[Samba] Cannot edit GPO's anymore via RSAT

George Itee george.itee at gmail.com
Sat May 24 02:02:30 MDT 2014


Forgot to mention that the Group Policy Creator Owner,SYSTEM and
Administrators groups have full control on the Policies folder in SYSVOL :)




On Sat, May 24, 2014 at 10:00 AM, Marc Muehlfeld <mmuehlfeld at samba.org>wrote:

> Hello George,
>
> Am 23.05.2014 23:26, schrieb George Itee:
> >  Calling acl_set_file:
> > samdom/Policies/{5ABDC733-C7C3-4435-9B93-F896C36A508A}, 0
> > [2014/05/24 00:14:41.655671, 10, pid=2134, effective(3000200, 100),
> > real(3000200, 0)]
> > ../source3/modules/vfs_posixacl.c:111(posixacl_sys_acl_set_file)
> >   acl_set_file failed: Operation not permitted
> > [2014/05/24 00:14:41.655708,  2, pid=2134, effective(3000200, 100),
> > real(3000200, 0), class=acls]
> > ../source3/smbd/posix_acls.c:3014(set_canon_ace_list)
> >   set_canon_ace_list: sys_acl_set_file type file failed for
> > file samdom//Policies/{5ABDC733-C7C3-4435-9B93-F896C36A508A} (Operation
> > not permitted).
> > [2014/05/24 00:14:41.655740,  3, pid=2134, effective(3000200, 100),
> > real(3000200, 0), class=acls]
> ../source3/smbd/posix_acls.c:3831(set_nt_acl)
> >   set_nt_acl: failed to set file acl on file
> > samdom//Policies/{5ABDC733-C7C3-4435-9B93-F896C36A508A} (Operation not
> > permitted).
> > [2014/05/24 00:14:41.655778, 10, pid=2134, effective(3000200, 100),
> > real(3000200, 0)]
> > ../source3/smbd/smb2_server.c:2657(smbd_smb2_request_error_ex)
> >   smbd_smb2_request_error_ex: idx[1] status*[NT_STATUS_ACCESS_DENIED]* ||
> > at ../source3/smbd/smb2_setinfo.c:128
> > [2014/05/24 00:14:41.655807, 10, pid=2134, effective(3000200, 100),
> > real(3000200, 0)]
> > ../source3/smbd/smb2_server.c:2557(smbd_smb2_request_done_ex)
> >   smbd_smb2_request_done_ex: idx[1]
> > status*[NT_STATUS_ACCESS_DENIED]*body[8] dyn[yes:1] at
> > ../source3/smbd/smb2_server.c:2705
> > [2014/05/24 00:14:41.655835, 10, pid=2134, effective(3000200, 100),
> > real(3000200, 0)]
> > ../source3/smbd/smb2_server.c:893(smb2_set_operation_credit)
> >   smb2_set_operation_credit: requested 1, charge 1, granted 1, current
> > possible/max 482/512, total granted/max/low/range 31/8192/104/31
>
>
> Can you verify that the groups have the required access on the SysVol
> folder and it's content?
>
>
> Regards,
> Marc
>


More information about the samba mailing list