Domain controller security policy tool

Matthieu Patou mat at
Wed May 19 15:37:07 MDT 2010

Hello Anatoly,

> Hi Matthieu,
> I have to open that tool and edit User Rights Assignment like so:
> * Add the 'Manage Security' group to the 'Manage Auditing and Security Log' policy.
> How can I open that tool against Samba at all?
> Is this possible to do with Samba?
> Is this working via LDAP or else?
Thanks for pointing me this ... as I suspected, this tool is just a 
shortcut to edit the default domain controler policy.

You can acheive the same by editing the default domain controler policy 
in gpmc (with w7/w2k8r2), path in the tool is:

Computer Policy -> Windows Settings -> Security Settings -> local policy 
-> User righs assigments

I turns out that this modify this file:

where {E516A47C-5E5B-4A3D-8F5F-167510F8C1AC} is the guid of the policy 
the path on linux for policies.

Here is the content of the file (it's utf16).

[Privilege Rights]
SeSecurityPrivilege = *S-1-5-32-544

So basicaly you should be able to just put a utf16 encoded file + create 
folders + do a little trick on policy control file GPT.ini at the root 
of the default domain policy folder.
But please ask wilco because he is a guru on server side policy 
Cheers, Matthieu.

Matthieu Patou
Samba Team

More information about the samba-technical mailing list