[Samba] Deploy software in fileserver folder

Elias Pereira empbilly at gmail.com
Fri Jan 12 11:05:41 UTC 2018 

Hello Denis, thanks for the answer!!!

so for accessing a share on the file server, you'll need to add read rights
> for "domain computers" group


Is this read permission for the domain computer I need to configure in the
deploy software GPO, sharing folder or both?

 psexec -i -s cmd
>     net use F: \\server\sharename
>     dir f:


At first I was able to execute the commands above. At first I had to run a
cmd with adm privileges, because in the normal user it was denied access.
After that the mapping worked and I got the access in F:



On Thu, Jan 11, 2018 at 2:06 PM, Denis Cardon <dcardon at tranquil.it> wrote:

> Hi Elias,
>
> I thought it worked, but after I uninstalled the software that I deployed
>> via user scope, it did not reinstall. I selected the "Redeploy
>> application"
>> option, but it also did not work.
>>
>
> The user scope GPO are run with the privileges and access tokens of the
> logged on user, so the user have local admin rights for install and need
> access rights to the share you are putting your installation files (read
> rights for "domain users" group for example).
>
> The computer scope GPO are run with maximum privileges using LocalSystem
> account. LocalSystem has access to machine kerberos credentials, so for
> accessing a share on the file server, you'll need to add read rights for
> "domain computers" group. You can check that your computer account can
> connect to a share by login in as LocalSystem using psexec:
>   psexec -i -s cmd
>     net use F: \\server\sharename
>     dir f:
>
> Any way, you'd be better at using a software deployment solution for that
> task (GPO are really not good at that, even Microsoft would advise you to
> use ConfigMgr/SCCM). I'm partial on that point as I'm one of the
> developers, but I'd advise you to check out WAPT [2].
>
> Cheers,
>
> Denis
>
> [1] https://docs.microsoft.com/en-us/sysinternals/downloads/pstools
> [2] https://wapt.fr/en
>
>
>
>> I read that in the user scope there are 2 installation options:
>>
>> - Deployed to User, Assigned Software - Not installed until the default is
>> opened in the Programs Folder in the Start Menu.
>> - Deploy to User, Published Software - Not installed until initiated to be
>> installed from the "Programs and Features".
>>
>> I used both options and it was not installed either.
>>
>> I want to try to install via computer scope and into a fileserver folder
>> because of disk space in AD.
>>
>> Is there any other way to set this up?
>>
>>
>> On Thu, Jan 11, 2018 at 8:48 AM, Elias Pereira <empbilly at gmail.com>
>> wrote:
>>
>> Hey Luke, thanks for the help!!! It's working now!!!
>>>
>>> God bless you and your family!! :D
>>>
>>> Remember that GPOs need to run as the context of either the computer or
>>>
>>>> the user. Computers typically do not have access to many folders on a
>>>> file
>>>> server, even as "Everyone". That is why the NETLOGON folder works.
>>>>
>>>> If you're deploying as a USER configuration, then it should run as the
>>>> context of the user, meaning the Everyone permission would work.
>>>>
>>>>
>>> On Wed, Jan 10, 2018 at 6:07 PM, Elias Pereira <empbilly at gmail.com>
>>> wrote:
>>>
>>> Luke,
>>>>
>>>> I'm running via computer scope and I believe that's the problem. Later I
>>>> will test and give a return if that was the detail.
>>>>
>>>>
>>>> Em 10 de jan de 2018 15:47, "Luke Barone" <lukebarone at gmail.com>
>>>> escreveu:
>>>>
>>>> Which GPO? Computer or User Configuration?
>>>>
>>>> Remember that GPOs need to run as the context of either the computer or
>>>> the user. Computers typically do not have access to many folders on a
>>>> file
>>>> server, even as "Everyone". That is why the NETLOGON folder works.
>>>>
>>>> If you're deploying as a USER configuration, then it should run as the
>>>> context of the user, meaning the Everyone permission would work.
>>>>
>>>> On Wed, Jan 10, 2018 at 9:45 AM, Elias Pereira <empbilly at gmail.com>
>>>> wrote:
>>>>
>>>> Sorry for a lack of information. I'm using GPOs for deploy the software.
>>>>>
>>>>> Em 10 de jan de 2018 3:00 PM, "Luke Barone" <lukebarone at gmail.com>
>>>>> escreveu:
>>>>>
>>>>> How are you deploying the software? You've given us very little
>>>>>
>>>>> On Jan 10, 2018 7:01 AM, "Elias Pereira via samba" <
>>>>> samba at lists.samba.org> wrote:
>>>>>
>>>>> I tested putting "everyone" with full permission on the folder, but
>>>>>> still
>>>>>> the software deploy does not work.
>>>>>>
>>>>>> Any idea?
>>>>>>
>>>>>> On Tue, Jan 9, 2018 at 11:37 AM, Elias Pereira <empbilly at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>> Hello list,
>>>>>>>
>>>>>>> I tried to set up a folder on our fileserver domain member, so I can
>>>>>>> deploy software for users' machines, but is not working.
>>>>>>>
>>>>>>> If I put the software inside "netlogon" it installs correctly.
>>>>>>>
>>>>>>> \\172.16.1.7\storage\programs
>>>>>>>
>>>>>>> Auth Users - read & execute, list folder contents, read and write
>>>>>>>
>>>>>>> Do I need other permissions?
>>>>>>>
>>>>>>> --
>>>>>>> Elias Pereira
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Elias Pereira
>>>>>> --
>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>> --
>>> Elias Pereira
>>>
>>>
>>
>>
>>
> --
> Denis Cardon
> Tranquil IT Systems
> Les Espaces Jules Verne, bâtiment A
> 12 avenue Jules Verne
> 44230 Saint SĂ©bastien sur Loire
> tel : +33 (0) 2.40.97.57.55
> http://www.tranquil-it-systems.fr
>
>


-- 
Elias Pereira

More information about the samba mailing list