[Samba] Policies for AD clients (still poledit only ?).
Robert Marcano
robert at marcanoonline.com
Wed Oct 21 12:59:13 UTC 2020
On 10/21/20 5:44 AM, Peter Boos via samba wrote:
> So only for old NT4 style PDC - BDC environment one needs poledit.
Even if you are running an NT4 domain and manage a recent Windows client
to join it, poledit based policies never applied to them, IIRC since
Windows Vista (or 7) even that NT4 domains still worked at launch, the
policies were ignored.
>
> While AD's (with virtual pdc role servers) can use the MMC.
>
> We got a pure Samba AD environment and thus it should work.
> Be it that we might not have all mmc templates (not yet checked that).
>
> Thanks Viktor.
>
>
>
> -----Original message-----
> From: Viktor Trojanovic <viktor at troja.ch>
> Sent: Wednesday 21st October 2020 11:14
> To: Peter Boos <peter.boos at quest-innovations.com>; samba at lists.samba.org
> Subject: Re: [Samba] Policies for AD clients (still poledit only ?).
>
> In the article you provided you'll find the following paragraph:
>
> :::
> Currently Samba, the Free Software SMB Server, does not implement Active Directory functionality when using it as a Primary Domain Controller. If you deploy any Samba PDCs you will want to master System Policies using the SPE. So this article will cover the basics of Microsoft's older System Policy Editor, how to obtain it, use it and implement it's policies.
> :::
>
> So this is specifically not about an AD setup and therefore not relevant for you IMHO.
>
> Viktor
>
> On October 21, 2020 10:32:32 Peter Boos via samba <samba at lists.samba.org> wrote:
>
> I'm creating a deploy plan, for strict client policies (to comply to ISO standards and security)
> For mixed win 7 enterprise and win 10 enterprise on a Samba Active Directory.
>
> On the lookout if Samba would be any different towards client policies.
> I did some googling, and got pointed to old samba articles of 2007:
>
> https://wiki.samba.org/index.php/Implementing_System_Policies_with_Samba
>
> Saying that samba allows only for poledit.exe (not the mmc variants?)
> Is this still the case ?
> And why?, as there is a policy editor mmc on a win 10 pro client.
> And even non win 10 pro clients have ways to get it.
>
>
>
>
>
>
>
> -----Original message-----
> From: samba-request at lists.samba.org <samba-request at lists.samba.org>
> Sent: Tuesday 20th October 2020 14:00
> To: samba at lists.samba.org
> Subject: samba Digest, Vol 214, Issue 19
>
> Send samba mailing list submissions to
> samba at lists.samba.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.samba.org/mailman/listinfo/samba
> or, via email, send a message with subject or body 'help' to
> samba-request at lists.samba.org
>
> You can reach the person managing the list at
> samba-owner at lists.samba.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of samba digest..."
> Today's Topics:
>
> 1. Re: Samba AD with multiple DC and multiple NICs (Rowland penny)
> 2. DNS Records (Nico B)
> 3. Re: DNS Records (Rowland penny)
> 4. Re: DNS Records (Jon Gerdes)
> 5. Re: Samba AD with multiple DC and multiple NICs (Stefano Vargiu)
> 6. Re: Samba AD with multiple DC and multiple NICs (Stefano Vargiu)
> 7. Replication issues / local DRS authentication failure
> (Derek Lambert)
> 8. Re: Replication issues / local DRS authentication failure
> (Rowland penny)
> 9. Re: Replication issues / local DRS authentication failure
> (Rowland penny)
> _______________________________________________
> samba mailing list
> samba at lists.samba.org
> https://lists.samba.org/mailman/listinfo/samba
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list