[Samba] GPO administration right on the station for ordinary user
L.P.H. van Belle
belle at bazuin.nl
Tue Apr 4 06:21:48 UTC 2017
Well first, no you did nothing wrong here.
This was fine when you wrote it, but after the BadLock Bug,
Microsoft change the way some policies are applied.
A good explaination here.
> -----Oorspronkelijk bericht-----
> Van: Marc Muehlfeld [mailto:mmuehlfeld at samba.org]
> Verzonden: maandag 3 april 2017 17:22
> Aan: L.P.H. van Belle; samba at lists.samba.org
> Onderwerp: Re: [Samba] GPO administration right on the station for
> ordinary user
> Hi Louis,
> Am 03.04.2017 um 17:01 schrieb L.P.H. van Belle via samba:
> > But thats missing info.. :-(
> > Maybe its also a good thing to add just after the first picture on the
> > That the security filter on the GPO MUST have "authenticated users" or
> Domain computer group.
> > You decide.
> thanks for bringing this up. I will verify this later.
> I'm 85% sure, I never set a security filter on GPOs. On the other side,
> it's more than 2 years ago that I wrote this doc and even longer that I
> implemented restricted groups in a production AD. So it's possible that
> I'm wrong. :-)
> I looked at some other guides online that describe restricted groups,
> but none (incl. the one you posted in this thread) tells about changing
> the default filter settings.
> Why do I need this filter and what happens if I don't set it?
More information about the samba