[Samba] GPOs not Working!

L.P.H. van Belle belle at bazuin.nl
Wed Feb 7 09:03:00 UTC 2018 

Ow and one more thing. 

Dom?nentyp:                           Windows 2000 
Maybe its also time to upgrade the domain level to 2008R2 minimal. 

Greetz, 

Louis
 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Robert Marcano via samba
> Verzonden: woensdag 7 februari 2018 3:19
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] GPOs not Working!
> 
> On 02/06/2018 03:24 PM, L.P.H. van Belle via samba wrote:
> > ok,
> > 
> > do the following.
> > set ignore systemacl to yes on sysvol and netlogon.
> 
> Added "acl_xattr:ignore system acls = yes" to both shares, 
> restarted the 
> server
> 
> > 
> > login as dom\administrator
> > computer manager, connect to dc.
> > share sysvol, goto share security, reset to defalts.
> > same for folder.
> 
> I don't get the "Reset to defaults" option. There are two security 
> related tabs, "Permission of shared resources" (or something 
> like that, 
> Windows is not in English) with only permissions for Everyone 
> with Full 
> control, Change and Read.
> 
> The other tab is the standard "Security" tab, those tabs 
> don't show any 
> reset to default option
> 
> > 
> > goto gpo manager,
> > klik on every gpo object, if one has wrong acl, you get a 
> message to reset it, thats ok.
> > 
> > now never samba-tool sysvol reset
> > if you do, you might need to set share/file security again.
> > 
> > Greetz
> > Louis
> > 
> > p.s rowland, now you can change the default gpo?s also.
> > 
> > 
> > 
> >> Op 6 feb. 2018 om 20:14 heeft Rowland Penny via samba 
> <samba at lists.samba.org> het volgende geschreven:
> >>
> >> On Tue, 6 Feb 2018 15:03:16 -0400
> >> Robert Marcano via samba <samba at lists.samba.org> wrote:
> >>
> >>> Thanks for the information, to use a default GPO was a 
> simple way to
> >>> try to encourage someone to reproduce the problem.
> >>>
> >>> I already created new GPOs (this is a test domain) Using 
> the default
> >>> filter for a new GPO, "Authenticated users", creating a 
> new group for
> >>> the test clients and using that as the filter, checking 
> it have the
> >>> right permissions (apply), checking every guide about 
> applying GPO to
> >>> computers. Using OUs and using domain level GPOs.
> >>>
> >>> What I find weird is that gpresult doesn't list the computer as a
> >>> member of groups I create, only a few predefined ones:
> >>>
> >>>    NULL SID
> >>>    NT AUTHORITY\NETWORK,
> >>>    This company,
> >>>    and something like "mandatory level of no trust" 
> (Windows is not in
> >>> english)
> >>>
> >>
> >> Do not alter the two default GPOs, it doesn't work ;-)
> >>
> >> Creating new GPOs should work, just do not run sysvolreset after
> >> creating them.
> >>
> >> Rowland
> >>
> >>
> >>
> >> -- 
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >>
> > 
> > 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list