[Samba] Is Server-side GPO Configuration possible? (for logon script)

John samba at jelmail.com
Fri Feb 27 12:11:47 MST 2015

On 27/02/15 16:39, Marc Muehlfeld wrote:

Thanks Marc for taking the time to reply.
> OK. Things getting clearer now.
> Should the logon script be part of the Default Domain policy? This one
> always has the same GUID (31B2F340-016D-11D2-945F-00C04FB984F9). You can
> configure your stuff and then copy the content from one DC to a new one.
> But reset the ACLs afterwards!
It is that GUID indeed. I am not sure how I would copy the content from
the DC, however.

Not being a Windows person, my natural inclination would be to so it
server-side. Somehow diff the before and after ldbs and get a LDIF for
There's probably a better way however and I am getting beyond my
knowledge. I may have to accept that you just can't do the things in the
windows world that you can on the good-old *nix command line ;)


More information about the samba mailing list