[Samba] Windows 8 polices are not applied

L.P.H. van Belle belle at bazuin.nl
Wed Oct 22 00:34:37 MDT 2014 

and to see a good output of the applied policies. 

run RSOP.MSC 
 

>-----Oorspronkelijk bericht-----
>Van: mueller at tropenklinik.de 
>[mailto:samba-bounces at lists.samba.org] Namens Daniel Müller
>Verzonden: woensdag 22 oktober 2014 8:08
>Aan: 'Jeroen J.A.W. Hermans'; samba at lists.samba.org
>Onderwerp: Re: [Samba] Windows 8 polices are not applied
>
>So you use not only Windows 8 clients? And I read you are 
>using 8.0. Try to update to 8.1.
>You can hard write it to the registry:
>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Exp
>lorer\Shell Folders
>
>
> 
>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Exp
>lorer\User Shell Folders322756
>
>Daniel
>
>
>EDV Daniel Müller
>
>Leitung EDV
>Tropenklinik Paul-Lechler-Krankenhaus
>Paul-Lechler-Str. 24
>72076 Tübingen 
>Tel.: 07071/206-463, Fax: 07071/206-499
>eMail: mueller at tropenklinik.de
>Internet: www.tropenklinik.de
>
>
>
>-----Ursprüngliche Nachricht-----
>Von: samba-bounces at lists.samba.org 
>[mailto:samba-bounces at lists.samba.org] Im Auftrag von Jeroen 
>J.A.W. Hermans
>Gesendet: Dienstag, 21. Oktober 2014 17:34
>An: samba at lists.samba.org
>Betreff: Re: [Samba] Windows 8 polices are not applied
>
>Hello Daniel,
>
>I have checked the Policy cache options, but they are not yet 
>available in Wnidows 8.0. This seems to be a new feature in 8.1
>
>This is my output when i do a gpupdate /force:
>
>---
>K:\>gpupdate /force
>Updating policy...
>
>Computer Policy update has completed successfully.
>User Policy update has completed successfully.
>
>The following warnings were encountered during user policy processing:
>
>Eén of meer instellingen kunnen niet worden toegepast door de 
>groepsbeleiduitbre iding Folder Redirection op de client, 
>omdat de wijzigingen moeten worden verwer kt voordat het 
>systeem wordt opgestart of de gebruiker zich aanmeldt.  
>De verwer
>king van Groepsbeleid moet volledig zijn voltooid voordat het 
>systeem opnieuw ka n worden opgestart of de gebruiker zich 
>weer kan aanmelden. Dit kan resulteren i n trage opstartprestaties.
>
>For more detailed information, review the event log or run 
>GPRESULT /H GPReport.
>html from the command line to access information about Group 
>Policy results.
>
>Certain user policies are enabled that can only run during logon.
>Certain Computer policies are enabled that can only run during startup.
>
>OK to restart? (Y/N)
>---
>
>Rebooting/logging out/in again does not help at all.
>
>The output of gpresult contains:
>"Verwerking van beleid door Folder Redirection is niet 
>voltooid omdat de gebruiker zich opnieuw moet aanmelden 
>voordat de instellingen worden toegepast. Als de gebruiker 
>zich de volgende keer aanmeldt, zal door Groepsbeleid worden 
>geprobeerd de instellingen toe te passen."
>
>I am deliberately not translating the errors as this may only 
>cloud the real problem because of my translation.
>
>So now i started looking in the logs and i found the following 
>in the application logs:
>
>---
>Kan beleid niet toepassen en map 'Documents' niet omleiden 
>naar '\\10.20.0.38\homes\administrator\'.
>  Omleidingsopties=0x1211.
>  Deze fout is opgetreden: 'Kan de map niet omleiden omdat de 
>bronmap \\10.20.0.34\home offline is.'.
>  Foutdetails: 'Kan het netwerkpad niet vinden.
>---
>
>Translated this means that the "Documents" folder cannot be 
>redirected to the new NAS at 10.20.0.38 while the old nas 
>(10.20.0.34) is offline. 
>This is correct of course, but i donnot know how to fix this.
>
>
>Basically what i need to do is change the mapping of the "Documents" 
>folder to the 10.20.0.38 NAS without copying all the files from the 
>10.20.0.34 NAS (which does not exist anymore). Is there a way to do 
>that? If this is a manual proces, that is not a problem for 
>the 10 pc's 
>here.
>
>Thank you very much again!
>Kind regards,
>
>Jeroen Hermans
>
>
>
>
>
>
>On 20-10-2014 12:32, Jeroen Hermans wrote:
>> Hello Daniel,
>> 
>> I am not sure if this is also true for Windows 8.0 (the 
>clients), but i
>> will definitely look into this. I see a number of things i should 
>> check:
>> 
>> - Group Policy caching explicitly disabled
>> - ?Always wait for the network at computer startup and user logon?
>> should be on
