[Samba] Sysvol issues after DC migration

Rowland penny rpenny at samba.org
Mon Mar 15 19:43:33 UTC 2021


On 15/03/2021 19:30, Oleg Blyahher via samba wrote:
> Ok, thanks Rowland. I've made it a further now, and the script runs to 
> the point it tells me the following:
>
> Set your sysvol SHARE permissions as followed. EVERYONE: READ 
> Authenticated Users: FULL CONTROL (BUILTIN or NTDOM)\Administrators: 
> FULL CONTROL (BUILTIN or NTDOM)\SYSTEM, FULL CONTROL User/Group system 
> is added compaired to a win2008R2 sysvol, you need this for some GPO 
> settings. Set your sysvol FOLDER permissions as followed. 
> Authenticated Users: Read & Exec, Show folder content, Read (BUILTIN 
> or NTDOM)\Administrators: FULL CONTROL (BUILTIN or NTDOM)\SYSTEM, FULL 
> CONTROL
>
>
> I've opened up Computer Management as the domain admin, but I can't do 
> any changes in the permissions. It keeps telling me "Access is denied" 
> whenever I try to modify the share or security permissions. Right now 
> "Everyone" have full access in the share permissions. I can't even see 
> the owners there.
>
> Any point in modifying the sysvol folder with setfacl? Where should I 
> look next?


Does 'Administrator' have a uidNumber ?

Does:

wbinfo -i Administrator | awk -F ':' '{print $3}'

Return '0' ?

If it doesn't, remove the uidNumber from Administrator.

Rowland





More information about the samba mailing list