Thank you for your suggestion, I read the whole discussion.
My situation is little bit different - my machine policy works, but it
stops working once I remove Apply permission from Authenticated Users and
replace it with Read and Apply permission for Domain Computers.
Group Policy Results in RSAT shows Reason Denied: Access Denied (Security
Filtering) for affected computer.
The same result I get with command gpresult /Z /SCOPE COMPUTER:
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Import CA Certificates
Filtering: Denied (Security)
I don't understand why Domain Computers group is not enough...
Michal
2018-08-14 19:27 GMT+02:00 Rowland Penny via samba <samba at
lists.samba.org>:
> On Tue, 14 Aug 2018 19:07:29 +0200
> Michal Sládek via samba <samba at lists.samba.org> wrote:
>
> > Hi all!
> >
> > I have a AD domain based on Samba 4.7.6.I created a group policy that
> > installs CA certificate as trusted root CA.
> >
> > The policy works when security filtering is set to Authenticated
> > Users. But when I remove Apply permission of Authenticated Users in
> > Delegation tab (Read permission remains) and add Domain Computers to
> > Security Filtering, policy is not applied anymore.
> >
> > I am a newbe in AD but I thought, that Read and Apply permissions for
> > Domain Computers should be enough if the policy changes computer
> > configuration only. Is that assumption wrong? Or should I look futher
> > for a problem in my Samba configuration?
> >
> > I don't get any errors on my workstation when running
> > gpupdate /force, the policy is just not applied.
> >
> > Any help would be appreciated!
> >
> > Michal
>
> Reading this thread might help:
>
> https://lists.samba.org/archive/samba/2018-February/213656.html
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>