>> - check the "slow link value" as the article states: "Other policies,
>> such as Folder Redirection, are then not downloaded."
>> 
>> Am i understanding the issue correctly?
>> The line between the clients btw is a cat6 cable running at 1Gbps.
>> Kind regards,
>> 
>> Jeroen Hermans
>> 
>> 
>> On 10/20/2014 12:21 PM, Daniel Müller wrote:
>>> I think this could be about "group-plicy-caching" under win 8.1
>>> Have a look:
>>> 
>>> https://4sysops.com/archives/group-policy-caching-in-windows-8-1/
>>> 
>>> 
>>> Good Luck
>>> Daniel
>>> 
>>> 
>>> -----Ursprüngliche Nachricht-----
>>> Gesendet: Montag, 20. Oktober 2014 10:58
>>> Betreff: Re: [Samba] Windows 8 polices are not applied
>>> 
>>> Hello Daniel,
>>> 
>>> Thank you again for the fast reply. I checked the XML file and the 
>>> mappings
>>> are done to the new NAS and not to the old one. This 
>confirms that the
>>> policies are updated on the DC, but not on the clients.
>>> I also did a grep -R "10.20.0.34" * because that is the ip 
>of the old 
>>> NAS.
>>> That string is nowhere in the directory structure. "10.20.0.38"
>>> (the new NAS) is though.
>>> Kind regards,
>>> 
>>>         Jeroen Hermans
>>> 
>>> On 10/20/2014 10:44 AM, Daniel Müller wrote:
>>>> To proof:
>>>> Look at your
>>>> 
>\\dc\sysvol\your.domain\Policies\{.....}\User\Prefernces\Drives, and
>>>> there to a xml file.
>>>> In side this xml file there should be the changes.
>>>> 
>>>> Ex:
>>>> 
>\\s4master\sysvol\tplk.loc\Policies\{31B2F340-016D-11D2-945F-00C04FB98
>>>> 4F9}\U
>>>> SER\Preferences\Drives
>>>> 
>>>> Drives.xml
>>>> 
>>>> 
>>>> EDV Daniel Müller
>>>> 
>>>> -----Ursprüngliche Nachricht-----
>>>> Gesendet: Montag, 20. Oktober 2014 10:20
>>>> Betreff: Re: [Samba] Windows 8 polices are not applied
>>>> 
>>>> Hello Daniel,
>>>> 
>>>> Thank you for your reply. The NAS is not related to the AD 
>and it is
>>>> not storing policies, but we have redirected folders to the NAS.
>>>> Because the DC is not pushing the new policies to the clients, the
>>>> clients have old mappings.
>>>> The policies are indeed done with the Windows 8 Group 
>Policy Editor.
>>>> Kind regards,
>>>> 
>>>>         Jeroen Hermans
>>>> 
>>>> 
>>>> On 10/20/2014 08:00 AM, Daniel Müller wrote:
>>>>> I do not understand, how can your NAS store AD policies? Is it a
>>>>> samba
>>>>> 4 AD host/server?
>>>>> Win 8 group policies must be done with the group police tool of MS
>>>>> Windows8 or less Win7 if it should work.
>>>>> 
>>>>> Greetings
>>>>> Daniel
>>>>> 
>>>>> 
>>>>> -----Ursprüngliche Nachricht-----
>>>>> Gesendet: Freitag, 17. Oktober 2014 17:19
>>>>> 
>>>>> Hello all,
>>>>> 
>>>>> I am having some problems with the group policies in a small (~10 
>>>>> pc's)
>>>> AD.
>>>>> I have set up Samba and i used a NAS for saving home folders and
>>>>> policies. I then had to replace the NAS and i used a new 
>ip for the
>>>>> new NAS. For the last step i changed the ip of the redirected 
>>>>> folders
>>>>> in the policy in order to point all pc's to the new NAS. It seems 
>>>>> the
>>>>> policies are not applied as i still see the computers try 
>to use the 
>>>>> old
>>>> NAS.
>>>>> [jhermans at lanserver1 ~]$ samba --version Version 4.0.1-4.centos6.1
>>>>> [jhermans at lanserver1 ~]$ uname -a
>>>>> Linux lanserver1.smarthomes.lan 2.6.32-431.3.1.el6.x86_64 
>#1 SMP Fri
>>>>> Jan
>>>>> 3 21:39:27 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
>>>>> [jhermans at lanserver1 ~]$ host -t SRV _kerberos._udp.smarthomes.lan
>>>>> _kerberos._udp.smarthomes.lan has SRV record 0 100 88
>>>>> lanserver1.smarthomes.lan.
>>>>> [jhermans at lanserver1 ~]$ host -t SRV _ldap._tcp.smarthomes.lan
>>>>> _ldap._tcp.smarthomes.lan has SRV record 0 100 389
>>>>> lanserver1.smarthomes.lan.
>>>>> [jhermans at lanserver1 ~]$ host -t A lanserver1.smarthomes.lan
>>>>> lanserver1.smarthomes.lan has address 10.20.0.33
>>>>> 
>>>>> I checked that the Windows clients have 10.20.0.33 as the DNS 
>>>>> server.
>>>>> I also tried runnning: gpupdate /force on the clients. The clients
>>>>> donnot update the policies and now i am stuck with 
>half-functioning
>>>> clients.
>>>>> I hope you can give me some help with this problem.
>>>>> Thank you very much. If you need any more information i 
>am happy to
>>>>> provide you with that.
>>>>> Kind regards,
>>>>> 
>>>>> Jeroen Hermans
>>>>> --
>>>>> 
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list