[Samba] Samba and Winbind Group Policy
dmulder at samba.org
dmulder at samba.org
Tue Oct 5 17:28:47 UTC 2021
On 10/5/21 11:24 AM, Patrick Goetz via samba <samba at lists.samba.org> wrote:
> Hi David -
>
> Thanks for answering all these questions. One final question on this:
> Since the linux GPOs in some cases make changes to the client's
> filesystem (say by adding a cron job or files in /etc/security/access.d,
> what happens if the GPO is removed from the machine object -- does
> winbind clean up after itself and remove these files?
>
In Group Policy lingo, what you're describing is called 'policy tatooing'. Yes, samba-gpupdate cleans up after itself when policies are removed. If you come across a policy that does not, then it is a bug and should be reported.
FYI, there is also a command to manually force policy removal `samba-gpupdate --unapply`. I'll document this in that wiki article also.
More information about the samba
mailing list