[Samba] GPOs: only Default Domain Policy is being applied, ohers are ignored -- SOLVED
Miguel Medalha
medalist at sapo.pt
Tue Jul 26 17:39:44 UTC 2016
>> I recently discovered that only the Default Domain Policy is being applied.
>> All other GPOs seem to be ignored. All Sysvol filesystem objects have the right permissions. Both DCs are running
>> Samba 4.4.3 over CentOS 7. There are no related errors in logs or Windows Event Viewer. Other policies did work
>> before. I noticed that the corresponding filesystem objects were lastly placed on users’desktops four days go.
This problem was not Samba related, it was caused by a Microsoft security update for Group Policy applied to the Windows clients. The culprit was mainly the following:
MS16-072: Security update for Group Policy: June 14, 2016
https://support.microsoft.com/en-gb/kb/3159398
The following page explains the issues and the corrective measures.
https://support.microsoft.com/en-gb/kb/3163622
In sum:
Add the Authenticated Users group with Read Permissions on the Group Policy Object (GPO).
If you are using security filtering, add the Domain Computers group with read permission.
More information about the samba
mailing list