcuts by modifying the X server configuration.
|
||||
|
||||
Remove Terminal and all other terminal applications from the Activities overview in GNOME Shell. You will also need to prevent the user from installing a new terminal application.</string>
|
||||
<string id="POL_373CCAD2_D0BC_49A3_A078_10CB073AA949">Disable File Saving</string>
|
||||
<string id="POL_373CCAD2_D0BC_49A3_A078_10CB073AA949_Help">You can disable the Save and Save As dialogs. This can be useful if you are giving temporary access to a user or you do not want the user to save files to the computer.
|
||||
|
||||
WARNING: This feature will only work in applications which support it! Not all GNOME and third party applications have this feature enabled. These changes will have no effect on applications which do not support this feature.</string>
|
||||
<string id="POL_2B71227C_C44B_4F77_B32A_FF92F312BCE2">Disable Printing</string>
|
||||
<string id="POL_2B71227C_C44B_4F77_B32A_FF92F312BCE2_Help">You can disable the print dialog from being shown to users. This can be useful if you are giving temporary access to a user or you do not want the user to print to network printers.
|
||||
|
||||
WARNING: This feature will only work in applications which support it! Not all GNOME and third party applications have this feature enabled. These changes will have no effect on applications which do not support this feature.</string>
|
||||
<string id="POL_F5785112_422C_4426_BF69_164FED2D6075">Disable Repartitioning</string>
|
||||
<string id="POL_F5785112_422C_4426_BF69_164FED2D6075_Help">polkit enables you to set permissions for individual operations. For udisks2, the utility for disk management services, the configuration is located at /usr/share/polkit-1/actions/org.freedesktop.udisks2.policy. This file contains a set of actions and default values, which can be overridden by system administrator.
|
||||
|
||||
TIP: The polkit configuration in /etc overrides that shipped by packages in /usr/share.</string>
|
||||
<string id="POL_DBD5262E_1014_4778_92C8_C3258C0D8EEE">Disable User Logout</string>
|
||||
<string id="POL_DBD5262E_1014_4778_92C8_C3258C0D8EEE_Help">Preventing the user from logging out is useful for special kind of GNOME deployments (unmanned kiosks, public internet access terminals, and so on).
|
||||
|
||||
IMPORTANT: Users can evade the logout lockdown by switching to a different user. That is the reason why it is recommended to also disable user switching when configuring the system.</string>
|
||||
<string id="POL_E5211A0E_F684_4E93_B62B_4F6B8BE5BBAD">Disable User Switching</string>
|
||||
<string id="POL_E5211A0E_F684_4E93_B62B_4F6B8BE5BBAD_Help">Preventing the user from logging out is useful for special kind of GNOME deployments (unmanned kiosks, public internet access terminals, and so on).
|
||||
|
||||
IMPORTANT: Users can evade the logout lockdown by switching to a different user. That is the reason why it is recommended to also disable user switching when configuring the system.</string>
|
||||
<string id="POL_942D0D38_C946_4805_8339_92B661BE64E7">Disallow Login Using a Fingerprint</string>
|
||||
<string id="POL_942D0D38_C946_4805_8339_92B661BE64E7_Help">Users with a fingerprint scanner can use their fingerprints instead of a password to log in. Fingerprint login needs to be set up by the user before it can be used.
|
||||
|
||||
Fingerprint readers are not always reliable, so you may wish to disable login using the reader for security reasons.
|
||||
</string>
|
||||
<string id="POL_0906773B_31CA_48E7_B173_A2A8435FA31C">Lock Down Enabled Extensions</string>
|
||||
<string id="POL_0906773B_31CA_48E7_B173_A2A8435FA31C_Help">In GNOME Shell, you can prevent the user from enabling or disabling extensions by locking down the org.gnome.shell.enabled-extensions and org.gnome.shell.development-tools keys. This allows you to provide a set of extensions that the user has to use.
|
||||
|
||||
Locking down the org.gnome.shell.development-tools key ensures that the user cannot use GNOME Shell’s integrated debugger and inspector tool (Looking Glass) to disable any mandatory extensions.</string>
|
||||
<string id="POL_1DE280F7_3BE5_4DDD_BE10_5A31D6E7ED9B">Lock Down Specific Settings</string>
|
||||
<string id="POL_1DE280F7_3BE5_4DDD_BE10_5A31D6E7ED9B_Help">By using the lockdown mode in dconf, you can prevent users from changing specific settings. Without locking down the system settings, user settings take precedence over the system settings.
