[Samba] GPO administration right on the station for ordinary user
Miguel Medalha
medalist at sapo.pt
Mon Apr 3 19:30:58 UTC 2017
> I verified the Wiki doc and here it works like described (without
> setting a filter). I did exactly what is described in the Wiki. To
> verify, I added a regular domain user to the domain group I set in the
> GPO, and after I log in as this user on a domain member, this account
> had local admin permissions.
>
> Doesn't this work in your installation? What happens if you don't set
> the filter?
>
Some months ago my GPOs suddenly stopped being applied. After much head
scratching I found that a Windows 7 security update had brought a change
of behavior on the part of the Windows 7 clients.
MS16-072: Security update for Group Policy: June 14, 2016
https://support.microsoft.com/en-gb/kb/3159398
The following page explains the issues and the corrective measures.
https://support.microsoft.com/en-gb/kb/3163622
In sum, the "Authenticated Users" and "Domain Computers" group MUST have
Read Permissions on the Group Policy Object (GPO).
I reported this problem and its solution to this list:
https://lists.samba.org/archive/samba/2016-July/201546.html
More information about the samba
mailing list