Hello, i have a testing environment, 2 DCs Ubuntu 18.04, SAMBA 4.7.4 - MIT Kerberos (clean, not upgraded). I just wan to create/activating a simple GPOs. # Interactive logon: Do not require CTRL + ALT + DEL -> activate # Interactive login: Do not displa last user name -> activate When im activating this Policys (no errors or something like that) nothing happend. I reboot two Domain Members (Windows 7). Still showing last username and CTRL + ALT + DEL. Also typed "gpudate /force", didn't help. Also rejoined the clients. I configured the SYSVOL replication with this guide: https://wiki.samba.org/index.php/Rsync_based_SysVol_replication_workaround Tell me what information you need if isn't enough. I hope you can help! Thanks Micha
On 2/6/2018 12:44 PM, Micha Ballmann via samba wrote:> Hello, > > i have a testing environment, 2 DCs Ubuntu 18.04, SAMBA 4.7.4 - MIT > Kerberos (clean, not upgraded). I just wan to create/activating a > simple GPOs. > > # Interactive logon: Do not require CTRL + ALT + DEL -> activate > > # Interactive login: Do not displa last user name -> activate > > When im activating this Policys (no errors or something like that) > nothing happend. > > I reboot two Domain Members (Windows 7). Still showing last username > and CTRL + ALT + DEL. Also typed "gpudate /force", didn't help. Also > rejoined the clients. > > I configured the SYSVOL replication with this guide: > > https://wiki.samba.org/index.php/Rsync_based_SysVol_replication_workaround > > > Tell me what information you need if isn't enough. > > I hope you can help! > > Thanks > > Micha > > >Run gpresult /H GPReport.html on the client via. a command line. Open GPReport.html and see if the GPO's are actually being applied. Note any errors. -- -- James
As well, is the computer in the correct OU to receive the GPO? And is there a LOCAL GPO that is blocking the domain-based GPO from applying? The GPReport.html file should show you what is being applied, then you can trace WHAT GPOs are being applied and which entries are "winning" if there is a conflict. On Tue, Feb 6, 2018 at 10:09 AM, lingpanda101 via samba < samba at lists.samba.org> wrote:> On 2/6/2018 12:44 PM, Micha Ballmann via samba wrote: > >> Hello, >> >> i have a testing environment, 2 DCs Ubuntu 18.04, SAMBA 4.7.4 - MIT >> Kerberos (clean, not upgraded). I just wan to create/activating a simple >> GPOs. >> >> # Interactive logon: Do not require CTRL + ALT + DEL -> activate >> >> # Interactive login: Do not displa last user name -> activate >> >> When im activating this Policys (no errors or something like that) >> nothing happend. >> >> I reboot two Domain Members (Windows 7). Still showing last username and >> CTRL + ALT + DEL. Also typed "gpudate /force", didn't help. Also rejoined >> the clients. >> >> I configured the SYSVOL replication with this guide: >> >> https://wiki.samba.org/index.php/Rsync_based_SysVol_replicat >> ion_workaround >> >> Tell me what information you need if isn't enough. >> >> I hope you can help! >> >> Thanks >> >> Micha >> >> >> >> Run gpresult /H GPReport.html on the client via. a command line. Open > GPReport.html and see if the GPO's are actually being applied. Note any > errors. > > -- > -- > James > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 02/06/2018 01:44 PM, Micha Ballmann via samba wrote:> Hello, > > i have a testing environment, 2 DCs Ubuntu 18.04, SAMBA 4.7.4 - MIT > Kerberos (clean, not upgraded). I just wan to create/activating a simple > GPOs. > > # Interactive logon: Do not require CTRL + ALT + DEL -> activate > > # Interactive login: Do not displa last user name -> activateThese look like machine level GPO. See the output of gpresult /v Mine say that machine based GPOs are not applied because of "Denied (Security)" and the GPO is the default one (This is a test domain) where the filter is for "Authenticated Users" and that include machine accounts. Running Samba Version 4.7.4. More details of the same problem (not solved) at this mailing list post https://lists.samba.org/archive/samba/2018-January/213333.html> > When im activating this Policys (no errors or something like that) > nothing happend. > > I reboot two Domain Members (Windows 7). Still showing last username and > CTRL + ALT + DEL. Also typed "gpudate /force", didn't help. Also > rejoined the clients. > > I configured the SYSVOL replication with this guide: > > https://wiki.samba.org/index.php/Rsync_based_SysVol_replication_workaround > > Tell me what information you need if isn't enough. > > I hope you can help! > > Thanks > > Micha > > >
On 2/6/2018 1:42 PM, Robert Marcano via samba wrote:> On 02/06/2018 01:44 PM, Micha Ballmann via samba wrote: >> Hello, >> >> i have a testing environment, 2 DCs Ubuntu 18.04, SAMBA 4.7.4 - MIT >> Kerberos (clean, not upgraded). I just wan to create/activating a >> simple GPOs. >> >> # Interactive logon: Do not require CTRL + ALT + DEL -> activate >> >> # Interactive login: Do not displa last user name -> activate > > > These look like machine level GPO. See the output of > > gpresult /v > > Mine say that machine based GPOs are not applied because of "Denied > (Security)" and the GPO is the default one (This is a test domain) > where the filter is for "Authenticated Users" and that include machine > accounts. > > Running Samba Version 4.7.4. > > More details of the same problem (not solved) at this mailing list > post https://lists.samba.org/archive/samba/2018-January/213333.html > >> >> When im activating this Policys (no errors or something like that) >> nothing happend. >> >> I reboot two Domain Members (Windows 7). Still showing last username >> and CTRL + ALT + DEL. Also typed "gpudate /force", didn't help. Also >> rejoined the clients. >> >> I configured the SYSVOL replication with this guide: >> >> https://wiki.samba.org/index.php/Rsync_based_SysVol_replication_workaround >> >> >> Tell me what information you need if isn't enough. >> >> I hope you can help! >> >> Thanks >> >> Micha >> >> >> > >I don't recommend modifying the default domain or default domain controllers policy. Create separate ones and apply to either site or OU. -- -- James