[Samba] GPOs not Working!
L.P.H. van Belle
belle at bazuin.nl
Wed Feb 7 09:03:00 UTC 2018
Ow and one more thing.
Dom?nentyp: Windows 2000
Maybe its also time to upgrade the domain level to 2008R2 minimal.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Robert Marcano via samba
> Verzonden: woensdag 7 februari 2018 3:19
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] GPOs not Working!
>
> On 02/06/2018 03:24 PM, L.P.H. van Belle via samba wrote:
> > ok,
> >
> > do the following.
> > set ignore systemacl to yes on sysvol and netlogon.
>
> Added "acl_xattr:ignore system acls = yes" to both shares,
> restarted the
> server
>
> >
> > login as dom\administrator
> > computer manager, connect to dc.
> > share sysvol, goto share security, reset to defalts.
> > same for folder.
>
> I don't get the "Reset to defaults" option. There are two security
> related tabs, "Permission of shared resources" (or something
> like that,
> Windows is not in English) with only permissions for Everyone
> with Full
> control, Change and Read.
>
> The other tab is the standard "Security" tab, those tabs
> don't show any
> reset to default option
>
> >
> > goto gpo manager,
> > klik on every gpo object, if one has wrong acl, you get a
> message to reset it, thats ok.
> >
> > now never samba-tool sysvol reset
> > if you do, you might need to set share/file security again.
> >
> > Greetz
> > Louis
> >
> > p.s rowland, now you can change the default gpo?s also.
> >
> >
> >
> >> Op 6 feb. 2018 om 20:14 heeft Rowland Penny via samba
> <samba at lists.samba.org> het volgende geschreven:
> >>
> >> On Tue, 6 Feb 2018 15:03:16 -0400
> >> Robert Marcano via samba <samba at lists.samba.org> wrote:
> >>
> >>> Thanks for the information, to use a default GPO was a
> simple way to
> >>> try to encourage someone to reproduce the problem.
> >>>
> >>> I already created new GPOs (this is a test domain) Using
> the default
> >>> filter for a new GPO, "Authenticated users", creating a
> new group for
> >>> the test clients and using that as the filter, checking
> it have the
> >>> right permissions (apply), checking every guide about
> applying GPO to
> >>> computers. Using OUs and using domain level GPOs.
> >>>
> >>> What I find weird is that gpresult doesn't list the computer as a
> >>> member of groups I create, only a few predefined ones:
> >>>
> >>> NULL SID
> >>> NT AUTHORITY\NETWORK,
> >>> This company,
> >>> and something like "mandatory level of no trust"
> (Windows is not in
> >>> english)
> >>>
> >>
> >> Do not alter the two default GPOs, it doesn't work ;-)
> >>
> >> Creating new GPOs should work, just do not run sysvolreset after
> >> creating them.
> >>
> >> Rowland
> >>
> >>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba
> >>
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list