[Samba] Is Server-side GPO Configuration possible? (for logon script)

John samba at jelmail.com
Fri Feb 27 08:03:53 MST 2015 

On 27/02/15 14:34, Marc Muehlfeld wrote:
> Am 27.02.2015 um 09:42 schrieb John:
>> Shame, that. But I kind of expected that to be the answer.
>>
>> I guess the next best thing is to script it on Windows. Provide a script
>> (perhaps in sysvol/scripts) that can be run on a windows box as a domain
>> admin to finish the configuration. I guess this would be a Windows
>> Powershell script.
>>
>> Here I go off into unknown waters. Has anyone done this that could
>> provide some insight?
>
> What is your final goal?
>
> You said you want to provide a logon script. This is possible without
> GPO if you put it to the netlogon share and mention it in each users
> account settings. But GPO based logon scripts also work.
>
> I don't understand, why you want to script now something in windows?
>
I have a logon script and I can manually activate it using the Windows tools
(see this screenshot: http://i.imgur.com/84pBo8e.png).

I am building a scripted install of Samba ADDS that sets up a new
server. This is performed on a Linux machine and deploys a preconfigured
new server.

I want that scripted install to do absolutely everything necessary to
produce a final working system that end-users can log in to.

The server has a login script that sets up the user environment upon
login. Right now, this just sets up some shares but it could be used for
other things.
(example:
\\<mydomain>\sysvol\<mydomain>\Policies\{<guid>}\USER\Scripts\Logon\logon.bat)

The login script needs to be activated (not sure if that's the right
term?) in the GPO. This needs to be done manually using the tools
depicted in the screen-shot.

I am using GPO rather than per-user account settings because it is the
cleaner approach hopefully requiring less maintenance.

I ideally want to do the script activation as part of the scripted
install so that no further action is required.

However, it does not appear to be possible to do that directly on the
Samba server. So the next best thing is to provide a configuration
script that can be run by an administrator on the new server before
regular users log in. This script would perform the tasks that currently
need to be done by hand via the GUI.

So that's what I want to do - provide a script to install a logon script
without having to use the Windows GUI. Ideally I would do this
server-side but a script to be run by an administrator on Windows is an
acceptable compromise.

Does that explain it ok?

Thanks for trying to help,
John

>
> Regards,
> Marc
>
>

More information about the samba mailing list