[Samba] Problem sysvolreset
Rowland Penny
rpenny at samba.org
Tue Mar 21 16:27:04 UTC 2017
On Tue, 21 Mar 2017 17:09:22 +0100
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> Hai,
>
>
>
> Here you go my output of the R2008R2. (64bit)
>
>
>
> 1) original GPO from the install ( the domain controller policy )
>
> Path :
> Microsoft.PowerShell.Core\FileSystem::C:\Windows\SYSVOL\domain\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}
>
> Owner : BUILTIN\Administrators
>
> Group : NT AUTHORITY\SYSTEM
>
This is the same as what I found, the default policies get the above
ownership.
>
> 2) and just now created GPO, didnt touch it at al.
>
> Path :
> Microsoft.PowerShell.Core\FileSystem::C:\Windows\SYSVOL\domain\Policies\{EDC26216-625D-42D7-8443-9003D427DEF5}
>
> Owner : ROTTERDAM\Domain Admins
>
> Group : ROTTERDAM\Domain Admins
>
> Access : CREATOR OWNER Allow FullControl
>
> NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Allow
> ReadAndExecute, Synchronize
>
> NT AUTHORITY\Authenticated Users Allow ReadAndExecute,
> Synchronize
>
> NT AUTHORITY\SYSTEM Allow FullControl
>
> ROTTERDAM\Domain Admins Allow FullControl
>
> ROTTERDAM\Enterprise Admins Allow FullControl
>
> Audit :
>
> Sddl :
> O:DAG:DAD:PAI(A;OICIIO;FA;;;CO)(A;OICI;0x1200a9;;;ED)(A;OICI;0x1200a9;;;AU)(A;OICI;FA;;;SY)(A;OICI;FA;;;DA)(A;OICI;FA;;;EA)
Now do you believe me when I say Domain Admins shouldn't have a
gidNumber ?
Rowland
More information about the samba
mailing list