[Samba] Samba and Winbind Group Policy

dmulder at samba.org dmulder at samba.org
Tue Oct 5 17:28:47 UTC 2021


On 10/5/21 11:24 AM, Patrick Goetz via samba <samba at lists.samba.org> wrote:
> Hi David -
> 
> Thanks for answering all these questions. One final question on this: 
> Since the linux GPOs in some cases make changes to the client's 
> filesystem (say by adding a cron job or files in /etc/security/access.d,
> what happens if the GPO is removed from the machine object -- does 
> winbind clean up after itself and remove these files?
> 

In Group Policy lingo, what you're describing is called 'policy tatooing'. Yes, samba-gpupdate cleans up after itself when policies are removed. If you come across a policy that does not, then it is a bug and should be reported.
FYI, there is also a command to manually force policy removal `samba-gpupdate --unapply`. I'll document this in that wiki article also.



More information about the samba mailing list