|
||||
|
||||
To lock down a dconf key or subpath, you will need to create a locks subdirectory in the keyfile directory. The files inside this directory contain a list of keys or subpaths to lock. Just as with the keyfiles, you may add any number of files to this directory.</string>
|
||||
<string id="CAT_7E067B4B_2FE1_4AAD_8D76_54209466A491">User Settings</string>
|
||||
<string id="POL_1F00D0C9_3190_42E1_870F_33A0E560E873">Dim Screen when User is Idle</string>
|
||||
<string id="POL_1F00D0C9_3190_42E1_870F_33A0E560E873_Help">You can make the computer screen dim after the computer has been idle (not used) for some period of time.</string>
|
||||
<string id="POL_05BFA99F_C8C1_4486_AA35_CFB72EF94CAE">Compose Key</string>
|
||||
<string id="POL_93280789_E7BA_4EB8_924B_61BA1EEB0437">Enabled Extensions</string>
|
||||
<string id="POL_93280789_E7BA_4EB8_924B_61BA1EEB0437_Help">The enabled-extensions key specifies the enabled extensions using the extensions’ uuid.</string>
|
||||
</stringTable>
|
||||
<presentationTable>
|
||||
<presentation id="POL_B00E46C8_3837_4FE2_91EF_3C13D50B0BDC">
|
||||
<listBox refId="LST_B2FA2836_7FE0_4C2D_9D40_073E4BBDF0F3">
|
||||
</listBox>
|
||||
</presentation>
|
||||
<presentation id="POL_1DE280F7_3BE5_4DDD_BE10_5A31D6E7ED9B">
|
||||
<listBox refId="LST_19198E2B_79A2_4263_B09E_CC40151A265B">Settings</listBox>
|
||||
</presentation>
|
||||
<presentation id="POL_1F00D0C9_3190_42E1_870F_33A0E560E873">
|
||||
<decimalTextBox refId="DXT_B46B9503_767D_43E6_8844_8852AC9211C9" defaultValue="300">Idle Delay</decimalTextBox>
|
||||
<decimalTextBox refId="DXT_C652079A_D03D_4DE0_A43A_F5AC3F416F4D" defaultValue="30">Idle Brightness</decimalTextBox>
|
||||
</presentation>
|
||||
<presentation id="POL_05BFA99F_C8C1_4486_AA35_CFB72EF94CAE">
|
||||
<comboBox refId="CMB_F3CCB880_E12B_4068_8B8A_66DE04211F69">
|
||||
<label>Compose Key</label>
|
||||
<default>Right Alt</default>
|
||||
<suggestion>Right Alt</suggestion>
|
||||
<suggestion>Left Win</suggestion>
|
||||
<suggestion>3rd level of Left Win</suggestion>
|
||||
<suggestion>Right Win</suggestion>
|
||||
<suggestion>3rd level of Right Win</suggestion>
|
||||
<suggestion>Menu</suggestion>
|
||||
<suggestion>3rd level of Menu</suggestion>
|
||||
<suggestion>Left Ctrl</suggestion>
|
||||
<suggestion>3rd level of Left Ctrl</suggestion>
|
||||
<suggestion>Right Ctrl</suggestion>
|
||||
<suggestion>3rd level of Right Ctrl</suggestion>
|
||||
<suggestion>Caps Lock</suggestion>
|
||||
<suggestion>3rd level of Caps Lock</suggestion>
|
||||
<suggestion>The "< >" key</suggestion>
|
||||
<suggestion>3rd level of the "< >" key</suggestion>
|
||||
<suggestion>Pause</suggestion>
|
||||
<suggestion>PrtSc</suggestion>
|
||||
<suggestion>Scroll Lock</suggestion>
|
||||
</comboBox>
|
||||
</presentation>
|
||||
<presentation id="POL_93280789_E7BA_4EB8_924B_61BA1EEB0437">
|
||||
<listBox refId="LST_FAD2DD29_CDD9_45BC_99CA_1C47084D09A8">Enabled Extensions</listBox>
|
||||
</presentation>
|
||||
</presentationTable>
|
||||
</resources>
|
||||
</policyDefinitionResources>
|
Loading…
Reference in New Issue
Block a user