[Samba] Group policy not applied problem
Olaf Frączyk
olaf at navi.pl
Thu May 29 17:35:14 UTC 2025
Hello,
I was creating the GPO from windows, using group policy tool from RSAT.
I have found out what was wrong: when I create new GPO - the "Links"
field is empty - I need to link the domain there and then it works
correctly :)
Best regards,
Olaf
On 2025-05-29 15:57, Kees van Vloten via samba wrote:
>
> On 29-05-2025 15:32, Olaf Frączyk via samba wrote:
>> Hello,
>>
>> I try to get group policies working.
>>
>> I have created a test policy for a group of computers
>> "Workstations-Promienista".
>>
>> The group has one computer now: "SUNSHINE".
>>
>> The policy is generated on the samba server sysvol:
>> {CF9B4F2F-9CB4-4A36-A5A0-91D18A20655B}.
>>
> A GPO is more than a set of files on sysvol, there are also LDAP
> entries required.
>
> You can use "samba-tool gpo create" to create a GPO: LDAP + an empty
> sysvol directory and then add your files there. Another option is to
> create it from Windows with GPMC.
>
> - Kees.
>
>> [root at dc1 Policies]# tree
>> .
>> ├── {31B2F340-016D-11D2-945F-00C04FB984F9}
>> │ └── GPT.INI
>> ├── {6AC1786C-016F-11D2-945F-00C04FB984F9}
>> │ └── GPT.INI
>> ├── {7AE52791-EC45-43AA-8289-022DF5AB0AFC}
>> │ ├── GPT.INI
>> │ ├── Machine
>> │ └── User
>> │ ├── Applications
>> │ ├── comment.cmtx
>> │ ├── Documents & Settings
>> │ ├── Registry.pol
>> │ └── Scripts
>> │ ├── Logoff
>> │ └── Logon
>> └── {CF9B4F2F-9CB4-4A36-A5A0-91D18A20655B}
>> ├── GPT.INI
>> ├── Machine
>> │ ├── comment.cmtx
>> │ └── Registry.pol
>> └── User
>>
>> 13 directories, 8 files
>>
>> However it is not applied on the target computer:
>>
>> PS C:\WINDOWS\system32> gpresult /r /scope computer
>>
>> Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
>> © Microsoft Corporation. All rights reserved.
>>
>> Created on 2025-05-29 at 15:02:31
>>
>>
>> RSOP data for on SUNSHINE : Logging Mode
>> ------------------------------------------
>>
>> OS Configuration: Member Workstation
>> OS Version: 10.0.19045
>> Site Name: Default-First-Site-Name
>> Roaming Profile:
>> Local Profile:
>> Connected over a slow link?: No
>>
>>
>> COMPUTER SETTINGS
>> ------------------
>> CN=SUNSHINE,CN=Computers,DC=navidom,DC=office,DC=navi,DC=pl
>> Last time Group Policy was applied: 2025-05-29 at 14:51:50
>> Group Policy was applied from: dc2.navidom.office.navi.pl
>> <http://dc2.navidom.office.navi.pl>
>> Group Policy slow link threshold: 500 kbps
>> Domain Name: NAVIDOM
>> Domain Type: Windows 2008 or later
>>
>> Applied Group Policy Objects
>> -----------------------------
>> Default Domain Policy
>> Local Group Policy
>>
>> The computer is a part of the following security groups
>> -------------------------------------------------------
>> BUILTIN\Administrators
>> Everyone
>> BUILTIN\Users
>> NT AUTHORITY\NETWORK
>> NT AUTHORITY\Authenticated Users
>> This Organization
>> SUNSHINE$
>> Domain Computers
>> Workstations-Promienista
>> Authentication authority asserted identity
>> Claims Valid
>> System Mandatory Level
>>
>> Below are links to images of the created GPO on google drive:
>> https://drive.google.com/file/d/1RzMFYtzRFRw0TYl2YJnpV7W-H__566xW/view?usp=sharing
>>
>> https://drive.google.com/file/d/1VHHgcRY4X6yZS6A28_Nb0ztq6y2VFry6/view?usp=sharing
>>
>> https://drive.google.com/file/d/1fcx1YNephjvzCSkCcFzFWo_Ut50FDvkP/view?usp=sharing
>>
>> https://drive.google.com/file/d/10f7h2OQ3Ok88TMTjmr2QiX3rN-uQKUr4/view?usp=sharing
>>
>>
>> Could somebody please help me find the problem?
>>
>> I also tried with a user policy
>> {7AE52791-EC45-43AA-8289-022DF5AB0AFC}, but it doesn't work too.
>>
>> Best regards,
>>
>> Olaf Frączyk
>>
>
More information about the samba
mailing list