On 18/07/2019 16:54, Jonathan Hunter via samba wrote in https://lists.samba.org/archive/samba/2019-July/224494.html:> For now I'm basically bumbling along without working GPOs :(If you run multiple windows systems, you should not -- definitely. GPOs are really handy to enforce security policies on Windows systems. E.g. I am using GPO to enforce - Screen saver lock with passwords (physical systems only) - SMB3 (encryption) - Enforcing DNS lookups rather than NETBIOS lookups - Bitlocker keys in AD - Enabling winrm - Event subscriptions for my backup solution (backup servers only) - Disable OneDrive and Cortana Obviously your choice may vary, but applying policies consistently without GPOs is just tedious. I?d be interested what other policies others are using? Joachim Lindenberg