[Samba] Group policy not applied problem
Kees van Vloten
keesvanvloten at gmail.com
Thu May 29 13:57:39 UTC 2025
On 29-05-2025 15:32, Olaf Frączyk via samba wrote:
> Hello,
>
> I try to get group policies working.
>
> I have created a test policy for a group of computers
> "Workstations-Promienista".
>
> The group has one computer now: "SUNSHINE".
>
> The policy is generated on the samba server sysvol:
> {CF9B4F2F-9CB4-4A36-A5A0-91D18A20655B}.
>
A GPO is more than a set of files on sysvol, there are also LDAP entries
required.
You can use "samba-tool gpo create" to create a GPO: LDAP + an empty
sysvol directory and then add your files there. Another option is to
create it from Windows with GPMC.
- Kees.
> [root at dc1 Policies]# tree
> .
> ├── {31B2F340-016D-11D2-945F-00C04FB984F9}
> │ └── GPT.INI
> ├── {6AC1786C-016F-11D2-945F-00C04FB984F9}
> │ └── GPT.INI
> ├── {7AE52791-EC45-43AA-8289-022DF5AB0AFC}
> │ ├── GPT.INI
> │ ├── Machine
> │ └── User
> │ ├── Applications
> │ ├── comment.cmtx
> │ ├── Documents & Settings
> │ ├── Registry.pol
> │ └── Scripts
> │ ├── Logoff
> │ └── Logon
> └── {CF9B4F2F-9CB4-4A36-A5A0-91D18A20655B}
> ├── GPT.INI
> ├── Machine
> │ ├── comment.cmtx
> │ └── Registry.pol
> └── User
>
> 13 directories, 8 files
>
> However it is not applied on the target computer:
>
> PS C:\WINDOWS\system32> gpresult /r /scope computer
>
> Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
> © Microsoft Corporation. All rights reserved.
>
> Created on 2025-05-29 at 15:02:31
>
>
> RSOP data for on SUNSHINE : Logging Mode
> ------------------------------------------
>
> OS Configuration: Member Workstation
> OS Version: 10.0.19045
> Site Name: Default-First-Site-Name
> Roaming Profile:
> Local Profile:
> Connected over a slow link?: No
>
>
> COMPUTER SETTINGS
> ------------------
> CN=SUNSHINE,CN=Computers,DC=navidom,DC=office,DC=navi,DC=pl
> Last time Group Policy was applied: 2025-05-29 at 14:51:50
> Group Policy was applied from: dc2.navidom.office.navi.pl
> <http://dc2.navidom.office.navi.pl>
> Group Policy slow link threshold: 500 kbps
> Domain Name: NAVIDOM
> Domain Type: Windows 2008 or later
>
> Applied Group Policy Objects
> -----------------------------
> Default Domain Policy
> Local Group Policy
>
> The computer is a part of the following security groups
> -------------------------------------------------------
> BUILTIN\Administrators
> Everyone
> BUILTIN\Users
> NT AUTHORITY\NETWORK
> NT AUTHORITY\Authenticated Users
> This Organization
> SUNSHINE$
> Domain Computers
> Workstations-Promienista
> Authentication authority asserted identity
> Claims Valid
> System Mandatory Level
>
> Below are links to images of the created GPO on google drive:
> https://drive.google.com/file/d/1RzMFYtzRFRw0TYl2YJnpV7W-H__566xW/view?usp=sharing
>
> https://drive.google.com/file/d/1VHHgcRY4X6yZS6A28_Nb0ztq6y2VFry6/view?usp=sharing
>
> https://drive.google.com/file/d/1fcx1YNephjvzCSkCcFzFWo_Ut50FDvkP/view?usp=sharing
>
> https://drive.google.com/file/d/10f7h2OQ3Ok88TMTjmr2QiX3rN-uQKUr4/view?usp=sharing
>
>
> Could somebody please help me find the problem?
>
> I also tried with a user policy
> {7AE52791-EC45-43AA-8289-022DF5AB0AFC}, but it doesn't work too.
>
> Best regards,
>
> Olaf Frączyk
>
More information about the samba
mailing list