Re: [Samba] GPO administration right on the station for ordinary user
- Date: Tue, 4 Apr 2017 08:21:48 +0200
- From: "L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] GPO administration right on the station for ordinary user
Well first, no you did nothing wrong here.
This was fine when you wrote it, but after the BadLock Bug,
Microsoft change the way some policies are applied.
A good explaination here.
> -----Oorspronkelijk bericht-----
> Van: Marc Muehlfeld [mailto:mmuehlfeld@xxxxxxxxx]
> Verzonden: maandag 3 april 2017 17:22
> Aan: L.P.H. van Belle; samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] GPO administration right on the station for
> ordinary user
> Hi Louis,
> Am 03.04.2017 um 17:01 schrieb L.P.H. van Belle via samba:
> > But thats missing info.. :-(
> > Maybe its also a good thing to add just after the first picture on the
> > That the security filter on the GPO MUST have "authenticated users" or
> Domain computer group.
> > You decide.
> thanks for bringing this up. I will verify this later.
> I'm 85% sure, I never set a security filter on GPOs. On the other side,
> it's more than 2 years ago that I wrote this doc and even longer that I
> implemented restricted groups in a production AD. So it's possible that
> I'm wrong. :-)
> I looked at some other guides online that describe restricted groups,
> but none (incl. the one you posted in this thread) tells about changing
> the default filter settings.
> Why do I need this filter and what happens if I don't set it?
To unsubscribe from this list go to the following URL and read the