Upgrading Win7-32 (connected to Samba as NT-PDC) to Win10 requires - disable HardenedUncPaths (MutualAuth & Integrity) - install NTVDM - enable LegacyConsole otherwise the logon-script in Netlogon does not run, even if samba.cnf contains "server max level = NT1" Is Samba as NT-PDC supposed to handle HardenedUncPaths? Did I miss that I should have enabled that somehow in smb.conf? Would Samba as AD-DC automatically work with HardenedUncPaths? The web pages currently mention only NT1, none of the other three requirements.
Hello Claus, I have an openSUSE with Samba 4.4.4-3.1-3676 as PDC. There is no AD running. We use roaming profiles. I upgraded 11 Machines to Windows 10 having lot's of trouble with the Startmenu and the Win10-Apps. I can confirm the logon-script isn't executed since the Windows-Upgrade. Nobody - even Microsoft - could ever answer my questions to have a working startmenu with Windows 10. So I would like to try "your" way with the netlogon. Could you please so kind to give me more specific instructions, how to disable UNC Paths (Registry?) and enable LegacyConsole? And are you sure you need NTVDM? Could be needed for logon-script, since these are mostly bat-files. Thanks, Alex 2016-07-21 18:11 GMT+02:00 Klaus Hartnegg <hartnegg at uni-freiburg.de>:> Upgrading Win7-32 (connected to Samba as NT-PDC) to Win10 requires > - disable HardenedUncPaths (MutualAuth & Integrity) > - install NTVDM > - enable LegacyConsole > otherwise the logon-script in Netlogon does not run, > even if samba.cnf contains "server max level = NT1" > > Is Samba as NT-PDC supposed to handle HardenedUncPaths? > Did I miss that I should have enabled that somehow in smb.conf? > > Would Samba as AD-DC automatically work with HardenedUncPaths? > > The web pages currently mention only NT1, none of the other three > requirements. > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Am 27.07.2016 um 13:18 schrieb Alex Winzer:> I can confirm the logon-script isn't executed > since the Windows-Upgrade. Nobody - even Microsoft - could ever answer my > questions to have a working startmenu with Windows 10.try this:> [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths] > "\\\\server\\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0"Replace server with the name of your DC. If you have more than one DC, enter one value for each server.
Then you talked to a stupid ms guy. Here you go, source. : https://support.microsoft.com/en-us/kb/3000483 Gr. Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Klaus Hartnegg > Verzonden: dinsdag 2 augustus 2016 9:47 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Win10 to Samba as NT- PDC needs 3 settings > > Am 27.07.2016 um 13:18 schrieb Alex Winzer: > > I can confirm the logon-script isn't executed > > since the Windows-Upgrade. Nobody - even Microsoft - could ever answer > my > > questions to have a working startmenu with Windows 10. > > try this: > > > > [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\Ha > rdenedPaths] > > > "\\\\server\\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0" > > Replace server with the name of your DC. > If you have more than one DC, enter one value for each server. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba