[Samba] Missing features in RSAT Group Policy Manager (Debian as Samba PDC)

itdept_head itdept_head at grown-up.com
Wed Mar 15 03:39:39 UTC 2023 


On 15/3/2023, 2:44 AM, "samba on behalf of Kris Lou via samba" <samba-bounces at lists.samba.org <mailto:samba-bounces at lists.samba.org> on behalf of samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:


Perhaps check your user groups? Are you launching elevated RSAT with a
Domain Admin?


Kris Lou
klou at themusiclink.net <mailto:klou at themusiclink.net>




On Tue, Mar 14, 2023 at 10:54 AM Peter Milesson via samba <
samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:


>
>
> On 14.03.2023 16:47, Dennis Binkhorst via samba wrote:
> > This took me a while to figure out because for some reason all of a
> sudden
> > I was able to see the *Account Policies *and *Local Policies *from
> Windows
> > 11 RSAT Group Policy Manager.
> > After rebooting Windows 11 these policies disappeared again to never
> > return, and on the existing Windows 10 Pro machine these policies weren't
> > visible at all, ever.
> >
> > I did a fresh Windows 10 Pro install, using an older ISO from MSDN, 20H2
> > update and all policies were visible using Windows 10 RSAT Group Policy
> > Manager.
> > After several reboots I noticed everything kept working as should. I was
> > able to create GPO's, set permissions, deploy MSI's, map drives.
> >
> > So what Windows versions work?
> > *Windows 10 Pro Version 20H2 (10.0.19042)*
> >
> > Those that do not work:
> > *Windows 10 Pro Version 22H2 (10.0.19045)*
> > *Windows 11 Pro Version 22H2 (10.0.22621)*
> >
> > I am assuming some security update is causing these issues so I will
> update
> > the working *Windows 10 Pro Version 20H2* build with Windows Updates
> until
> > it doesn't work anymore.
> Hi Dennis,
>
> That's utterly strange. I have got Windows 10 Pro 22H2 installed and
> both policies are available in the RSAT tool. I have got the RSAT tools
> installed for a couple of years, and always upgraded my Windows 10
> installation when major upgrades were available. I searched for this
> problem and there was a hit on:
>
>
> https://learn.microsoft.com/en-us/troubleshoot/windows-server/group-policy/group-policy-areas-missing <https://learn.microsoft.com/en-us/troubleshoot/windows-server/group-policy/group-policy-areas-missing>
>
> There were some more hits, but the one above seemed to nail the problems
> you have got. I'm no wizard with GPO's, but it seems this a M$ problem,
> not a Samba problem.
>
> Best regards,
>
> Peter
>
>
> --
Try running:
samba-tool ntacl sysvolcheck
samba-tool ntacl sysvolreset


I've seen some versions of windows  be unable to read  GPO in sysvol, others fine, but after running this , if there were errors it seems to clean up for all.
The RSAT GPO editor seemed to be doing something every time it opened or touched the SYSVOL related to GPO

More information about the samba mailing list