[Samba] Security descriptors options of Group Policies

Kees van Vloten keesvanvloten at gmail.com
Thu May 16 18:25:18 UTC 2024


On 16-05-2024 18:46, Rowland Penny via samba wrote:
> On Thu, 16 May 2024 17:40:45 +0200
> Olivier BILHAUT <obilhaut at fondation-misericorde.fr> wrote:
>
>> Thanks Rowland for once again, an analysis that looks good.
>>
>> To you,
>> is there a workaround at this stage ?
> Not from myself,it has been years since I looked into this and only
> really got has far as mapping the sysvol directory SDDLs on a 2012R2
> DC. It was at this point that I was basically told my python was crap
> (it wasn't said in that term, but it came across to me in that way), so
> I just gave up.
>
>> For others, let say someone that
>> had dev this part, any chance to see a change in the next version ?
> That's up to others, but I feel it will need to be a pretty large
> patch, If I an correct (and I might not be, though I seem to remember
> Louis Van Belle confirmed my findings), Samba has never used the
> correct ACLs on SYSVOL.
>
> Rowland

As a workaround you can decide to apply the correct acls, "samba-tool 
ntacl set" can do that. And then never use "samba-tool ntacl 
sysvolreset" again.

- Kees.




More information about the samba mailing list