[Samba] Windows 8 polices are not applied

Wed Oct 22 00:07:50 MDT 2014

So you use not only Windows 8 clients? And I read you are using 8.0. Try to update to 8.1.
You can hard write it to the registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders322756

Daniel

EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen 
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de

-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von Jeroen J.A.W. Hermans
Gesendet: Dienstag, 21. Oktober 2014 17:34
An: samba at lists.samba.org
Betreff: Re: [Samba] Windows 8 polices are not applied

Hello Daniel,

I have checked the Policy cache options, but they are not yet available in Wnidows 8.0. This seems to be a new feature in 8.1

This is my output when i do a gpupdate /force:

---
K:\>gpupdate /force
Updating policy...

Computer Policy update has completed successfully.
User Policy update has completed successfully.

The following warnings were encountered during user policy processing:

Eén of meer instellingen kunnen niet worden toegepast door de groepsbeleiduitbre iding Folder Redirection op de client, omdat de wijzigingen moeten worden verwer kt voordat het systeem wordt opgestart of de gebruiker zich aanmeldt.  
De verwer
king van Groepsbeleid moet volledig zijn voltooid voordat het systeem opnieuw ka n worden opgestart of de gebruiker zich weer kan aanmelden. Dit kan resulteren i n trage opstartprestaties.

For more detailed information, review the event log or run GPRESULT /H GPReport.
html from the command line to access information about Group Policy results.

Certain user policies are enabled that can only run during logon.
Certain Computer policies are enabled that can only run during startup.

OK to restart? (Y/N)
---

Rebooting/logging out/in again does not help at all.

The output of gpresult contains:
"Verwerking van beleid door Folder Redirection is niet voltooid omdat de gebruiker zich opnieuw moet aanmelden voordat de instellingen worden toegepast. Als de gebruiker zich de volgende keer aanmeldt, zal door Groepsbeleid worden geprobeerd de instellingen toe te passen."

I am deliberately not translating the errors as this may only cloud the real problem because of my translation.

So now i started looking in the logs and i found the following in the application logs:

---
Kan beleid niet toepassen en map 'Documents' niet omleiden naar '\\10.20.0.38\homes\administrator\'.
  Omleidingsopties=0x1211.
  Deze fout is opgetreden: 'Kan de map niet omleiden omdat de bronmap \\10.20.0.34\home offline is.'.
  Foutdetails: 'Kan het netwerkpad niet vinden.
---

Translated this means that the "Documents" folder cannot be redirected to the new NAS at 10.20.0.38 while the old nas (10.20.0.34) is offline. 
This is correct of course, but i donnot know how to fix this.

Basically what i need to do is change the mapping of the "Documents" 
folder to the 10.20.0.38 NAS without copying all the files from the 
10.20.0.34 NAS (which does not exist anymore). Is there a way to do 
that? If this is a manual proces, that is not a problem for the 10 pc's 
here.

