[Samba] GPO fail and sysvol perm errors

Sonic sonicsmith at gmail.com
Wed Oct 28 13:24:16 UTC 2020 

Good day Loius,

On Wed, Oct 28, 2020 at 3:46 AM L.P.H. van Belle <belle at bazuin.nl> wrote:
> Ok, im guessing you can open the gpt.ini file fine, if you click that link, correct?
Yes, could open, read, edit, and save that file.

> Have you enable the "Always wait for network" GPO setting.
No, but I'm testing from clients with 'gpupdate /force' in powershell,
and not logon time.

> https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc727302(v=ws.10)?redirectedfrom=MSDN
> So here they say, delete and recreate, i dont think thats needed..
Just sysvolreset was all that was needed, if it was corrupt then
changing the perms shouldn't matter.

> I think  your solution is in this link.
> https://docs.microsoft.com/nl-nl/troubleshoot/windows-server/group-policy/permissions-this-gpo-inconsistent
I get no errors running GPMC.

> > After running sysvolreset the systems update fine. Problem is once I
> > add or edit a GPO (from Windows 10 20H2) everything fails until I run
> > sysvolreset again.
> Thats because there is something off in the rights or,.. due to,
> its trying to read it but the networks isnt ready yet.
Not a network ready issue (testing with up and running systems
manually running gpupdate).

> > > And which group is set on sysvol in general on the share tab.
>
> > This is the current info (I did run sysvolreset to get the GPO's
> > working again, so this is not with your settings, I can look into this
> > again later)
> > Owner is ADDOM\Administrator
> > Allow Everyone Full Control
> >
> That should be sufficient.
> And.. its not "my" settings.. ;-)  al can be found in : https://docs.microsoft.com/
>
> I also recommend you to read, since you also having remote location:
> https://docs.microsoft.com/en-us/windows-server/storage/folder-redirection/folder-redirection-rup-overview
Just one Windows 10 Pro 20H2 (QEMU/KVM) system. There's a site-to-site
vpn between my network and the target network (wireguard on OpenBSD)
which works quite well; can easily join systems to the domain, read
and write files, print etc.
Not using folder redirection, offline files, or roaming profiles.
Testing being done with very minimal GPO's - Chrome home page, no autorun, etc.

Chris

More information about the samba mailing list