Web lists-archives.com

Re: [Samba] Windows ACL clarification for Roaming Profiles share




On Fri, 17 Feb 2017 07:58:58 +0100
Marc Muehlfeld <mmuehlfeld@xxxxxxxxx> wrote:

> Am 16.02.2017 um 17:27 schrieb Rowland Penny via samba:
> 
> > However, SYSTEM is used in sysvol and Windows expects it.
> 
> Clients, who are accessing the share, do not require it to be set on
> the local filesystem the share uses on the server, because SYSTEM is
> a local principal on each host (in this case, the DC that hosts the
> sysvol share).
> 
> The sysvol share works also if you remove the SYSTEM principal. The
> principal is used, as everywhere else, to enable e. g. local services
> that use the SYSTEM account, to access the content on the local file
> system. That's why it is usually added to file system ACLs everywhere
> on Windows, but it's nothing Windows expects nor requires.
> 
> For this reason, if you remove SYSTEM from the Sysvol's file system
> ACLs, the share works completely the same. Regardless if you do this
> on a Windows or on a Samba DC.
> 

So, I give you a link to a Microsoft page that shows what accounts are
required for the profiles share and you choose to ignore it ????

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba