Web lists-archives.com

Re: [Samba] Problem sysvolreset




On Tue, 21 Mar 2017 17:09:22 +0100
"L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx> wrote:

> Hai, 
> 
>  
> 
> Here you go my output of the R2008R2. (64bit)
> 
>  
> 
> 1) original GPO from the install ( the domain controller policy ) 
> 
> Path   :
> Microsoft.PowerShell.Core\FileSystem::C:\Windows\SYSVOL\domain\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}
> 
> Owner  : BUILTIN\Administrators
> 
> Group  : NT AUTHORITY\SYSTEM
> 

This is the same as what I found, the default policies get the above
ownership.

> 
> 2) and just now created GPO, didnt touch it at al. 
> 
> Path   :
> Microsoft.PowerShell.Core\FileSystem::C:\Windows\SYSVOL\domain\Policies\{EDC26216-625D-42D7-8443-9003D427DEF5}
> 
> Owner  : ROTTERDAM\Domain Admins
> 
> Group  : ROTTERDAM\Domain Admins
> 
> Access : CREATOR OWNER Allow  FullControl
> 
>          NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Allow
> ReadAndExecute, Synchronize
> 
>          NT AUTHORITY\Authenticated Users Allow  ReadAndExecute,
> Synchronize
> 
>          NT AUTHORITY\SYSTEM Allow  FullControl
> 
>          ROTTERDAM\Domain Admins Allow  FullControl
> 
>          ROTTERDAM\Enterprise Admins Allow  FullControl
> 
> Audit  :
> 
> Sddl   :
> O:DAG:DAD:PAI(A;OICIIO;FA;;;CO)(A;OICI;0x1200a9;;;ED)(A;OICI;0x1200a9;;;AU)(A;OICI;FA;;;SY)(A;OICI;FA;;;DA)(A;OICI;FA;;;EA)

Now do you believe me when I say Domain Admins shouldn't have a
gidNumber ?

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba