Hi In my network I have two DC Samba 4 and two File Server Samba 4 too. Shared directories are on a LUN presented to File Server (/ STORAGE). I'm network drive mapping in my domain with GPO and it work properly. However, some times, the drives aren't mapped. This way, I run GPUPDATE /FORCE command and some times I receive the following error: ' *Updating Policy ...The user policy could not be updated successfully. The following errors were found:Group Policy has not been processed. Windows was unable to apply registry-based policy settings to the LDAP Group Policy object: // CN = User, cn = {AFC65B84-867D-459D-9C0C-CBB3D511F086}, cn policies, cn = system, DC = company,DC = com, DC = br. Group Policy settings will not be resolved until this event is resolved. View the event details for more information about the name and path of the file that caused the failure.The following warnings were encountered when processing user policies:Windows failed to apply the Scripting settings. Perhaps the Scripts settings have their own log file. Click on the "More Information" link.The computer policy could not be updated successfully. The following errors were found:Group Policy has not been processed. Windows was unable to apply registry-based policy settings to the LDAP Group Policy object: // CN= Machine, CN = {31B2F340-016D-11D2-945F-00C04FB984F9}, CN = Policies, CN = System, DC = company, DC = com, DC = br. Group Policy settings will not be resolved until this event is resolved. View the event details for more information about the name and path of the file that caused the failure.The following warnings were encountered when processing computer policies:Windows failed to apply the Scripting settings. Perhaps the Scripts settings have their own log file. Click on the "More Information" link.Windows failed to apply the Group Policy Registry settings. The Group Policy Registry settings may have their own log file. Click on the "More Information" link.To diagnose the failure, review the event log or run GPRESULT / H GPReport.html from the command line to access information about Group Policy results.'* That way, I wait a while, run the command again and normally works. When generating the report with 'GPRESULT / H' I see error information for access denied or have an error code related to Windows Update (0x80070005). This does not make sense, as I execute the command a few minutes later and it works. On some computers I need to redo the GPUPDATE or even wait for the GPO to be applied alone. Given this, I would like to know if anyone would have any idea what could cause the problem reported here? Was it some dynamic port specific that the customer was using at that moment? It is not firewall blocking and I don't see (with tcpdump) communications problems between computer and DC. Regards, M?rcio Bacci
Looks like a "missing" right. Cause The issue was caused by insufficient permissions to access the source file on the network location. Although "Computer" part of Group Policy runs as a SYSTEM account, this applies to the target client computer, not the server where shared files are stored. Resolution Give Authenticated Users "Read-Only" access to the network share where source files are saved. Also change NTFS permissions if necessary. ! If you adjust your rights... do it from within windows.! ;-) Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Marcio Demetrio Bacci via samba > Verzonden: woensdag 1 juli 2020 0:03 > Aan: sambalist > Onderwerp: [Samba] Problems with GPO > > Hi > In my network I have two DC Samba 4 and two File Server Samba 4 too. > Shared directories are on a LUN presented to File Server (/ STORAGE). > I'm network drive mapping in my domain with GPO and it work properly. > However, some times, the drives aren't mapped. This way, I > run GPUPDATE > /FORCE command and some times I receive the following error: > ' > > > > > > > > > > *Updating Policy ...The user policy could not be updated > successfully. The > following errors were found:Group Policy has not been > processed. Windows > was unable to apply registry-based policy settings to the > LDAP Group Policy > object: // CN = User, cn = > {AFC65B84-867D-459D-9C0C-CBB3D511F086}, cn > policies, cn = system, DC = company,DC = com, DC = br. Group Policy > settings will not be resolved until this event is resolved. > View the event > details for more information about the name and path of the file that > caused the failure.The following warnings were encountered > when processing > user policies:Windows failed to apply the Scripting settings. > Perhaps the > Scripts settings have their own log file. Click on the "More > Information" > link.The computer policy could not be updated successfully. > The following > errors were found:Group Policy has not been processed. > Windows was unable > to apply registry-based policy settings to the LDAP Group > Policy object: // > CN= Machine, CN = {31B2F340-016D-11D2-945F-00C04FB984F9}, CN > = Policies, CN > = System, DC = company, DC = com, DC = br. Group Policy > settings will not > be resolved until this event is resolved. View the event > details for more > information about the name and path of the file that caused > the failure.The > following warnings were encountered when processing computer > policies:Windows failed to apply the Scripting settings. Perhaps the > Scripts settings have their own log file. Click on the "More > Information" > link.Windows failed to apply the Group Policy Registry > settings. The Group > Policy Registry settings may have their own log file. Click > on the "More > Information" link.To diagnose the failure, review the event log or run > GPRESULT / H GPReport.html from the command line to access information > about Group Policy results.'