Thank you very much again!
Kind regards,

Jeroen Hermans

On 20-10-2014 12:32, Jeroen Hermans wrote:
> Hello Daniel,
> 
> I am not sure if this is also true for Windows 8.0 (the clients), but i
> will definitely look into this. I see a number of things i should 
> check:
> 
> - Group Policy caching explicitly disabled
> - “Always wait for the network at computer startup and user logon”
> should be on
> - check the "slow link value" as the article states: "Other policies,
> such as Folder Redirection, are then not downloaded."
> 
> Am i understanding the issue correctly?
> The line between the clients btw is a cat6 cable running at 1Gbps.
> Kind regards,
> 
> Jeroen Hermans
> 
> 
> On 10/20/2014 12:21 PM, Daniel Müller wrote:
>> I think this could be about "group-plicy-caching" under win 8.1
>> Have a look:
>> 
>> https://4sysops.com/archives/group-policy-caching-in-windows-8-1/
>> 
>> 
>> Good Luck
>> Daniel
>> 
>> 
>> -----Ursprüngliche Nachricht-----
>> Gesendet: Montag, 20. Oktober 2014 10:58
>> Betreff: Re: [Samba] Windows 8 polices are not applied
>> 
>> Hello Daniel,
>> 
>> Thank you again for the fast reply. I checked the XML file and the 
>> mappings
>> are done to the new NAS and not to the old one. This confirms that the
>> policies are updated on the DC, but not on the clients.
>> I also did a grep -R "10.20.0.34" * because that is the ip of the old 
>> NAS.
>> That string is nowhere in the directory structure. "10.20.0.38"
>> (the new NAS) is though.
>> Kind regards,
>> 
>>         Jeroen Hermans
>> 
>> On 10/20/2014 10:44 AM, Daniel Müller wrote:
>>> To proof:
>>> Look at your
>>> \\dc\sysvol\your.domain\Policies\{.....}\User\Prefernces\Drives, and
>>> there to a xml file.
>>> In side this xml file there should be the changes.
>>> 
>>> Ex:
>>> \\s4master\sysvol\tplk.loc\Policies\{31B2F340-016D-11D2-945F-00C04FB98
>>> 4F9}\U
>>> SER\Preferences\Drives
>>> 
>>> Drives.xml
>>> 
>>> 
>>> EDV Daniel Müller
>>> 
>>> -----Ursprüngliche Nachricht-----
>>> Gesendet: Montag, 20. Oktober 2014 10:20
>>> Betreff: Re: [Samba] Windows 8 polices are not applied
>>> 
>>> Hello Daniel,
>>> 
>>> Thank you for your reply. The NAS is not related to the AD and it is
>>> not storing policies, but we have redirected folders to the NAS.
>>> Because the DC is not pushing the new policies to the clients, the
>>> clients have old mappings.
>>> The policies are indeed done with the Windows 8 Group Policy Editor.
>>> Kind regards,
>>> 
>>>         Jeroen Hermans
>>> 
>>> 
>>> On 10/20/2014 08:00 AM, Daniel Müller wrote:
>>>> I do not understand, how can your NAS store AD policies? Is it a
>>>> samba
>>>> 4 AD host/server?
>>>> Win 8 group policies must be done with the group police tool of MS
>>>> Windows8 or less Win7 if it should work.
>>>> 
>>>> Greetings
>>>> Daniel
>>>> 
>>>> 
>>>> -----Ursprüngliche Nachricht-----
>>>> Gesendet: Freitag, 17. Oktober 2014 17:19
>>>> 
>>>> Hello all,
>>>> 
>>>> I am having some problems with the group policies in a small (~10 
>>>> pc's)
>>> AD.
>>>> I have set up Samba and i used a NAS for saving home folders and
>>>> policies. I then had to replace the NAS and i used a new ip for the
>>>> new NAS. For the last step i changed the ip of the redirected 
>>>> folders
>>>> in the policy in order to point all pc's to the new NAS. It seems 
>>>> the
>>>> policies are not applied as i still see the computers try to use the 
>>>> old
>>> NAS.
>>>> [jhermans at lanserver1 ~]$ samba --version Version 4.0.1-4.centos6.1
>>>> [jhermans at lanserver1 ~]$ uname -a
>>>> Linux lanserver1.smarthomes.lan 2.6.32-431.3.1.el6.x86_64 #1 SMP Fri
>>>> Jan
>>>> 3 21:39:27 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
>>>> [jhermans at lanserver1 ~]$ host -t SRV _kerberos._udp.smarthomes.lan
>>>> _kerberos._udp.smarthomes.lan has SRV record 0 100 88
>>>> lanserver1.smarthomes.lan.
>>>> [jhermans at lanserver1 ~]$ host -t SRV _ldap._tcp.smarthomes.lan
>>>> _ldap._tcp.smarthomes.lan has SRV record 0 100 389
>>>> lanserver1.smarthomes.lan.
>>>> [jhermans at lanserver1 ~]$ host -t A lanserver1.smarthomes.lan
>>>> lanserver1.smarthomes.lan has address 10.20.0.33
>>>> 
>>>> I checked that the Windows clients have 10.20.0.33 as the DNS 
>>>> server.
>>>> I also tried runnning: gpupdate /force on the clients. The clients
>>>> donnot update the policies and now i am stuck with half-functioning
>>> clients.
>>>> I hope you can give me some help with this problem.
>>>> Thank you very much. If you need any more information i am happy to
>>>> provide you with that.
>>>> Kind regards,
>>>> 
>>>> Jeroen Hermans
>>>> --
>>>> 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba