[Samba] GPO fail and sysvol perm errors
sonicsmith at gmail.com
Wed Oct 28 13:24:16 UTC 2020
Good day Loius,
On Wed, Oct 28, 2020 at 3:46 AM L.P.H. van Belle <belle at bazuin.nl> wrote:
> Ok, im guessing you can open the gpt.ini file fine, if you click that link, correct?
Yes, could open, read, edit, and save that file.
> Have you enable the "Always wait for network" GPO setting.
No, but I'm testing from clients with 'gpupdate /force' in powershell,
and not logon time.
> So here they say, delete and recreate, i dont think thats needed..
Just sysvolreset was all that was needed, if it was corrupt then
changing the perms shouldn't matter.
> I think your solution is in this link.
I get no errors running GPMC.
> > After running sysvolreset the systems update fine. Problem is once I
> > add or edit a GPO (from Windows 10 20H2) everything fails until I run
> > sysvolreset again.
> Thats because there is something off in the rights or,.. due to,
> its trying to read it but the networks isnt ready yet.
Not a network ready issue (testing with up and running systems
manually running gpupdate).
> > > And which group is set on sysvol in general on the share tab.
> > This is the current info (I did run sysvolreset to get the GPO's
> > working again, so this is not with your settings, I can look into this
> > again later)
> > Owner is ADDOM\Administrator
> > Allow Everyone Full Control
> That should be sufficient.
> And.. its not "my" settings.. ;-) al can be found in : https://docs.microsoft.com/
> I also recommend you to read, since you also having remote location:
Just one Windows 10 Pro 20H2 (QEMU/KVM) system. There's a site-to-site
vpn between my network and the target network (wireguard on OpenBSD)
which works quite well; can easily join systems to the domain, read
and write files, print etc.
Not using folder redirection, offline files, or roaming profiles.
Testing being done with very minimal GPO's - Chrome home page, no autorun, etc.
More information about the samba