* > > That way, I wait a while, run the command again and normally works. > When generating the report with 'GPRESULT / H' I see error > information for > access denied or have an error code related to Windows Update > (0x80070005). > This does not make sense, as I execute the command a few > minutes later and > it works. On some computers I need to redo the GPUPDATE or > even wait for > the GPO to be applied alone. > > Given this, I would like to know if anyone would have any > idea what could > cause the problem reported here? > > Was it some dynamic port specific that the customer was using at that > moment? > > It is not firewall blocking and I don't see (with tcpdump) > communications > problems between computer and DC. > > Regards, > > M?rcio Bacci > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Hi L.P.H van Belle, Thanks for your answer. But, Is that domain users already have read permission on the share's root folder. So, is it still necessary to grant read access to authenticated users too? Regards, M?rcio Bacci Em qua., 1 de jul. de 2020 ?s 04:34, L.P.H. van Belle <belle at bazuin.nl> escreveu:> Looks like a "missing" right. > > Cause > The issue was caused by insufficient permissions to access the source file > on the network location. > Although "Computer" part of Group Policy runs as a SYSTEM account, this > applies to the target client computer, > not the server where shared files are stored. > > Resolution > Give Authenticated Users "Read-Only" access to the network share where > source files are saved. > Also change NTFS permissions if necessary. > > ! If you adjust your rights... do it from within windows.! ;-) > > > Greetz, > > Louis > > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Marcio Demetrio Bacci via samba > > Verzonden: woensdag 1 juli 2020 0:03 > > Aan: sambalist > > Onderwerp: [Samba] Problems with GPO > > > > Hi > > In my network I have two DC Samba 4 and two File Server Samba 4 too. > > Shared directories are on a LUN presented to File Server (/ STORAGE). > > I'm network drive mapping in my domain with GPO and it work properly. > > However, some times, the drives aren't mapped. This way, I > > run GPUPDATE > > /FORCE command and some times I receive the following error: > > ' > > > > > > > > > > > > > > > > > > > > *Updating Policy ...The user policy could not be updated > > successfully. The > > following errors were found:Group Policy has not been > > processed. Windows > > was unable to apply registry-based policy settings to the > > LDAP Group Policy > > object: // CN = User, cn > > {AFC65B84-867D-459D-9C0C-CBB3D511F086}, cn > > policies, cn = system, DC = company,DC = com, DC = br. Group Policy > > settings will not be resolved until this event is resolved. > > View the event > > details for more information about the name and path of the file that > > caused the failure.The following warnings were encountered > > when processing > > user policies:Windows failed to apply the Scripting settings. > > Perhaps the > > Scripts settings have their own log file. Click on the "More > > Information" > > link.The computer policy could not be updated successfully. > > The following > > errors were found:Group Policy has not been processed. > > Windows was unable > > to apply registry-based policy settings to the LDAP Group > > Policy object: // > > CN= Machine, CN = {31B2F340-016D-11D2-945F-00C04FB984F9}, CN > > = Policies, CN > > = System, DC = company, DC = com, DC = br. Group Policy > > settings will not > > be resolved until this event is resolved. View the event > > details for more > > information about the name and path of the file that caused > > the failure.The > > following warnings were encountered when processing computer > > policies:Windows failed to apply the Scripting settings. Perhaps the > > Scripts settings have their own log file. Click on the "More > > Information" > > link.Windows failed to apply the Group Policy Registry > > settings. The Group > > Policy Registry settings may have their own log file. Click > > on the "More > > Information" link.To diagnose the failure, review the event log or run > > GPRESULT / H GPReport.html from the command line to access information > > about Group Policy results.'* > > > > That way, I wait a while, run the command again and normally works. > > When generating the report with 'GPRESULT / H' I see error > > information for > > access denied or have an error code related to Windows Update > > (0x80070005). > > This does not make sense, as I execute the command a few > > minutes later and > > it works. On some computers I need to redo the GPUPDATE or > > even wait for > > the GPO to be applied alone. > > > > Given this, I would like to know if anyone would have any > > idea what could > > cause the problem reported here? > > > > Was it some dynamic port specific that the customer was using at that > > moment? > > > > It is not firewall blocking and I don't see (with tcpdump) > > communications > > problems between computer and DC. > > > > Regards, > > > > M?rcio Bacci > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > >
