[Samba] gpo failure

Marc Muehlfeld mmuehlfeld at samba.org
Tue Oct 6 17:28:15 UTC 2015


Hello Mourik,

Am 06.10.2015 um 17:41 schrieb mourik jan c heupink:
> So does this mean this GPO is a corrupt one..? Looking it up in the
> windows Group Policy Management, it seems the policy in question is
> the Default Domain Policy.

The two GUID directories, that exist on every AD DC, are

{6AC1786C-016F-11D2-945F-00C04FB984F9} = Default Domain Controller Policy
{31B2F340-016D-11D2-945F-00C04FB984F9} = Default Domain Policy

So yours is a GPO, you had created.



> Taking a look at the DC's, I see that the directories exist, but the
> file "registry.pol" does NOT exist on any of our 3 DCs.

That's normal. If you create a new GPO, the GPMC only created the GUID
folder, that contains an empty Machine and User folder and the GPT.INI
file. Nothing else.

When you define your first policy using the GPME, the registry.pol file
is created in the Machine/User folder - depending where your change is
located.

If you don't know to which GPO the GUID belongs, open the GPMC, expand
"Group Policy Objects". When you click each entry, the "Details" tab
shows you the GUID.



> EventData
>   SupportInfo1 2
>   SupportInfo2 1232
>   ProcessingMode 1
>   ProcessingTimeInMilliseconds 1638
>   ErrorCode 5
>   ErrorDescription Access is denied.
>   DCName \\dc4.samba.company.com
>   GPOCNName
> LDAP://CN=User,CN={12B62F356-336D-14D5-896F-00C04FB984F9},CN=Policies,CN=System,DC=samba,DC=company,DC=com
> 
>   FilePath
> \\samba.company.com\sysvol\samba.company.com\Policies\{12B62F356-336D-14D5-896F-00C04FB984F9}\User\registry.pol

Have you verified, that the error "Access is denied" is correct?

# samba-tool ntacl sysvolreset
resets the ACLs in SYSVOL to defaults.



Regards,
Marc



More information about the samba mailing list