[Samba] GPO permissions

Kris Lou klou at themusiclink.net
Fri Feb 15 19:25:10 UTC 2019

Hi all,

Just another GPO Permissions question.

I'm trying to track down why some GPOs are essentially invisible to the
clients, even though they exist in GPM and the files exist.  So, they
aren't being applied or denied.  What's the current wisdom on GPO ownership?

In GPM, the applicable object is "owned" by Domain Admins, but the
\\DC\sysvol\SAMDOM\Policies\{UUID} should be owned by root (via FS side)
and SAMDOM\Administrator?

For some reason, I've got a mix of root:SAMDOM\domain admins,
root:BUILTIN\administrators, and 3000010:SAMDOM\domain admins on the FS
side.  This last one (300010) is SAMDOM\Domain Admins, from GPM.


Kris Lou
klou at themusiclink.net

More information about the samba mailing list