yes, due user SYSTEM SYSTEM is NOT in "Domain Users"? but its an Autenticated user. ? ? Greetz, ? Louis ? Van: Marcio Demetrio Bacci [mailto:marciobacci at gmail.com] Verzonden: woensdag 1 juli 2020 16:07 Aan: L.P.H. van Belle CC: samba at lists.samba.org Onderwerp: Re: [Samba] Problems with GPO Hi L.P.H van Belle, Thanks for your answer. But, Is that domain users already have read permission on the share's root folder. So, is it still necessary to grant read access to authenticated users too? Regards, M?rcio Bacci Em qua., 1 de jul. de 2020 ?s 04:34, L.P.H. van Belle <belle at bazuin.nl> escreveu: Looks like a "missing" right. Cause The issue was caused by insufficient permissions to access the source file on the network location. Although "Computer" part of Group Policy runs as a SYSTEM account, this applies to the target client computer, not the server where shared files are stored. Resolution Give Authenticated Users "Read-Only" access to the network share where source files are saved. Also change NTFS permissions if necessary. ! If you adjust your rights... do it from within windows.!? ;-) Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Marcio Demetrio Bacci via samba > Verzonden: woensdag 1 juli 2020 0:03 > Aan: sambalist > Onderwerp: [Samba] Problems with GPO > > Hi > In my network I have two DC Samba 4 and two File Server Samba 4 too. > Shared directories are on a LUN presented to File Server (/ STORAGE). > I'm network drive mapping in my domain with GPO and it work properly. > However, some times, the drives aren't mapped. This way, I > run GPUPDATE > /FORCE command and some times I receive the following error: > ' > > > > > > > > > > *Updating Policy ...The user policy could not be updated > successfully. The > following errors were found:Group Policy has not been > processed. Windows > was unable to apply registry-based policy settings to the > LDAP Group Policy > object: // CN = User, cn = > {AFC65B84-867D-459D-9C0C-CBB3D511F086}, cn > policies, cn = system, DC = company,DC = com, DC = br. Group Policy > settings will not be resolved until this event is resolved. > View the event > details for more information about the name and path of the file that > caused the failure.The following warnings were encountered > when processing > user policies:Windows failed to apply the Scripting settings. > Perhaps the > Scripts settings have their own log file. Click on the "More > Information" > link.The computer policy could not be updated successfully. > The following > errors were found:Group Policy has not been processed. > Windows was unable > to apply registry-based policy settings to the LDAP Group > Policy object: // > CN= Machine, CN = {31B2F340-016D-11D2-945F-00C04FB984F9}, CN > = Policies, CN > = System, DC = company, DC = com, DC = br. Group Policy > settings will not > be resolved until this event is resolved. View the event > details for more > information about the name and path of the file that caused > the failure.The > following warnings were encountered when processing computer > policies:Windows failed to apply the Scripting settings. Perhaps the > Scripts settings have their own log file. Click on the "More > Information" > link.Windows failed to apply the Group Policy Registry > settings. The Group > Policy Registry settings may have their own log file. Click > on the "More > Information" link.To diagnose the failure, review the event log or run > GPRESULT / H GPReport.html from the command line to access information > about Group Policy results.'* > > That way, I wait a while, run the command again and normally works. > When generating the report with 'GPRESULT / H' I see error > information for > access denied or have an error code related to Windows Update > (0x80070005). > This does not make sense, as I execute the command a few > minutes later and > it works. On some computers I need to redo the GPUPDATE or > even wait for > the GPO to be applied alone. > > Given this, I would like to know if anyone would have any > idea what could > cause the problem reported here? > > Was it some dynamic port specific that the customer was using at that > moment? > > It is not firewall blocking and I don't see (with tcpdump) > communications > problems between computer and DC. > > Regards, > > M?rcio Bacci > -- > To unsubscribe from this list go to the following URL and read the > instructions:? https://lists.samba.org/mailman/options/samba > >