Re: [Samba] GPOs not Working!
- Date: Tue, 6 Feb 2018 15:29:48 -0400
- From: Robert Marcano via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] GPOs not Working!
On 02/06/2018 03:20 PM, lingpanda101 via samba wrote:
On 2/6/2018 2:03 PM, Robert Marcano via samba wrote:
I think I understand a bit more. You are attempting to modify the
Security Filtering from Authenticated Users to a manually created group?
From my testing this for some reason does not work. At least for me.
GPO's will not apply. That doesn't mean I'm not able to apply machine
account GPO's though. Am I correct?
On 02/06/2018 02:52 PM, lingpanda101 via samba wrote:
Thanks for the information, to use a default GPO was a simple way to
try to encourage someone to reproduce the problem.
On 2/6/2018 1:42 PM, Robert Marcano via samba wrote:
I don't recommend modifying the default domain or default domain
controllers policy. Create separate ones and apply to either site or OU.
On 02/06/2018 01:44 PM, Micha Ballmann via samba wrote:
i have a testing environment, 2 DCs Ubuntu 18.04, SAMBA 4.7.4 - MIT
Kerberos (clean, not upgraded). I just wan to create/activating a
# Interactive logon: Do not require CTRL + ALT + DEL -> activate
# Interactive login: Do not displa last user name -> activate
These look like machine level GPO. See the output of
Mine say that machine based GPOs are not applied because of "Denied
(Security)" and the GPO is the default one (This is a test domain)
where the filter is for "Authenticated Users" and that include
Running Samba Version 4.7.4.
More details of the same problem (not solved) at this mailing list
When im activating this Policys (no errors or something like that)
I reboot two Domain Members (Windows 7). Still showing last
username and CTRL + ALT + DEL. Also typed "gpudate /force", didn't
help. Also rejoined the clients.
I configured the SYSVOL replication with this guide:
Tell me what information you need if isn't enough.
I hope you can help!
I already created new GPOs (this is a test domain) Using the default
filter for a new GPO, "Authenticated users", creating a new group for
the test clients and using that as the filter, checking it have the
right permissions (apply), checking every guide about applying GPO to
computers. Using OUs and using domain level GPOs.
What I find weird is that gpresult doesn't list the computer as a
member of groups I create, only a few predefined ones:
and something like "mandatory level of no trust" (Windows is not in
On my initial test I was just trying to set a computer level GPO, It
didn't work (on default GPO or new GPOs), I did not modified the default
filter that a GPO have. I created new GPOs, and new groups as a test if
some other configuration worked.
Another response just received say I should not call sysvolreset after
creating GPOs. I don't remember at what time I used sysvolreset trying
to make these GPOs to be applied, so I will need to test again.
To unsubscribe from this list go to the following URL and read the