[Samba] GPOs not Working!
Robert Marcano
robert at marcanoonline.com
Wed Feb 7 02:18:41 UTC 2018
On 02/06/2018 03:24 PM, L.P.H. van Belle via samba wrote:
> ok,
>
> do the following.
> set ignore systemacl to yes on sysvol and netlogon.
Added "acl_xattr:ignore system acls = yes" to both shares, restarted the
server
>
> login as dom\administrator
> computer manager, connect to dc.
> share sysvol, goto share security, reset to defalts.
> same for folder.
I don't get the "Reset to defaults" option. There are two security
related tabs, "Permission of shared resources" (or something like that,
Windows is not in English) with only permissions for Everyone with Full
control, Change and Read.
The other tab is the standard "Security" tab, those tabs don't show any
reset to default option
>
> goto gpo manager,
> klik on every gpo object, if one has wrong acl, you get a message to reset it, thats ok.
>
> now never samba-tool sysvol reset
> if you do, you might need to set share/file security again.
>
> Greetz
> Louis
>
> p.s rowland, now you can change the default gpo’s also.
>
>
>
>> Op 6 feb. 2018 om 20:14 heeft Rowland Penny via samba <samba at lists.samba.org> het volgende geschreven:
>>
>> On Tue, 6 Feb 2018 15:03:16 -0400
>> Robert Marcano via samba <samba at lists.samba.org> wrote:
>>
>>> Thanks for the information, to use a default GPO was a simple way to
>>> try to encourage someone to reproduce the problem.
>>>
>>> I already created new GPOs (this is a test domain) Using the default
>>> filter for a new GPO, "Authenticated users", creating a new group for
>>> the test clients and using that as the filter, checking it have the
>>> right permissions (apply), checking every guide about applying GPO to
>>> computers. Using OUs and using domain level GPOs.
>>>
>>> What I find weird is that gpresult doesn't list the computer as a
>>> member of groups I create, only a few predefined ones:
>>>
>>> NULL SID
>>> NT AUTHORITY\NETWORK,
>>> This company,
>>> and something like "mandatory level of no trust" (Windows is not in
>>> english)
>>>
>>
>> Do not alter the two default GPOs, it doesn't work ;-)
>>
>> Creating new GPOs should work, just do not run sysvolreset after
>> creating them.
>>
>> Rowland
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
>
More information about the samba
mailing list