[PATCH 1/6] s4 provision: Remove hard coded ACL for GPO objects

Matthieu Patou mat at matws.net
Wed Apr 7 15:44:22 MDT 2010 

It is no longer needed to hard code ACL for GPO object as we have now code
that calculate ACL from defaultSecurityDescriptor and inheritance correctly.

In fact the resulting ACL returned by this hard coded value is a bit wrong as
some ACE are duplicated.
---
 source4/setup/provision_group_policy.ldif |    2 --
 1 files changed, 0 insertions(+), 2 deletions(-)

diff --git a/source4/setup/provision_group_policy.ldif b/source4/setup/provision_group_policy.ldif
index 05981d8..20b162e 100644
--- a/source4/setup/provision_group_policy.ldif
+++ b/source4/setup/provision_group_policy.ldif
@@ -15,7 +15,6 @@ gPCUserExtensionNames: [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-1
  1D2-842D-00C04FA372D4}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-
  11D1-A7CC-0000F87571E3}]
 isCriticalSystemObject: TRUE
-nTSecurityDescriptor: O:${DOMAINSID}-512G:${DOMAINSID}-512D:PAI(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-519)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;RPLCLORC;;;ED)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
 systemFlags: -1946157056
 
 dn: CN=User,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
@@ -42,7 +41,6 @@ flags: 0
 gPCMachineExtensionNames: [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4
  FB-11D0-A0D0-00A0C90F574B}]
 isCriticalSystemObject: TRUE
-nTSecurityDescriptor: O:${DOMAINSID}-512G:${DOMAINSID}-512D:PAI(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-519)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;RPLCLORC;;;ED)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
 systemFlags: -1946157056
 
 dn: CN=User,CN={${POLICYGUID_DC}},CN=Policies,CN=System,${DOMAINDN}
-- 
1.6.3.3


--------------010804020208020700020704
Content-Type: text/x-patch;
 name="0005-s4-python-make-the-function-dsdb_get_oid_from_attid-.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename*0="0005-s4-python-make-the-function-dsdb_get_oid_from_attid-.pa";
 filename*1="tch"

More information about the samba-technical mailing list